INTEGRATED MANAGEMENT SYSTEM

CONTENTS PAGE

1. An Overview & Common Requirements 2-3

2. Key Requirements of ISO 9001 4-7

3. ISO 14001 & The Key Requirements 8-12

4. OHSAS 18001 & The Key Requirements 13-15

5. Do’s & Don’ts During an External ISO Audit 16

Pg 1 of 16
INTEGRATED MANAGEMENT SYSTEM

AN OVERVIEW OF INTEGRATED MANAGEMENT SYSTEM (IMS)

The IMS comprises the following standards:

1. ISO 9001:2000 (Quality Management System)

2. ISO 14001:1996 (Environmental Management System)

3. OHSAS 18001:1999 (Occupational Health & Safety Management System)

All 3 standards have a similar structure which enables integration. Many requirements within
ISO 14001 & OHSAS 18001 are very similar.

COMMON IMS REQUIREMENTS:

1. The IMS covers all activities of the organisation from operations to support activities.
Eg. from tendering to execution to handover of completed works to defects liability
stage.

2. Management Commitment must be apparent.

3. Process Planning – identify key processes, monitor and manage key processes.
Implement process approach and PDCA (Plan-Do-Check-Act) cycles.

4. Data Collection & Analysis - of data pertaining to customers, suppliers, product &
process, impact and risk analysis. This enables top management to make effective
decisions based on analysis of the data.

5. Emphasis on Performance Improvement & Continual Improvement.

Pg 2 of 16
INTEGRATED MANAGEMENT SYSTEM

COMMON EMS & OHS REQUIREMENTS

1. Compliance with legislations and regulatory requirements, especially in the realm of

environmental protection and OHS.

2. Take steps to control and manage those significant aspects / hazards or risks. For
example:
- Establish Env/OHS management programmes
- Set Env/OHS objectives and targets to reduce impact and risks
- Determine the operation control measures to eliminate / prevent / mitigate
these impacts and risks

3. Establish operation controls for the activities to ensure that they are carried out under
controlled conditions:
- Operating criteria
- Procedures / work instructions
- Monitoring of these processes

4. Have procedures to deal with emergency situations (eg. accidents / incidents,

spillages, etc). Commonly known as “Emergency Preparedness & Response”
procedures.

5. Training of people involved to make them aware of environmental impacts, hazards

and risks in relation to their work. Need to consider the competence of people
performing such work. Training may cover management staff, employees,
subcontractors/suppliers and visitors.

Pg 3 of 16
INTEGRATED MANAGEMENT SYSTEM

KEY REQUIREMENTS OF ISO 9001:2000

1. ISO 9001 covers all activities of the organisation from operations (eg. tendering,
operations, handover, DLP) to support activities (training, purchasing, filing and
record maintenance).

2. Management Commitment – Senior management involvement in the quality

management system must be apparent. This is a major area of audit.

3. Process Planning & Approach – Need to identify key processes, monitor and manage
these key processes. Implement a process approach and adopt the PDCA cycle in
every process.

4. Customer Focus – Must know what the customer requirements are. May come in
form of specifications, drawings, instructions, standards and codes (where applicable),
etc.

5. Customer Satisfaction Information – Monitoring Customer Complaints alone is NOT

adequate. Need to find out if customers are indeed satisfied with our products /
services and how satisfied they are.

6. Data collection and analysis – Data on customers, suppliers/subcons, products and

processes. This will enable effective decisions to be made based on facts and
analysis.

7. Emphasis on Performance Improvement and Continual Improvement.

8. Documentation Requirements:
a. Quality Policy & Objectives
b. Quality Manual

Pg 4 of 16
INTEGRATED MANAGEMENT SYSTEM

c. Quality Procedures (minimum 6 mandatory documented procedures i.e.

Control of Documents, Control of Records, Internal Audit, Control of
Nonconforming Product, Corrective Action, Preventive Action).
d. Planning & Operations documents (eg. time schedules, resource planning,
specifications / drawings, contract documents, method statements, handover
evidence, etc)
e. Records (eg. inspection records, test results / reports, progress reports/ records,
etc)

ISO 9001:2000 – The Standard

Clause headings:
1. Scope
2. Normative Reference
3. Terms & Definitions
4. Quality Management System
5. Management Responsibility
6. Resource Management
7. Product Realisation
8. Measurement, Analysis & Improvement

ISO 9001 requirements are within clauses 4, 5, 6, 7 and 8.

Clause 1 - Scope:
a. Generally :
- To consistently meet customer and applicable regulatory requirements.
- To enhance customer satisfaction with continual improvement and assurance
of conformity.
b. Application :
- Applicable to all types and sizes of product / service based organisations.
- Exclusions limited to Cl. 7 requirements only.

Pg 5 of 16
INTEGRATED MANAGEMENT SYSTEM

Clause 2 - Normative Reference:

All undated references indicated in ISO 9001:2000 should refer to their latest editions.

Clause 3 – Terms & Definitions :

To refer to ISO 9000:2000.

Clause 4 – Quality Management System :

Cl. 4.1 – General Requirements
Cl. 4.2 – Documentation Requirements : Not all procedures need to be documented but there
are 6 mandatory documented procedures. Control of Documents, Control of Records.

Clause 5 – Management Responsibility :

Cl. 5.1 – Management Commitment
Cl. 5.2 – Customer Focus
Cl. 5.3 – Quality Policy
Cl. 5.4 – Planning
Cl. 5.5 – Responsibility, Authority and Communication
Cl. 5.6 – Management Review

Clause 6 – Resource Management :

Cl. 6.1 – Provision of Resources
Cl. 6.2 – Human Resources
Cl. 6.3 – Infrastructure
Cl. 6.4 – Work Environment

Clause 7 – Product Realisation :

Cl. 7.1 – Planning of Product Realisation
Cl. 7.2 – Customer Related Processes
Cl. 7.3 – Design & Development
Cl. 7.4 – Purchasing
Cl. 7.5 – Product & Service Provision
Cl. 7.6 – Control of Monitoring & Measuring Devices

Pg 6 of 16
INTEGRATED MANAGEMENT SYSTEM

Clause 8 – Measurement, Analysis & Improvement

Cl. 8.1 – General
Cl. 8.2 – Monitoring & Measurement
Cl. 8.3 – Control of Nonconforming Product
Cl. 8.4 – Analysis of Data
Cl. 8.5 – Improvement

The 8 Quality Management Principles

1. Customer Focus
2. Leadership
3. Involvement of People
4. Process Approach
5. System Approach to Management (system is a set of interrelated processes)
6. Continual Improvement
7. Factual Approach & Decision Making
8. Mutually Beneficial Supplier Relationships

Network of Processes

The entire ISO 9000 system is based on the PDCA (Plan-Do-Check-Act) where:
P = Cl. 4, 5, 6
D = Cl. 7
C = Cl. 8
A = Cl. 8
Each process implementation should also be guided by the PDCA cycle.

Pg 7 of 16
INTEGRATED MANAGEMENT SYSTEM

ISO 14001:1996 & THE KEY REQUIREMENTS

ISO 14001 is an environmental management system that:

a. Provides a framework to identify business aspects with significant impact on
environment
b. Sets objectives & targets to minimise these impacts
c. Introduces programmes to achieve the objectives & targets
d. Establishes operational control measures to ensure compliance

Reasons for Implementing ISO 14000 EMS:

a. Commitment to protect the environment
b. Public image and good corporate citizenship
c. Cost savings / efficient allocation of resources
d. Stakeholders’ pressure
e. Trade / Business restrictions (if without EMS)
f. Competitors’ pressure

Cost Savings from having an EMS:

a. Efficient use of electricity, water and gas
b. Efficient use of raw materials
c. Efficient deployment of operatives
d. Continual Improvement of process design
e. Reduce process contamination, increase yield
f. Reduce possible future environmental liabilities
g. Reduce possible workmen compensation liabilities

The above cost savings are NOT immediately gained at the beginning of EMS
implementation.

Pg 8 of 16
INTEGRATED MANAGEMENT SYSTEM

Truth about ISO 14000:

It is NOT about prohibiting anyone from doing things harmful to the environment because
whatever we do will have an impact on the environment in one way or another.

ISO 14000 EMS is about knowing and understanding what exactly we are doing and how
these activities impact on the environment and implementing the necessary controls on these
activities.

KEY REQUIREMENTS OF ISO 14001:1996

1. Compliance with legislation and regulatory requirements such as Factories

Act, Environmental Pollution Control Act, etc

2. Understanding what you do will harm the environment. Need to determine:

a. The environment aspects (elements of the activities which have impact on the
environment eg. vehicle emission) and the impact on the environment (eg. air
pollution as a result of vehicle emission).
b. The significance of these aspects / impacts by evaluation of the impacts
against a set criteria.
Aspect & Impact analysis shall include operating conditions as in Normal, Abnormal
and Emergency. The analysis should also be done on a brain-storming / team
approach.

Method:
Select an activity  Identify its environmental aspects  Identify its environmental
impacts  Evaluate significance of impacts

Evaluation of significance may be based on:

a. Environmental concerns such as scale of impact, severity of impact, probability of
occurrence and duration of impact.

Pg 9 of 16
 INTEGRATED MANAGEMENT SYSTEM

b. Business concerns such as potential regulatory and legal exposure, difficulty and
cost of changing impact, effect of changes on other activities and processes, effect
on public image, etc.

3. Take steps to control and manage those significant aspects by:

a. Establishing environmental management programmes. The MP is used to achieve
objectives and targets and shall include the identity of person responsible for it,
the means to achieve it and the time frame to complete it.
b. Setting environmental objectives and targets to reduce the impacts. Objective is
an overall goal arising from the environmental policy and which is quantified
where applicable. Target is a detailed performance requirement, quantified where
practicable that arises from the objective, to be set and achieved in order to
achieve that objective.
c. Determining & implementing operation control measures to eliminate / prevent /
mitigate these impacts.

4. Establish operation controls for the activities to ensure that they are carried out under
controlled conditions. Eg. operating criteria, procedures / work instructions,
monitoring of these processes. The key characteristics of processes associated with
significant impacts shall be monitored. The monitoring devices shall be calibrated.

5. Have procedures to deal with emergency situations eg. accidents / incidents, spillages
of chemicals, fuels, etc. Need to be proactive in determining “what can possibly go
wrong” and have ready steps in dealing with such situations. Aim to minimise /
mitigate the environmental impacts when such things occur. The procedures shall be
tested periodically and reviewed and revised where necessary, especially after an
accident / emergency.

6. Training of people involved to make them aware of the environmental impacts in

relation to their work. Such training may cover management staff, workers and
subcontractors/suppliers.

Pg 10 of 16
 INTEGRATED MANAGEMENT SYSTEM

7. Institute continual improvement in environmental performance.

The ISO 14001 Standard:

Scope
Normative references
Definitions
EMS Requirements
4.1 General Requirements
4.2 Environmental Policy
4.3 Planning
4.3.1 Environmental Aspects
4.3.2 Legal & other Requirements
4.3.3 Objectives & targets
4.3.4 Environmental Management Programme(s)
4.4 Implementation and Operation
4.4.1 Structure & responsibility
4.4.2 Training, awareness & competence
4.4.3 Communication
4.4.4 EMS documentation
4.4.5 Document Control
4.4.6 Operational Control
4.4.7 Emergency Preparedness & Response
4.5 Checking and Corrective Action
4.5.1 Monitoring & measurement
4.5.2 Nonconformance and corrective and preventive action
4.5.3 Records
4.5.4 EMS audit
4.6 Management Review

Concluding Remarks:

Pg 11 of 16
INTEGRATED MANAGEMENT SYSTEM

ISO 14001 does not spell out what you can or cannot do.
Must comply with regulations and legal requirements.
3. Emphasis is on knowing what you do will harm or affect the environment
and have measures to control them.
4. Stresses on continually improving such measures.
5. Certain areas extend to outside of the organisation (eg. to suppliers,
subcontractors)

Pg 12 of 16
 INTEGRATED MANAGEMENT SYSTEM

OSHAS 18001:1999 & THE KEY REQUIREMENTS

The objectives of OHS are to enable an organisation to:

Identify HAZARDS
Control RISKS
Improve PERFORMANCE

in occupational health & safety.

Reasons for Implementing an OHS Management System:

a. To manage safety and health issues proactively
b. To avoid potential liability
c. To protect business and image
d. To demonstrate concern to employees
e. To ensure and assure compliance

Key Requirements of OHSAS 18001:1999

1. Compliance with legislations, regulations and other requirements such as Factories

Act, Fire Safety Act, etc

2. Understanding the hazards in your activities and their associated risks and determine
if those risks are tolerable. A Risk Assessment is carried out based on set criteria.

Hazard is the potential to harm. Risk is a combination of the likelihood and

consequences of a specified hazardous event occurring.

Hazard Identification to consider the source of harm, who or what could be harmed
and how the harm could occur. Hazard identification shall include routine and non-
routine activities and should be done on a brainstorm / team approach.

Pg 13 of 16
 INTEGRATED MANAGEMENT SYSTEM

Risk – How likely can things go wrong (likelihood)? How serious can it be if it did
go wrong (severity)?
Risk = Likelihood of harm x Severity of harm [a combination of “likelihood” and
“severity”]

Risk Assessment - is to determine if the risks are tolerable or further control measures
to contain the risks are required. It also requires the consideration of legal/regulatory
requirements. It shall be done with consideration for the safety/control measures
already in place.

Risk Control – Are means of eliminating or minimising adverse effects from

happening and there are basically 3 categories of action:
a. Actions which eliminate / remove the hazard or target
b. Actions which eliminate / reduce the consequences (eg. PPE)
c. Actions which reduce the likelihood (eg. Safe Work Procedures, training, etc)

3. Take steps to control and manage those risks which are significant by:
a. Setting objectives to reduce risks.
b. Establishing management programmes to achieve the objectives. The MP is
used to achieve objectives and targets and shall include the identity of person
responsible for it, the means to achieve it and the time frame to complete it.
c. Determining & implementing operation control measures to eliminate /
prevent / mitigate these risks.

4. Establish operation controls for the activities to ensure that they are carried out under
controlled conditions. Eg. operating criteria, procedures / work instructions,
monitoring of these processes.

5. Institute continual improvement in risk management.

Pg 14 of 16
 INTEGRATED MANAGEMENT SYSTEM

The OHSAS 18001 Standard:

1. Scope
2. Reference Publications
3. Terms & Definitions
4. OH&S Management System Elements
4.1 General Requirements
4.2 OH&S Policy
4.3 Planning
4.3.1 Planning for hazard identification, risk assessment & risk
control
4.3.2 Legal & Other Requirements
4.3.3 Objectives
4.3.4 OH&S Management Programme(s)
4.4 Implementation and Operation
4.4.1 Structure & responsibility
4.4.2 Training, awareness & competence
4.4.3 Consultation & communication
4.4.4 Documentation
4.4.5 Document & Data Control
4.4.6 Operational Control
4.4.7 Emergency Preparedness & response
4.5 Checking and Corrective Action
4.5.1 Performance measurement & monitoring
4.5.2 Accidents, Incidents, Nonconformance and corrective and
preventive action
4.5.3 Records & record management
4.5.4 Audit
4.6 Management Review

Pg 15 of 16
INTEGRATED MANAGEMENT SYSTEM

DO’S & DON’TS DURING AN EXTERNAL ISO AUDIT

Do’s:
a. RELAX…Auditors aren’t supposed to pick on your “mistakes”; they are here to see if
the management system is in working order. They are looking for positive evidence
of compliance and conformity.
b. Be prepared. Ensure all the documentation and records are in order and updated
about a week prior to Audit.
c. Understand the requirements in your area of work and requirements within the
Standard and IMS Manuals. It’s not an exam.
d. Ensure files are properly labelled and identified. It’s really for your own convenience
when you need to quickly retrieve a document, than a show for the auditors only.
e. Be punctual, friendly, courteous and attentive to the auditors.
f. Pay close attention to questions asked and request for clarification, if necessary. It’s
ok to ask the auditor to repeat and rephrase the question. It’s also ok to discuss with
your colleagues before you answer.
g. Be professional at all times.

Don’ts:
a. Don’t panic.
b. Don’t go on the offensive or defensive when questioned; no matter how you feel
about the auditors or the questions asked.
c. Don’t argue or quarrel with the auditors.
d. Don’t argue or quarrel with your colleagues or bosses during the audit.
e. Don’t blame or bad-mouth your colleagues or anyone else during the audit if the
auditor picks up a non-conformity from your area of work.
f. Don’t volunteer information or data unless requested to do so specifically.
g. Don’t offer entire file of documentation to the auditor unless requested to do so. Pick
a good sample and show the auditor.

Pg 16 of 16