ISO 14001 Certification: Are You Ready?

Well, you did it. It took five years, but you finally convinced your company's senior managers that getting third-party certification to one of the ISO 9000 quality management system standards was the right thing to do.

While you may not be able to prove that the certification directly reflected your company's ability to procure contracts and/or customers, you and your senior managers are fairly certain that the internal benefits greatly exceed the price of having a yearly audit.

Armed with this information, you head into the executive corridor to obtain senior-level commitment for third-party certification to the newly developed environmental management standard-ISO 14001. But you can count on the following challenges to your proposal.
Why should we seek certification?
What benefits can our organization expect from certification?
How much will certification cost?
Who will do the work?
How do we go about obtaining certification?


For the past six issues, we've provided you with practical implementation advice, such as auditing tips, integration strategies, legal pitfalls and environmental-aspects identification techniques that we've collected from publishing ISO 14000 products. Now we'll finish that series with an article on the pinnacle of implementation-certification.

Regarding ISO management standards, the term certification is synonymous with registration in the United States. Registrars are also certification bodies. Because certification has legal connotations in the United States that are associated with products, the term registration prevails here. But it might be worthwhile to use certification because it is the term most accepted worldwide, where you may be conducting business.

Who's becoming certified and why?
You know that certification is becoming an important issue when companies such as IBM, 3M, Ford Motor, Sony, Canon, SGS-Thomson MicroElectronics and Philips Components acknowledge the benefits related to certification. These companies are among some 400 companies and sites around the world to become certified to ISO 14001, BS 7750-the British EMS standard-and/or the European Eco-Management and Audit Scheme-an ISO 14001 lookalike.

While it's too early in the process to determine what benefits a certified company will reap, it's fair to say that the potential is unlimited. An Apple Computer environmental health & safety division conducted a survey of 99 companies the latter part of 1995, revealing several key drivers of EMS implementation and certification. Respondents included representatives from the electronics, manufacturing, pharmaceutical and engineering/consulting fields. Many companies are now adopting an environmental management system for the following reasons:
Ease of trade-International standards obviate the need for and proliferation of national and regional standards likely to hinder trade by erecting barriers, bureaucratic complexity and redundancy.
Improve compliance with legislative and regulatory requirements-This includes requirements that make public certain information relating to environmental performance.
Credibility-Third-party certification ensures a company's credibility and commitment to regulatory compliance and its continuous, institutional focus on environmental protection.
Reduce liability/risk.
Regulatory incentives-Organizations can take advantage of incentives that reward companies showing environmental leadership through certified compliance with an EMS.
Sentencing mitigation-It is likely that federal and state sentencing guidelines will accept a corporate EMS as a way to levy individual and corporate fines.
Prevent pollution and reduce waste.
Profit-Customers-from consumers to governments-are preferring to purchase "green" products, but want assurances they are green.
Improved internal management methods-and the improvements in efficiency and savings that result.
Pressure from shareholder groups-They are more likely than ever to look for environmental responsibility in investments and financial reports.
Pressure from environmentalists (and stockholders)-They bring a raft of legal precedents to bear on companies they consider poor environmental players.
Community goodwill.
A high-quality work force-They seek empowerment and involvement in addition to healthy and safe working conditions.
Insurance-Insurance companies are less willing to issue coverage for incidents of pollution unless the firm requesting coverage has a proven environmental management system in place.
Sustainable development-Management standards will become a steppingstone for less-developed countries to begin achieving an equivalent level of environmental protection found in neighboring countries. Because management standards require considerably fewer resources to implement, less-developed countries can reap the benefits of more focused and organized environmental protection activities. Over time, as their economies grow in concert with environmental regulations, they can acquire appropriate technologies to maximize environmental protection.
Preference in bank loans-Some institutions, such as the World Bank, may view ISO 14000 as a test of a country's sincerity in its promotion of environmental protection and sustainable development.

Certification scope
Many organizations that implemented the ISO 9001 quality management system specification standard at the departmental and sometimes individual process levels are rethinking this approach when it comes to ISO 14001 certification, according to Joseph Cascio, vice president of EMS for the Global Environment and Technology Foundation and former program director for Environment, Health and Safety Standardization at IBM. He says the ISO 9000 certification approach caused a proliferation of expensive and disruptive certifications brought on by multiple certifications at one site-which were fueled by multiple registrars performing individual audits. He vows that ISO 14001 certification is different.

Registration to ISO 14001 should be more refined because organizations learned their lesson and don't want to repeat their mistakes, explains Cascio, who is also chairman of the U.S. Technical Advisory Group to ISO TC 207, which developed the standard. Most organizations considering ISO 14001 certification are doing so at the "highest subunit level that fits the logical and physical realities of their firms," he notes.

"ISO 14001 allows total freedom in defining the 'organizational' unit seeking certification," explains Cascio. "As specified in ISO 14001, virtually any organized business activity, such as companies, departments, plants, divisions, construction sites, refineries, mines, branch offices, administration centers, schools, banks, restaurants, fire houses and mills, can be considered 'organizations' capable of implementing an environmental management system."

Experts agree that many considerations must be weighed in choosing the proper unit for certification, but most agree the logical option for larger companies should be an individual location.

However, the majority of small and medium-sized companies will want to pursue certification at the company level. A single company registration may make sense for multinational companies, but only if they are committed "to bringing all operations into line with the environmental ethic and to involve the corporate office in management reviews," says Cascio. "Individual processes and operations within a location will seldom qualify as organizational entities because environmental protection must normally be assured at a location basis for regulatory authorities."

Certification process
Elizabeth Potts, president of ABS Evaluations, an ISO 9000/ISO 14000 registration organization, explains that the five basic steps to registration include:
Application or contract.
Initial or preliminary assessment/document review.
Certification assessment.
Certification.
Certification maintenance.


Each step depends on the success of the others. She says most certification bodies will require that an application or contract be completed. This document contains the rights and obligations of the certification body and audited organization.

"Although the organization's compliance management will be one of many subjects the audit will address, the certification body is not there to assess your compliance with individual regulatory documents and requirements," explains Potts. "The certification body will assess how your organization ensures that all applicable regulatory requirements are identified and incorporated into the EMS and how well the EMS is functioning."

The compliance-related segment of the audit focuses on the system and how it functions to satisfy the compliance commitment of its policy and compliance objectives and targets of your organization.

The compliance segment of the audit won't focus on whether each regulatory requirement complies fully. Any compliance issues noted during the audit will be brought to your organization's attention as part of the assessment. Regulatory compliance auditing responsibility remains with the organization being audited.

Initial or preliminary assessment
The next step in the certification process is the initial or preliminary assessment and document review. Most certification bodies will wish to conduct this phase of the certification process on-site, according to Potts.

The following documents are typically reviewed during this phase of the process:
The EMS manual (if your organization has chosen to develop one).
Analysis of environmental aspects and impacts.
Applicable regulatory requirements.
Audit reports.
Organization charts.
Training programs.
Management review minutes.
Your organization's continual improvement plans.


While this part of the certification process evaluates your organization's readiness to continue with a formal audit, it also helps the certification body plan the audit. In contrast to internal or second-party audits, the certification body cannot (and should not) provide substantive guidance on how to achieve conformity with ISO 14001.

"In other words, the certification body cannot be both a consultant and a certification body, as this clearly constitutes a conflict of interest," stresses Potts. "The certification body can and should, however, provide your organization with interpretive guidance by openly engaging in discussions about these concerns."

A certification assessment normally follows a successful initial assessment/document review. Usually, the primary difference between this assessment and internal audits is the "formality" of the assessment. "Your organization should expect the same independence, competence and professionalism of the lead auditor and audit team during a certification assessment as during an internal audit," notes Potts.

"To assess whether an EMS is in conformity with ISO 14001 and has been fully implemented and documented in manuals, supporting procedures and other records, all levels of personnel will be interviewed," explains Potts. "Your organization must be able to demonstrate that the EMS is designed (and implemented) to satisfy its policy commitments and the various ISO 14001 criteria. Most certification bodies conduct a daily debriefing with your organization to keep key individuals informed of progress and any apparent deficiencies noted."

A major difference between third-party ISO 14001 certification and internal EMS audits appears in the final phase of certification-surveillance. Teams from the certification body will return at prescribed intervals, usually every six or 12 months, to assess the continued conformity of your organization's EMS with ISO 14001.

"Corrections of deficiencies identified by previous assessments or surveillances will be verified, and selected elements of the standard will be re-evaluated," notes Potts. "During the surveillance phase, emphasis is typically placed on internal EMS audits, management reviews, corrective/preventive action systems and continual improvement efforts."

No shortage of registrars
Finding a registrar to assess your organization shouldn't be difficult. In fact, it's possible to use the same registrar for both ISO 9000 and ISO 14001 services. What you should be more concerned with is how much registration will cost and how you can cut costs.

Some experts estimate that certification costs could range from $30,000 to $100,000 per site, depending on the organization's size and nature. Registration costs are expected to be similar to those associated with ISO 9000, with some monetary credit given to companies with certified quality management systems already in place. Steven Bold, manager of the environmental compliance group for Continental Circuits Corp., says his medium-sized company expects to initially invest close to $100,000 in the certification process-approximately $40,000 in software and $60,000 in labor costs associated with implementation and preassessments.

"We employ about 12,000 employees and have close to $120 million in annual sales, and are fortunate that we have both the financial and human resources to commit to our ISO 14001 certification process," explains Bold. "For the majority of electronic circuit manufacturers, the decision to become ISO 14001-certified is considerably more difficult.

"The growing pressure to become ISO 14001-certified threatens their bottom line, and some feel that it threatens their very existence. Some companies have stated that they may have to hire additional employees just to manage the ISO certification process."

For most small companies, the stacking of additional layers of environmental control on top of current regulatory requirements is seen as burdensome, according to Bold. "Once certified, organizations may be forced to pass certification costs on to customers, which may result in customers turning elsewhere, possibly overseas, to purchase their electronic interconnectors," he warns.

Cascio disagrees with Bold and says certification costs should be reasonable, noting that in March and April 1996, two IBM facilities in Germany and the United Kingdom received certification to ISO 14001 and EMAS at an estimated cost of $30,000 per facility.

SGS-Thomson experience
In early January 1996, SGS-Thomson MicroElectronics Inc., located in San Diego, became the first U.S. site registered to the most recent draft of ISO 14001. The certification cost was $100,000, give or take 10 to 20 percent. While obtaining its ISO 14001 registration, the company also contracted to have the site assessed against the requirements of the EMAS regulation. As part of a corporatewide mandate, all 16 SGS-Thomson facilities located in the United States, Europe, Southeast Asia and Northern Africa will be validated for EMAS and/or certified to ISO 14001 by the end of 1997. Several SGS-Thomson facilities also are certified to ISO 9000 quality management systems and receive both corporate and third-party assessment regularly.

The facility's ISO 14001 certificate to the DIS will expire on the date the International Organization for Standardization prints ISO 14001 as an official ISO standard, which is expected to happen in late 1996. If no substantive changes are made to the ISO 14001 international standard, the facility's certificate will be updated automatically. However, if significant changes are made, the organization could be subject to another assessment.

Patrick Hoy, the site environmental manager for SGS-Thomson's Rancho Bernardo facility, was responsible for preparing the facility for the EMAS verification and ISO 14001 certification audits. Hoy used experience gained from the company's ISO 9001 quality management system to develop an implementation plan for both EMAS and ISO 14001.

"The key to any environmental management system is the mechanism employed for identifying aspects and impacts associated with a company's processes, products and services," explains Hoy. To prepare for the EMAS formal assessment, the Rancho Bernardo facility followed the failure-mode-and-effect analysis corporate standard developed for assessing the potential significance of each environmental effect identified.

As part of the corporate standard, Hoy and his team reviewed regulations that applied to the facility, pending environmental legislation, corporate requirements and media-specific permitting conditions.

"We examined potential impacts associated with water, air, hazardous waste, solid waste, soil and groundwater, energy, chemical management, external noise, raw materials, new product processes, product planning and emergency response planning," he reports.

Hoy ranked each impact according to its significance and where it appeared on the corporate list of overall environmental effects. He notes that the facility compiles a list or register of potential environmental impacts and makes it available to the public through its annual environmental statement.

What does the future hold?
As the official publication date of the ISO 14001 standard draws closer, with some predicting middle to late October 1996, more facilities will "get off the fence" and seek certification. Lucent Technologies, Akzo Nobel and Toyota are among those expected to join the registration movement, certifying multiple sites around the world. Clearly, multinational companies will lead the ISO 14001-certification movement, with small and medium-sized companies following closely behind.

What next? We'll all just have to take a seat and see what happens with the market. It's possible, but highly unlikely, that ISO 14001 will simply be implemented as an internal tool. Most likely, state and federal regulators will begin using the certification process in regulatory incentives for companies tired of the command-and-control process.

Presently, key regulatory bodies in some two-dozen states, including Pennsylvania, California, Wisconsin, Minnesota and Massachusetts, are taking steps to use the ISO 14001-certification process to increase environmental protection.

While we could not predict all of your ISO 14001 implementation and certification questions, in this series we strove to anticipate key concerns. Now, the decision to pursue this subject is yours-we provided you with what we hope is a useful source of information to move forward. Armed with this information, you can feel confident that, when you turn that knob to the vice president's office, you won't be alone. Good luck.

About the authors
Caroline G. Hemenway is publisher of CEEM Information Services in Fairfax, Virginia. Gregory J. Hale is associate editor of International Environmental Systems Update, a monthly newsletter on ISO 14000 developments and implications.

CEEM publishes IESU and several other ISO 14000 and management systems products. For more information, contact CEEM at (800) 745-5565 or (703) 250-5900; fax (703) 250-4117.