Literature MMM

To provide an overview of the changes that is proposed for the ISO 9001:2015, ISO
14001:2015 and OHSAS 18001 IMS (EQHSMS) standard and to discuss the interpretation of
these changes from documentation, implementation and third party certification point of view
and our this training kit is prepared for training purpose only. The user can use it for in-house
training or for public training.
INTERNAL AUDITOR TRAINING PROGRAM FOR IMS (EQHSMS)
Training material for reading
HAND OUTS IN FILE
Chapter No. Section Page No.
Overview to ISO 9001:2015 QMS and ISO 14001:2015 EMS

1. 1 to 9
and OHSAS 18001
2. ISO 9001:2015 terminology and concepts 1 to 4
3. EMS standard 14001:2015 changes 1 to 10
4. Summary of OH&S Management System Requirements 1 to 15
ISO 9001:2015 QMS and ISO 14001:2015 EMS and OHSAS
5. 1 to 25
18001 Internal audit
6. Principals of Quality Management System-ISO 9001:2015 1 to 5
ISO 9001 and 14001 and OHSAS 18001 EQHSMS audit
7. 1 to 12
records
Documented information Summary against ISO 9001:2015 and
Table–1 1 to 2
ISO 14001:2015 requirements
Chemical Chart 1 to 3
copyright @ Green World Group; E-mail: info@greenwgroup.com

Table – 1 Documented information Summary against ISO 9001 :2015 and ISO 14001 -
2015 requirements
DESCRIPTION
List of Documented information required under ISO 9001:2015

1. Scope of the Quality management system(4.3 )
2. Information to support operation of the processes (4.4.2a)
3. Information to to have confidence that the processes are being carried out as planned(4.4.2b)
4. Quality policy (5.2.2)
5. Quality Objectives (6.2.1)
6. Evidence of fitness for purpose of the monitoring and measuring resources (process
monitoring and maintenance records ) (7.1.5.1)
7. Calibration or verification records ( 7.1.5.2)
8. Competence records for employee experience, qualification, skill or certification etc (7.2d)
9. Necessary information for effectiveness of QMS (7.5.1b)
10. Change control and version control- change control sheet (7.5.3.2)
11. Master list and distribution list of documented information ( 7.5.3.2)
12. External origin documents necessary for planning and execution of QMS (7.5.3)
13. Establish confidence on processes - Process monitoring sheet and monitoring records
(Process execution ,monitoring against planning) (8.1c)
14. Confirmation of customer‟s requirement in cases of verbal orders or no written statement
provided by customer(8.2.3.1)
15. Contract review results and information on customer requirements (8.2.3.2a)
16. Information for any new requirements for the products and services( 8.2.3.2b)
17. Changes to the customer requirement in cases of amendment ( 8.2.3)
18. Information needed to demonstrate Design and development requirements have been met (
8.3.2j)
19. Information on design and development inputs ( 8.3.3)
20. Information for design and development controls( 8.3.4)
21. Information on design and development outputs output and suitability- development
verification sheet ( 8.3.5)
22. Information on design and development changes, result of reviews, authorization of the
changes, action taken to prevent adverse impacts ( 8.3.6)
23. Information for evaluation, selection, monitoring of performance and re evaluation and
actions arising from evaluation on external providers(8.4.1)
24. 25.Results of evaluation of external providers - External providers selection and evaluation
records (8.4.2)
25. Characteristics of the goods and services as inspection test plan or specification
sheet(8.5.1a)
26. Traceability related records( Where necessary) to maintain unique identification (where
necessary)8.5.2
27. Records for property of the customer or external provider is lost, damaged or otherwise found
to be unsuitable for use(8.5.3)
28. 29.Results of the review of changes for production and service provision, person authorizing
and action arising from review and action taken- change management (8.5.6 )
29. .Release of goods and services for delivery to the customer.; final inspection report or release
note; Evidence of the conformity with acceptance criteria (8.6)31.
30. .Information for non conformity ( 8.7.2)
31. Results for measurement, analysis and evaluation for effectiveness of QMS( Objective
monitoring records(9.1)
32. Audit programme and the audit results-audit records.(9.2.2f)
33. Results of management reviews including actions taken- minutes of management
review.(9.3.3)35.Nature of the nonconformities and any subsequent actions taken- non
conformity and authorization records(10.2.2)
34. Results of corrective action(10.2.2b)

Table – 1 Documented information Summary against ISO 9001 :2015 and ISO 14001 -
2015 requirements
List of Documented information required under ISO 14001:2015

1. Scope of the Environmental management system(4.3 )
2. Environmental policy (5.2.)
3. Risks and opportunities ( 6.1.1 )
4. Processes needed to address risks and opportunities to establish confidence( 6.1.1)
5. Environmental aspects and associated environmental impacts ( 6.1.2)
6. Methodology/procedure for criteria used to determine its significant environmental
aspects ( 6.1.2)
7. List of significant environmental aspects ( 6.1.2)
8. Information and list and evidences for compliance obligation(6.1.3)
9. Environmental Objectives (6.2.1)
10. Competence records for employee experience, qualification, skill or certification etc (7.2)
11. Evidences for communications( 7.4.1)
12. Necessary information for effectiveness of EMS (7.5.1b)
13. Documented information control; Change control and version control- sheet (7.5.3)
14. Master list and distribution list of documented information ( 7.5.3)
15. External origin documents necessary for planning and execution of EMS (7.5.3)
16. Establish confidence that process has been carried out.- operation planning and control-
Operation planning & monitoring sheet (Process execution ,monitoring against planning)
(8.1)
17. Information to establish confidence that emergency preparedness and response
procedure is established(8.2)
18. Retain evidences for monitoring, measurement, analysis and evaluation for effectiveness
of EMS(9.1.1)
19. Evidences of compliance evaluation result s(9.1.2)
20. Audit programme and the audit results-audit records.(9.2.2)
review.(9.3)
22. Nature of the nonconformities and any subsequent actions taken- non conformity and
authorization records(10.2)
23. Results of corrective action(10.2)

Chapter:1 Overview to ISO 9001:2015 QMS and ISO 14001:2015 EMS and
OHSAS 18001
1.0 Background to the new standards

The rules of the International Organisation for Standardisation (ISO) require that all standards
are reviewed every five years to ensure that they reflect the best practice in the particular
subject and take into account any lessons that have been learnt during the application of the
standard. The outcome of these reviews is that standards are confirmed, revised or
withdrawn.
Every organization would like to improve the way it operates, whether that means increasing
market share, driving down costs, managing risk more effectively or improving customer
satisfaction. A Quality and Environment management system gives you the framework you
need to monitor and improve performance in any area you choose.
ISO 9001 and ISO 14001 is by far the world‟s most established Quality and Environment
framework, currently being used by over ¾ million organizations in 161 countries, and sets the
standard not only for Quality and Environment management systems, but management
systems in general.
It helps all kinds of organizations to succeed through improved customer satisfaction, staff
motivation and continual improvement.
ISO 9000 series of standards
ISO 9001 and ISO 14001 is one of a series of quality management system standards. It can
help bring out the best in your organization by enabling you to understand your processes for
delivering your products/services to your customers. The ISO 9001 AND ISO 14001 series of
standards consist of:
 ISO 9000 – Fundamentals and Vocabulary: this introduces the user to the concepts
behind the management systems and specifies the terminology used.
 ISO 9001 and ISO 14001 – Requirements: this sets out the criteria you will need to
meet if you wish to operate in accordance with the standard and gain certification.
 ISO 9004 – Guidelines for performance improvement: based upon the eight quality
management principles, these are designed to be used by senior management as a
framework to guide their organizations towards improved performance by considering
the needs of all interested parties, not just customers.
2.0 Why ISO 9001 AND ISO 14001 ? : -
1. Want to export.
2. Provide confidence to customers.
3. Reduce wasted efforts and resources.
4. Pathway to Total Quality Management.
5. Remove inter-departmental hassles.
6. Assure Top Management commitment and involvement.
7. Involves all functions, all departments at all levels.
8. Disciplined way of working.
9. Structure Quality and Environment Management to needs.

OHSAS 18001
10. Preventive, rather than curative.

11. Strategic business tool.
12. Enhances return on investment.
3.0 Benefit of ISO 9001 AND ISO 14001 revised 2015 standards : -
Benefits of ISO: 9001 and ISO 14001 is summarised below.
 Competitive advantage
ISO 9001 AND ISO 14001 should be top-management led, which ensures that senior
management take a strategic approach to their management systems. Our assessment
and certification process ensures that the business objectives constantly feed into your
processes and working practices to ensure you maximise your assets.
 Improves business performance and manages business risk
ISO 9001 AND ISO 14001 helps your managers to raise the organization‟s
performance above and beyond competitors who aren‟t using management systems.
Certification also makes it easier to measure performance and better manage business
risk.
 Attracts investment, enhances brand reputation and removes barriers to trade
Certification to ISO 9001 AND ISO 14001 will boost your organization‟s brand
reputation and can be a useful promotional tool. It sends a clear message to all
interested parties that this is a company committed to high standards and continual
improvement.
 Saves you money
Evidence shows that the financial benefits for companies that have invested in and
certified their Quality and Environment management systems to ISO 9001 AND ISO
14001 include operational efficiencies, increased sales, higher return on assets and
greater profitability.
 Streamlines operations and reduces waste
The assessment of your Quality and Environment management system focuses on
operating processes. This encourages organizations to improve the Quality and
Environment of products and the service provided and helps to reduce waste and
customer complaints.
 Encourages internal communication and raises morale
ISO 9001 AND ISO 14001 ensures that employees feel more involved through
improved communication. Continued Assessment visits can highlight any skills
shortages sooner and uncover any teamwork issues.
 Increases customer satisfaction
The „Plan, Do, Check, Act‟ structure of ISO 9001 AND ISO 14001 ensures that the
needs of the customer are being considered and met.
The above benefits can be summarised for internal benefits and external for ISO: 9001
certification as per details given below.

OHSAS 18001
3.1 INTRINSIC: -
* Competitiveness through cost reduction by eliminating waste, rework, and scrap
overtime.
* Improve efficiency, productivity and effectiveness.
* Increased customer confidence.
* Improve employee morale.
* Improve cycle time.
* Improve communication and quality of information.
3.2 EXTRINSIC: -
* Worldwide recognition and credibility.

* Access to European and world markets.
* Qualification to bid on new contracts.
* Improved corporate Quality and Environment image.
* Tool for motivating suppliers to conform.
* Reduction in customer audit.
4.0 ISO 9001 AND ISO 14001 Documented Information: -

The total documentation for a comprehensive Quality and Environment system under ISO:
9001:2015 is reduced drastically compared to ISO 9001 and ISO 14001 old standard. This
Documented information can be any form like Quality and Environment manual, procedures,
records etc and standard is now not asking for Quality and Environment Manual any more. As
per list given below at few places now documented information is required.
List of Documented information required under ISO 9001 AND ISO 14001:2015
1. Scope of the Quality and Environment management system(4.3 )

2. Information to support operation of the processes (4.4.2a)
3. Information to to have confidence that the processes are being carried out as
planned(4.4.2b)
4. Quality and Environment policy (5.2.2)
5. Quality and Environment Objectives (6.2.1)
6. Evidence of fitness for purpose of the monitoring and measuring resources (process
monitoring and maintenance records ) (7.1.5.1)
7. Calibration or verification records ( 7.1.5.2)
8. Competence records for employee experience, qualification, skill or certification etc
(7.2d)
9. Necessary information for effectiveness of QMS AND EMS (7.5.1b)
10. Change control and version control- change control sheet (7.5.3.2)
11. Master list and distribution list of documented information ( 7.5.3.2)
12. External origin documents necessary for planning and execution of QMS AND EMS
(7.5.3)
13. Establish confidence on processes - Process monitoring sheet and monitoring records
(Process execution ,monitoring against planning) (8.1c)

OHSAS 18001
14. Confirmation of customer‟s requirement in cases of verbal orders or no written statement

provided by customer(8.2.3.1)
15. Contract review results and information on customer requirements (8.2.3.2a)
16. Information for any new requirements for the products and services( 8.2.3.2b)
17. Changes to the customer requirement in cases of amendment ( 8.2.3)
18. Information needed to demonstrate Design and development requirements have been
met ( 8.3.2j)
19. Information on design and development inputs ( 8.3.3)
20. Information for design and development controls( 8.3.4)
21. Information on design and development outputs output and suitability- development
verification sheet ( 8.3.5)
22. Information on design and development changes, result of reviews, authorization of the
changes, action taken to prevent adverse impacts ( 8.3.6)
23. Information for evaluation, selection, monitoring of performance and re evaluation and
actions arising from evaluation on external providers(8.4.1)
24. 25.Results of evaluation of external providers - External providers selection and
evaluation records (8.4.2)
25. Characteristics of the goods and services as inspection test plan or specification
sheet(8.5.1a)
26. Traceability related records( Where necessary) to maintain unique identification (where
necessary)8.5.2
27. Records for property of the customer or external provider is lost, damaged or otherwise
found to be unsuitable for use(8.5.3)
28. 29.Results of the review of changes for production and service provision, person
authorizing and action arising from review and action taken- change management (8.5.6
)
29. .Release of goods and services for delivery to the customer.; final inspection report or
release note; Evidence of the conformity with acceptance criteria (8.6)31.
30. .Information for non conformity ( 8.7.2)
31. Results for measurement, analysis and evaluation for effectiveness of QMS AND EMS(
Objective monitoring records(9.1)
32. Audit programme and the audit results-audit records.(9.2.2f)
review.(9.3.3)35.Nature of the nonconformities and any subsequent actions taken- non
conformity and authorization records(10.2.2)
34. Results of corrective action(10.2.2b)
5.0 Introduction to OHSAS 18001: 2007 systems

5.1 Introduction
The industries are required to grow to satisfy the need of the society but at the same
time they need to do all this in an occupation, Health and safety acceptable manner.
Of late, industries have been reactive towards OHSAS management and follow up of
safe production practices. In this scenario, the concept of OHSMS through plan
approach of system implementation for occupational, health and safety issues are
taking shape.

OHSAS 18001
OHSMS
OHSAS Management System (OHSMS) refers to a system used by an Organisation to

manage its activities, product or services in such a way to minimize or eliminate the
adverse impacts on Occupation, Health and safety of workers. More explicitly, the
OHSMS is that part of the overall management system viz. organizational structure,
planning activities, responsibilities, practices, procedures, processes and resources
which are necessary for developing, implementing, reviewing and maintaining the
organisation‟s OHSAS policy.
Evidently, OHSAS Management System is not a Hi- Tech mechanism to address

Occupation, health and Safety issues of an organisation. Basically OHSMS is a manual
system consisting of three components namely:
I. Design or development of elements of OHSMS
II. Documentation and
III. Implementation
Of course, the documentation can be supported by software.
Unlike the Quality Management System which concentrate only on customers

satisfaction, the OHSMS is required to satisfy different stakeholder e.g. employees,
shareholders, regulatory authorities, customers and general public as well. Also, quality
can be defined by technical specification and so satisfying the customers is relatively
easier. Whereas in case of OHSMS it is dependent on diverse interest of the
Stakeholders In addition, the OHSMS is required to ensure compliance with relevant
legislation and regulations. Thus the scope of application and operation of OHSMS is
wider than that of QMS.
5.2 The need of OHSMS
With the growing Health and safety awareness, compulsions and competition, it is
becoming imperative to not only manufacture but source raw materials and sell
products in manner that is taking care of OHSAS issues.
Global trade henceforth would reinforce flow of safer goods and services, in which only
OHSAS complying companies shall be able to retain and enhance their share of
growing international market.
While all industrial enterprises are required to comply with growing number of OHSAS
regulation, it is only those, who proactively seek to demonstrate OHSMS performance
far beyond compliance, would be the market leaders.
Credibility comes in only when an independent, well respected, internationally

recognized third party speaks of these OHSAS achievements. Then it not only carries
conviction but also impacts the consumer mind favourably.

OHSAS 18001
Occupation, Health and Safety Management System (OHSMS) certification is one such
opportunity that can enable the companies acquires the label of sound enterprises and
improves their economic performance at the same time.
5.3 Why implement OHSMS?
 Systematic approach
 Improved communication
 Improved compliance
 Improved profitability
 Reduction in liability and risk
 Improved internal management
 Confidence with stakeholders
 Improved employee confidence / faith
 Market credibility / image
 Improved emergency preparedness
5.4 Developing an OHSMS: -
Any organisation may develop its own OHSMS Management System to address
OHSMS issues arising out of its activities, product or services. The elements of such a
system may be decided by the organisation itself depending upon the need.
Such a system may be functioning well to enhance the OHSMS performance; still it will
lack credibility and conviction. In these circumstances third party certification of
OHSMS is required. For this purpose the organisation‟s OHSMS has to be designed,
developed and implemented as per specification of recognised standards.
Thus OHSMS scope is as below.
 Must be based on control of causes, not hazards and risks reactive

 Must address all management elements of control
 Must address Normal / Abnormal / Emergency conditions
 Must have measurable parameters
 Must be goal driven
 Must be relevant to risks
 Must involve all
 Must promote continual improvement
 Management and not control / eradication
 OHSMS is managing risks and hazards
 The essence of hazard management is to avoid high risks, manage medium
risks and live with low risks

OHSAS 18001
6.0 OHSAS 18000 Standards: -
The standards are generic, i.e. applicable to both manufacturing and service
organisation, in public and private sectors. They say what should be done by an
organisation to manage the impact on the OHSAS of its activities, but do not dictate
how to do it. Thus OHSAS: 18001 have impact on the issues listed below.
6.1 Following issues for Industry are considered
 Occupational concern for the organisation
 Health issues
 Safety of workers
 Water use
 Other Resource Use
 Hazardous Substances
 Biological Hazards
 Radiation
 Waste
 Noise
 Community Concerns
 Wildlife & Habitats
 Accidents & emergencies
 Planning Issues
 Interface with other Health & Safety Issues
OHSAS: 18000 series of standards can be classified as the specification standard and
guidance standard. OHSAS: 18001 are the only specification standard to which
companies would be registered.
The overall aim of this international standard is to support OHSMS system. However, it
is not intended to be used to create non-tariff trade barriers or to increase or change an
organisation‟s legal obligations.
The company has to make targets related to OHSAS issues for long run and
achievement for the same. Also provisions for emergency so that OHSAS is no where
affected by the company. The elements of OHSAS: 18001 are listed below.

OHSAS 18001
I. OHSMS Policy
II. Planning
1. Planning for hazard identification, risk 3. Objectives and targets.
assessment and risk control 4. OHSMS Management Program.
2. Legal and other requirements.
III. Implementation and Operation
1. Structure and responsibility. 5. Document control.
2. Training, awareness and competence. 6. Operational control.
3. Consultation and Communication. 7. Emergency preparedness and
4. OHSMS documentation. response.
VI. Checking and Corrective Action
1. Performance measurement and 3. Records.
monitoring. 4. OHSMS Management System audit
2. Accidents, incidents, non-conformance
and corrective and preventive action
V. Management Review
The OHSAS: 18001 Specification envisages 5 Core Elements for OHSMS, for the
purpose of certification by third parties. These are:
1. Commitments and Policy

An organization should define its OHSMS policy and focus on what needs to be
done for ensuring continual OHSMS performance. It should also ensure
commitment to the policy.
2. Planning
An Organization should formulate a plan to fulfil its OHSMS policy.
3. Implementation
For effective implementation an Organisation should develop the capabilities and
support mechanisms necessary to achieve its OHSMS policy, objectives and
targets.
4. Measurements and Evaluation

An organization should measure, monitor and evaluate its OHSMS performance.
5. Reviews and Improvement

An organization should review and continually improve its OHSMS management
system, with the objective of improving its overall OHSMS performance.

OHSAS 18001
6.2 Purpose and benefits of OHSMS (18001): -
Organizations certified to OHSAS 18001 would achieve significant competitive edge over
Organizations engaged in similar operations (activities, products and services), as it
reflects the proactive ness of organization to protect the OHSAS through preventive
mechanisms rather than corrective one.
A well functioning OHSMS provides confidence to the organization and the various
stakeholders as well that and give the benefits as listed below:
1. Increase the Acceptance from financial institutions, Bank, Public, Insurance etc.
2. Improve Industry - Government Relations.
3. Improve OHSAS Performance, which in turn increase productivity of man and
machines.
4. Meet customer‟s OHSAS expectations and maintain good public relations.
5. Govt. benefits.
6. Ability to Meet;
a. National/ International Legislation
b. Regional Variation in Legislation
7. Health and Safety of Workers
8. Public Image.
9. Consumer Opinion
10. Inter-company/ international Trade.
11. Increase Employee Confidence.
7.0 Steps for installation of ISO 9001 and ISO 14001:2015 Quality and
Environment Management System and OHSAS 18001:-
All the progressive units in India, which are in the export market today, have adopted
some system of obtaining the final product quality. However, in this system there are
generally a lot of rework and wastage‟s. Experience of other industries in India and
outside India shows that extensive efforts on the part of each and every person in the
organisation are needed for upgrading the existing system to meet the requirements of
ISO: 9001 quality system. In revised ISO 9001 and ISO 14001:2015 standard
approach of risk identification and taking necessary actions are required.
The time required for installation of this system in any company may vary depending
upon their present status and work culture. The total cost involved consultancy body,
fees of certifying body, resource requirement etc. depending on infrastructure available
with the company establish system and complexity of work involved.
1. Conduct awareness programmes (Top + Middle + Bottom Level).

2. Form a task force for documentation.
3. Prepare documents of Quality and Environment system.
4. Implementation and train all personnel in the use of procedures and formats.
5. Train internal auditors.
OHSAS 18001
6. Carry out aspects and impacts and risk assessment. Conduct hazard-risk
assessment
7. Assess the system through an internal audit.
8. Take corrective actions for non-compliances.
9. Apply for certification.
10. Assess the system through second round of internal audit.
11. Avail pre-certification audit of certifying body.
12. Take actions on suggestions given by them.
13. Maintain and improve the system by third round of internal audit.
14. Final audit by certifying body.
Conclusion: -
Quality and Environment under ISO 9001, ISO 14001 and OHSAS 18001 will not give
company the more of the best product producer. But what it will give to the company is a
more consistent product and a system of operation that is totally oriented to the customer's
needs. It will require a lot of hard work and a lot of headaches, but it will be paying in terms
of Quality Assured product.

Chapter:2 ISO 9001 2015 terminology and concepts
Clarification of new structure, terminology and concepts
1 Structure and terminology

The clause structure and some of the terminology of this International Standard, in
comparison with ISO 9001:2008, have been changed to improve alignment with other
management systems standards.
The consequent changes in the structure and terminology do not need to be reflected
in the documentation of an organization‟s quality management system.
The structure of clauses is intended to provide a coherent presentation of requirements

rather than a model for documenting an organization‟s policies, objectives and
processes. There is no requirement for the structure of an organization's quality
management system documentation to mirror that of this International Standard.
Table B.1 — Major differences in terminology between ISO 9001:2008 and ISO
9001:2015
ISO 9001:2008 ISO 9001:2015

Products Products and services
Exclusions Not used (See Annex 4 for clarification of applicability)
Documentation, records Documented information
Work environment Environment for the operation of processes
Purchased product Externally provided products and services
Supplier External provider
2 Products and services

ISO 9001:2008 used the term “product‟ to include all output categories. This
International Standard uses “products and services”. The term “products and services”
includes all output categories (hardware, services, software and processed materials).
The specific inclusion of “services” is intended to highlight the differences between

products and services in the application of some requirements. The characteristic of
services is that at least part of the output is realised at the interface with the customer.
This means, for example, that conformity to requirements cannot necessarily be
confirmed before service delivery.
3 Context of the organization

There are two new clauses relating to the context of the organization, 4.1
Understanding the organization and its context and 4.2 Understanding the needs
and expectations of interested parties. Together these clauses require the

organization to determine the issues and requirements that can impact on the planning
of the quality management system.
The Scope states, in part, that this International Standard is applicable where an
organization needs to demonstrate its ability to consistently provide products and
services that meet customer and applicable statutory and regulatory requirements and
aims to enhance customer satisfaction. No requirement of this International Standard
can be interpreted as extending that applicability without the agreement of the
organization.
4 Risk Based Thinking

This International Standard requires the organization to understand its context (see
clause 4.1) and determine the risks and opportunities that need to be addressed (see
clause 6.1).
One of the key purposes of a quality management system is to act as a preventive tool.
Consequently, this International Standard does not have a separate clause or sub-
clause titled 'Preventive action‟. The concept of preventive action is expressed through
a risk-based approach to formulating quality management system requirements.
The risk-based approach to drafting this International Standard has facilitated some
reduction in prescriptive requirements and their replacement by performance-based
requirements.
5 Applicability
Where a requirement can be applied within the scope of its quality management
system, the organization cannot decide that it is not applicable. Where a requirement
cannot be applied (for example where the relevant process is not carried out) the
organization can determine that the requirement is not applicable. However, this non-
applicability cannot be allowed to result in failure to achieve conformity of products and
services or to meet the organization‟s aim to enhance customer satisfaction.
6 Documented information
As part of the alignment with other management system standards a common clause
on 'Documented Information' has been adopted without significant change or addition
(see 7.5). Where appropriate, text elsewhere in this International Standard has been
aligned with its requirements. Consequently, the terms “documented procedure” and
“record” have both been replaced throughout the requirements text by “documented
information”. So the major focus in the ISO/DIS 9001 2015 is to reduce documentation
and only few places requirements of documented information is requested.

7 Organisational knowledge
Clause 7.1.5 Organisational knowledge addresses the need to determine and
maintain the knowledge obtained by the organization, including by its personnel, to
ensure that it can achieve conformity of products and services.
The process for considering and controlling past, existing and additional knowledge
needs to take account of the organization‟s context, So it is advisable to make the
knowledge library to gain past good and bad experience and share the same with all
concern persons
8 Control of externally provided products and services
Clause 8.4 Control of externally provided products and services addresses all
forms of external provision, whether it is by purchasing from a supplier, through an
arrangement with an associate company, through the outsourcing of processes and
functions of the organization or by any other means.
The organization is required to take a risk-based approach to determine the type and
extent of controls appropriate to particular external providers.
9 Summary of what is new in ISO 9001: 2015

 Risk management is being added with focus on risk-based thinking. Identification of
risk and risk control now a requirement.
 Standardized core text, structure, definitions enable organizations with multiple
management systems to achieve improved integration & implementation.
 Major focus on achieving value for organization and its customers.
 Revisions allow ISO 9001 to be more applicable by “service-based” organizations.
 Primary focus remains on Customers!
 Use of the High Level Structure (HLS)
 Improved applicability for services
 Fewer prescribed requirements
 Increased emphasis on organizational context
 Boundaries of the QMS must be defined
 Risk-based thinking throughout the standard supersedes a single clause on
preventive action
 The term „documented information‟ replaces „documents and records‟
 The term „outsourcing‟ is replaced by „external provision‟
 Increased leadership requirements
 No requirement for a management representative
 Objectives must include reference to who, what, when
 Planning of changes
 Explicit reference to knowledge management
 No need for a Quality Manual
 Operational planning includes addressing risks

 Greater emphasis on processes achieving requirements for goods or services and

customer satisfaction
 Internal audits now require the consideration of related risks
 Management review to take into consideration strategic direction of the organization
 New concepts are being considered
 The customer remains the primary focus
 A new common ISO format has been developed for use across all Management
System Standards
10 Structure and responsibility
 In line with other MS standards – 10 clauses

 Exclusions deleted – no restriction of clause 7
 Products and services replaces products
 Documented information replaces documents, records
 External provider replaces supplier
 Externally provided products and services replace purchased product. Outsourcing
now formally included (instead of a note in clause 4.1)
 QMS documentation need not follow standard structure
 All terms used in standard can be changed after definition.
Note: Participants needs to purchase ISO 9001:2015 to

understand the revised standard requirements to understand the
requirements

Chapter:3 EMS standard 14001:2015 changes
Clarification of new structure, terminology and requirements
Below are some of the new changes and terminology and requirements summarised.
1 Structure and terminology
The clause structure and some of the terminology of this International Standard, in
comparison with ISO 14001:2004, have been changed to improve alignment with other
management systems standards.
The consequent changes in the structure and terminology do not need to be reflected
in the documentation of an organization‟s Environmental management system.
The structure of clauses is intended to provide a coherent presentation of requirements

rather than a model for documenting an organization‟s policies, objectives and
processes. There is no requirement for the structure of an organization's Environmental
management system documentation to mirror that of this International Standard.
Major differences in terminology between ISO 14001:2004 and ISO 14001:2015
ISO 14001:2004 ISO 14001:2015
Products Products and services
Documentation, manual, procedures,

Documented information
records
Work environment Environment for the operation of processes
Purchased product Externally provided products and services
Supplier External provider
2 Products and services

ISO 14001:2004 used the term “product‟ to include all output categories. This
International Standard uses “products and services”. The term “products and services”
includes all output categories (hardware, services, software and processed materials).
The specific inclusion of “services” is intended to highlight the differences between

products and services in the application of some requirements. The characteristic of
services is that at least part of the output is realised at the interface with the customer.
This means, for example, that conformity to requirements cannot necessarily be
confirmed before service delivery.

3 Context of the organization
There are two new clauses relating to the context of the organization, 4.1
Understanding the organization and its context and 4.2 Understanding the needs
and expectations of interested parties. Together these clauses require the
organization to determine the issues and requirements that can impact on the planning
of the Environmental management system.
The Scope states, in part, that this International Standard is applicable where an
organization needs to demonstrate its ability to consistently meet customer and
applicable statutory and regulatory requirements. No requirement of this International
Standard can be interpreted as extending that applicability without the agreement of the
organization.
4 Risk and Opportunity

This International Standard requires the organization to understand its context (see
clause 4.1) and determine the risks and opportunities that need to be addressed (see
clause 6.1).
One of the key purposes of a Environmental management system is to act as a

preventive tool. Consequently, this International Standard does not have a separate
clause or sub-clause titled 'Preventive action‟. The concept of preventive action is
expressed through a risk-based approach to formulating Environmental management
system requirements.
The risk-based approach to drafting this International Standard has facilitated some
reduction in prescriptive requirements and their replacement by performance-based
requirements.
5 Applicability
Where a requirement can be applied within the scope of its Environmental
management system, the organization cannot decide that it is not applicable. Where a
requirement cannot be applied (for example where the relevant process is not carried
out) the organization can determine that the requirement is not applicable. However,
this non-applicability cannot be allowed to result in failure to achieve conformity of
products and services or to meet the organization‟s aim and therefore identifying the
scope of EMS is now required
6 Documented information
As part of the alignment with other management system standards a common clause
on 'Documented Information' has been adopted without significant change or addition
(see 7.5). Where appropriate, text elsewhere in this International Standard has been
aligned with its requirements. Consequently, the terms “documented procedure” and
“record” have both been replaced throughout the requirements text by “documented
information”. So the major focus in the ISO 14001 2015 is to reduce documentation and
only few places requirements of documented information is requested.

7 Organisational knowledge
Clause 7.1 Organisational knowledge addresses the need to determine and
maintain the knowledge obtained by the organization, including by its personnel, to
ensure that it can achieve conformity of products and services.
The process for considering and controlling past, existing and additional knowledge
needs to take account of the organization‟s context, So it is advisable to make the
knowledge library to gain past good and bad experience and share the same with all
concern persons
8 Compliance Obligations
Now the new terminology compliance obligation is added means including legal and
statutory requirements now this standard is asking to identify all compliance obligation
considering the nature and product of the organization and need to comply it.
9 Summary of what is new in ISO 14001: 2015
 Risk management is being added with focus on risk-based thinking. Identification of

risk and risk control now a requirement.
 Standardized core text, structure, definitions enable organizations with multiple
management systems to achieve improved integration & implementation.
 Revisions allow ISO 14001 to be more applicable by “service-based” organizations.
 Use of the High Level Structure (HLS)
 Improved applicability for services
 Fewer prescribed requirements to maintain records and procedures word is
removed
 Increased emphasis on organizational context
 Boundaries of the EMS must be defined
 Risk-based thinking throughout the standard supersedes a single clause on
preventive action
 The term „documented information‟ replaces „documents and records‟
 The term „outsourcing‟ is replaced by „external provision‟
 Increased leadership requirements
 No requirement for a an environmental system representative
 Objectives must include reference to who, what, when
 Explicit reference to knowledge management
 No need for a Environmental Manual
 Operational planning includes addressing risks
 New concepts of compliance obligation are being considered
 A new common ISO format has been developed for use across all Management
System Standards

10 Structure and responsibility
 In line with other MS standards – 10 clauses

 Products and services replaces products
 Documented information replaces documents, records
 External provider replaces supplier
 Externally provided products and services replace purchased product. Outsourcing
now formally included
 EMS documentation need not follow standard structure
 All terms used in standard can be changed after definition.
Note: Participants needs to purchase ISO 14001:2015 from ISO web site to
understand the requirements
Annexure – 1
Elements of environment management system
Table-1 Key commitment of some of the elements of ISO 14001: 2015
Clause Title Key Commitments

Understanding the 1. Determine relevant external and internal
4.1 organization issues
and its context 2. Understand the organization and its context
1. Determine interested parties that are
Understanding the needs
relevant to EMS
4.2 and expectations of
2. Determine requirements of these interested
interested parties
parties
1. Determine the boundaries and applicability
of the EMS to establish scope
2. All activities, product and services of the
Determining the scope of
organizational within that scope need to be
4.3 the environmental
include in the EMS
management system
3. The scope is maintained as documented
information and be available to interested
parties
1. Continual improvement
5.2 Environmental Policy 2. Pollution prevention
3. Compliance with legal requirements

Evaluate products, activities and service;

Determine which have significant impacts
1. Ecological effects
2. Human health impacts
Environmental aspects 3. Catastrophic effects
6.1.2
4. Resource depletion
5. Scale, severity and duration of impacts
6. Probability of occurrence
7. Cost of changing
8. Other business effects
1. Identify requirements
2. Analyze impacts
6.1.3 Compliance obligation
3. Communicate to personnel
4. Acts applicable and maintain records
1. Documented information for objectives and
targets at relevant levels within the
organization … consistent with
environmental policy.
2. Establish a process for tracking and reporting
6.2 Environmental Objective progress
and planning
3. Action plan to meet objectives an targets
4. Include responsibilities, means and time
frames. Incorporate environmental concerns
Communicate, plan and track progress
internally
1. Roles for environmental management, and
communicated internally
2. Assessed resources needed
7.1 Resources
3. Determine and provide resources for
establishment, implementation, maintenance
and continual improvement of the EMS.
1. Determine and ensure competency of
person performing task and having
environmental implications
2. Provide competency based on training,
education, experience etc.
3. Identified training needs and Developed a
Awareness and
7.2 and 7.3 training plan
competency
4. Create awareness for environment policy,
contribution to effectiveness of EMS,
significant aspects and compliance
obligations
5. Provided training at all levels
6. Documented information for competency

1. Establish documented information for internal

and external communication
2. Responsibility for responding to external
7.4 Communication communication
3. Identified target audiences
4. Determined proper communication methods
for each audience.
1. Documented information on environmental
policy, organization, Objectives, Significant
Aspect, risk and other EMS elements.
2. Described where people could find
7.5.1 and documented information.
Documented information
7.5.2
3. Explained relationship among EMS elements
4. Create and update documents and have
system for document identification and
revision control
1. Establish system to control EMS documents.
2. Established responsibilities and authorities
for control
3. Available at place and distribution, access,
Control of Documented
7.5.3 retrieval and use
information
4. Change note and establish control for
changes
5. Determined their retention times and. Set up
a good storage and retrieval system
1. Establishing operating criteria for the process
2. Establish control for key operations/ activities
8.1 Operational control 3. Trained employees for these
4. Covered normal operations, abnormal
operations and emergencies
1. Review operations for potential emergency
situations
2. Plans and documented information to
Emergency preparedness manage the emergency
8.2 3. Trained personnel and equipment needed for
and response
these
4. Feedback loop to learn from these
5. Mock drills for emergency preparedness

1. Key process characteristics to be measured

2. Process to evaluate for risk and significant
Monitoring and aspects
9.1.1
measurement 3. Compare measured values against
objectives/ targets
4. Calibration of equipment
1. Establish, implement and maintain a system
and documented information for periodically
evaluating compliance with applicable legal
requirements.
9.1.2 Evaluation of Compliance
2. Keep records of the results of the periodic
evaluations.
3. Establish knowledge for compliance
obligation
1. Developed an audit program
2. Determined audit frequency
3. Selected and trained auditors and auditor
9.2 Internal audit independency
4. Conducted audits
5. Kept records of audits as documented
information
1. Process for periodic reviews of EMS
2. Documented information for the results of
9.3 Management review such reviews
3. Followed –up on action items to ensure
closure
1. documented information for investigation,
correcting system deficiencies
2. Process for assigning responsibilities to track
Non-conformance and the above
10.2
Corrective action 3. Set up a process to revise EMS documents
for above
4. Documented information for non conformity
and results of corrective action

Annexure – 2
Correspondence between ISO 14001:2015 and ISO 14001:2004

The objective of the comparison is to demonstrate that both systems can be used together for
those organizations that already have got certified under ISO 14001:2004 of these
International Standards and can easily update their system with revised ISO 14001:2015
standard.
Table Correspondence between ISO 14001:2015 and ISO 14001:2004
ISO 14001:2015 ISO 14001:2004

Clause Clause
Clause Title Clause Title
number number
Introduction 0 0 Introduction
Scope 1 1 Scope
Normative references 2 2 Normative references
Terms and definitions 3 3 Terms and definitions
Context of the organization (title only) 4
Environmental management system
4
requirements (title only)
Understanding the organization and
4.1
its context
Understanding the needs and
4.2
expectations of interested parties
Determining the scope of the
4.3 4.1 General requirements
environmental management system
Environmental management system 4.4 4.1 General requirements
Leadership (title only) 5
Leadership and commitment 5.1
Environmental policy 5.2 4.2 Environmental policy
Organizational roles, responsibilities Resources, roles, responsibility and
5.3 4.4.1
and authorities authority
Planning (title only) 6 4.3 Planning (title only)
Actions to address risks and
6.1
opportunities (title only)
General 6.1.1
Environmental aspects 6.1.2 4.3.1 Environmental aspects
Compliance obligations 6.1.3 4.3.2 Legal and other requirements

ISO 14001:2015 ISO 14001:2004

Clause Clause
number number
Planning action 6.1.4
Environmental objectives and
6.2
planning to achieve them (title only)
Environmental objectives 6.2.1 4.3.3 Objectives, targets and programme(s)
Planning actions to achieve
6.2.2
environmental objectives
Implementation and operation (title
Support (title only) 7 4.4
only)
Resources Resources, roles, responsibility and
7.1 4.4.1
authority
Competence 7.2
4.4.2 Competence, training and awareness
Awareness 7.3
Communication (title only) 7.4
General 7.4.1
4.4.3 Communication
Internal communication 7.4.2
External communication 7.4.3
Documented information (title only) 7.5
4.4.4 Documentation
General 7.5.1
4.4.5 Control of documents
Creating and updating 7.5.2
4.5.4 Control of records
4.4.5 Control of documents
Control of documented information 7.5.3
4.5.4 Control of records
Implementation and operation (title
Operation (title only) 8 4.4
only)
Operational planning and control 8.1 4.4.6 Operational control
Emergency preparedness and Emergency preparedness and
8.2 4.4.7
response response
Performance evaluation (title only) 9 4.5 Checking (title only)
Monitoring, Measurements, analysis
9.1
and evaluation (title only) 4.5.1 Monitoring and measurement
General 9.1.1
Evaluation of compliance 9.1.2 4.5.2 Evaluation of compliance
Internal Audit (title only) 9.2
General 9.2.1 4.5.5 Internal audit
Internal audit programme 9.2.2

ISO 14001:2015 ISO 14001:2004

Clause Clause
number number
Management review 9.3 4.6 Management review
Improvement (title only) 10
General 10.1
Nonconformity, corrective action and
Nonconformity and corrective action 10.2 4.5.3
preventive action
Continual improvement 10.3
Guidance on the use of this Guidance on the use of this
Annex A Annex A
International Standard International Standard
Correspondence between ISO
Annex B
14001:2004 and ISO 9001:2000
Bibliography Bibliography
Alphabetical index of terms Index

Chapter:4 Summery Of OH&S Management System Requirements
OH&S Management System Requirements
The details are described below for the OHSAS 18001:2007 elements and input as well as outputs for
the each element.For details of OHSAS 18001:2007 refer the standard. Below is a summary
of requirements of OHSAS18001.
1.0 OH&S Policy
a). Typical inputs
In establishing the OH&S policy, management should consider the following items:
 Policy and objectives relevant to the organization‟s business as a whole.
 OH&S hazards of the organization.
 Legal and other requirements.
 Historical and current OH&S performance by the organization.
 Needs of other interested parties.
 Opportunities and needs for continual improvement.
 Resources needed.
 Contributions of employees.
 Contributions of contractors and other external personnel.
b). Typical Outputs
A typical output is a comprehensive, understandable, OH&S policy that is communicated

throughout the organization.
2.0 Planning
2.1 Planning for Hazard Identification< Risk Assessment and Risk Control
a). Typical inputs
Typical inputs include the following items:
 OH&S legal and other requirements.

 OH&S policy.
 Records of incidents and accidents.
 Non-conformances.

 OH&S management system audit results.
 Communications from employees and other interested parties.
 Information from employees OH&S consultations, review and improvement activities
in the workplace (these activities can be either reactive or proactive in nature).
 Information on best practice, typical hazards related to the organization, incidents
and accidents having occurred in similar organization.
 Information on the facilities, processes and activities of the organization, including
the following:
- Details of change control procedures.
- Site plan(s).
- Process flow-charts.
- Inventory of hazardous materials (raw materials, chemicals, wastes, products,
sub-products).
- Toxicology and other OH&S data.

- Monitoring data.
- Workplace environmental data.
b). Typical Outputs
There should be documented procedure(s) for the following elements:
 Identification of hazards.
 Determination of the risks associated with the identified hazards.
 Indication of the level of the risks related to each hazard, and whether they are, or
are not, tolerable.
 Description of, or reference to, the measures to monitor and control the risks,
particularly risks that are not tolerable.
 Where appropriate, the OH&S objectives and actions to reduce identified risks and
any follow-up activities to monitor progress in their reduction.
 Identification of the competency and training requirements to implement the control
measures.
 Necessary control measures should be detailed as part of the operational control
elements of the system
 Records generated by each of the above-mentioned procedures.
2.2 Legal and other requirements
a). Typical inputs
Typical inputs include the following items

 Details of the organization‟s production or service realization processes.
 Hazard identification, risk assessment and risk control results.

 Best practices.
 Legal requirements / governmental regulations.
 Listing of information sources
 National, foreign, regional of international standards.
 Internal organizational requirements
 Requirements of interested parties
b). Typical Outputs
Typical outputs include the following items:
 Procedures for identifying and accessing information.

 Identification of which requirements apply and where [this can take the form of a
register(s).
 Requirements (actual text, summary or analysis, where appropriate), available in
locations, which are to be decided by the organization.
 Procedures for monitoring the implementation of controls consequent to new OH&S
legislation
2.3 Objectives
a). Typical inputs
 Policy and objectives relevant to the organization‟s business as a whole.

 OH&S policy, including the commitment to continual improvement.
 Results of hazard identification, risk assessment and risk control
 Technological options.
 Financial, operational and business requirements
 Views of employees and interested parties
 Information from employee OH&S consultations, reviews and improvement activities
in the workplace (these activities can be either reactive or proactive in nature)
 Analysis of performance against preciously established OH&S objectives.
 Past records of OH&S nonconformance, accidents, and property damage.
 Results of the management review.

b). Typical Outputs
Typical outputs include documented, measurable, OH&S objectives for each function in the
organization.
2.4 OH&S management programme(s)
a). Typical inputs
 OH&S policy and OH&S objectives.

 Reviews of legal and other requirements.
 Results of hazard identification risk assessment and risk control.
 Details of the organization‟s production or service realization processes.
 Information form employee OH&S consultation, review and improvement activities
 Reviews of opportunities available from new, or different, technological options.
 Continual improvement activities.
 Availability of resources needed to achieve the organization‟s OH&S objectives.
b). Typical Outputs
Typical outputs include defined, documented OH&S management programme(s).
3.0 Implementation and operation
3.1 Structure and Responsibilities
a). Typical inputs
Typical inputs included the following:
 Organizational structure / organ gram.

 OH&S objectives.
 Job descriptions.
 Listing of qualified personnel.

b). Typical Outputs
Typical outputs include the following
 Definitions of OH&S responsibilities and authorities for all relevant personnel.

 Documentation of roles / responsibilities in manuals / procedures / training
packages.
 Process for communication roles and responsibilities to all employees and other
relevant parties.
 Active management participation and support for OH&S, at all levels.
3.2 Training, awareness and competence
a). Typical inputs
 Definitions of roles and responsibilities.

 Job descriptions (including details of hazardous tasks to be performed).
 Employee performance appraisals.
 Procedures and operating instructions.
 OH&S programmes.
b). Typical Outputs
Typical outputs include the following items
 Competency requirements for individual roles.

 Analysis of training needs.
 Training programs/plans for individual employees.
 Range of training courses/products available for use within the organization.
 Training records, and records of evaluation of the effectiveness of training.

3.3 Consultation and communication
a). Typical inputs

 Relevant OH&S management system documentation.
 Hazard identification, risk assessment and risk control procedures.
 Definitions of OH&S roles and responsibilities.
 Results of formal employee OH&S consultation with management.
 Information form employee OH&S consultation, review and improvement activities
 Training programme details.
b). Typical Outputs
Typical outputs include the following.
 Formal management and employee consultations through OH&S councils and

similar bodies.
 Employee involvement in hazard identification, risk assessment and risk control.
 Initiatives to encourage employee OH&S consultations, review and improvement
activities in the workplace, and feedback to management on OH&S issues.
 Employee OH&S representatives with defined roles and communication
mechanisms with management, including, for example, involvement in accident and
incident investigations, site OH&S inspections etc.
 OH&S briefings for employees and other interested parties, e.g. contractors or
visitors.
 Notice boards containing OH&S performance data, and other pertinent OH&S
information.
 OH&S newsletter.
 OH&S poster programme.

3.4 Documentation
a). Typical inputs
 Details of the documentation and information systems the organization develops to

support its OH&S management system and OH&S activities, and to fulfil the
requirements of OHSAS 18001:1999.
 Responsibilities and authorities.
 Information on the local environments in which documentation or information is
used, and constraints that this can put on the physical nature of documentation, or
the use of electronic or other media.
b). Typical outputs
 OH&S management system documentation overview document or manual.

 Document registers, master lists or indexes.
 Procedures.
 Work instructions.
3.5 Document and data control
a). Typical inputs
 Details of the documentation and data systems the organization develops to support
its OH&S management system and OH&S activities, and to fulfil the requirements of
OHSAS 18001:1999.
 Details of responsibilities and authorities.
b). Typical Outputs
 Document control procedure, including assigned responsibilities and authorities.

 Documents registers, master list or indexes.
 List of controlled documentation and its location.

 Archive records (some of which can need to be held in accordance with legal or
other time requirements).
4.0 Operational control
a). Typical inputs

 Identified legal and other requirements.
b). Typical Outputs
 Procedures.
 Work instructions.
4.1 Emergency preparedness and response
a). Typical inputs

 Availability of local emergency services, and details of any emergency response or
consultation arrangements that have been agreed.
 Legal of other requirements.
 Experiences of previous accidents, incidents and emergency situations.
 Similar organizations‟ experiences form previous accidents, incidents and
emergency situations (lessons learned, best practices).
 Reviews of emergency and practice drills performed and the results of subsequent
actions.
b). Typical Outputs

 Documented emergency plans and procedures.
 Emergency equipment list.
 Test records for emergency equipment.
 Records of the following.
 Practice drills.
 Reviews of practice drills.
 Recommended actions arising from the reviews.
 Progress against the achievement of recommended actions.
4.2 Performance measurements and monitoring
a). Typical inputs

 Legislation requirements, regulations, best practices (if any).
 Procedure for dealing with non-conformances.
 Equipment test and calibration records (including those belonging to contractors)
 Training records (including those belonging to contractors).
 Management reports.
b). Typical Outputs
 Procedure(s) for monitoring and measuring.

 Inspection schedules and checklists.
 “Critical” equipment lists.
 Equipment inspection checklists.
 Workplace conditions standards and inspection checklists.
 Measuring equipment lists.
 Measurement procedures.
 Calibration scheme and calibration records.
 Maintenance activities and results.
 Completed checklists, inspection reports.
 Non-conformance reports.
 Evidence of the results of implementing such procedure(s).

4.3 Accidents, incidents, non-conformances and corrective and preventive
Action
a). Typical inputs
 Procedures (in general).

 Emergency plan.
 Hazard identification, risk assessment and risk control reports.
 OH&S management system audit reports, including non-conformance reports.
 Accident, incident and / or hazard reports.
 Maintenance and service reports.
b). Typical Outputs
 Accident and non-conformance procedure.

 Non-conformances register.
 Investigation reports.
 Updated hazard identification, risk assessment and risk control reports.
 Management review input.
 Evidence of evaluations of the effectiveness of corrective and preventive actions
taken.
4.5 Records and records management
a). Typical inputs
Records (used to demonstrate conformance to the requirements) that should kept

include the following items:
 Training records.
 OH&S inspection reports.
 OH&S management system audit reports.
 Consultation reports.
 Accident / Incident reports.
 Accident / Incident follow –up reports.
 OH&S meeting minutes.
 Medical test reports.
 Health surveillance reports.
 PPE issues and PPE maintenance records.
 Reports of emergency response drills,
 Management reviews.
 Hazard identifications, risk assessment and risk control records.
b). Typical Outputs:
 Procedure (for the identification, maintenance and disposition of OH&S records).

 Adequately stored and readily retrievable OH&S records.
5.0 Audit
a). Typical inputs:
 OH&S policy statement.

 OH&S objectives.
 OH&S procedures and work instructions.
 Legislation and best practices (if applicable).
 OH&S management system audit procedures.
 Competent, independent, internal / external auditor(s).
 Non-conformance procedure.
b). Typical Outputs
 OH&S management system audit plan / program.

 OH&S management system audit procedures.
 OH&S management system audit reports, including non-conformance reports,
recommendations and corrective action requests.
 Signed –off/closed-out non-conformance reports.
 Evidence of the reporting of the results of OH&S management system audits to
management.
6.0 Management review
a). Typical inputs
 Accident statistics.
 Results of internal and external OH&S management system audits.
 Corrective actions carried out to the system since the previous review.
 Reports of emergencies (actual or exercises).
 Reports from the management appointee on the overall performance of the system.
 Reports from individual line managers on the effectiveness of the system locally.
 Reports of hazard identification, risk assessment and risk control processes.
b). Typical Outputs
 Minutes of the review.

 Revision to the OH&S policy and OH&S objectives.
 Specific corrective actions for individual managers, with target dates for completion.
 Specific improvement actions, with assigned responsibilities and target dates for
completion.
 Date for review of corrective action.
 Areas of emphasis to be reflected in the planing of future internal OH&S
management system audits.

Chapter:5 ISO 9001 and ISO 14001- 2015 and OHSAS 18001 Internal Audit
1.0 Introduction:-
ISO 9001 and ISO 14001 and OHSAS 18001audit is one of the key management
tools for achieving the objectives set out in order to verify that the individual
elements within a ISO 9001 and ISO 14001 and OHSAS 18001system are
implemented effectively and suitable in achieving stated EQHSMS objectives. The
ISO 9001 and ISO 14001 and OHSAS 18001system audit also provides objective
evidence concerning the need for the reduction, elimination and most importantly,
prevention of non-conformities. The results of these audits can be used by
management for improving the performance of the organisation.
2.0 ISO 9001 and ISO 14001 and OHSAS 18001 Audit:-
As per ISO standards Audit is defined as - “A systematic and independent
examination to determine whether ISO 9001 and ISO 14001 and OHSAS
18001activities and related results comply with planned arrangements and whether
these arrangements are implemented effectively and are suitable to achieve the
objectives”.
The EQHSMS audit can be carried out by: -
a) Companies own staff or outside consultants called by the company, to give

confidence to the management that the system is properly implemented. (Called
internal or first party audit)
b) Customers who are or wish to enter into business with company or their
representatives (called second party audit), and
c) Independent accredited body, for certification (called third party audit)
3.0 Objectives of ISO 9001 and ISO 14001 and OHSAS 18001audit &
type of audit:-
Audits are normally designed for one or more of the following purposes -
a) To determine the conformity or non-conformity of the ISO 9001 and ISO 14001
and OHSAS 18001system elements with specified requirements.
b) To determine the effectiveness of the implemented ISO 9001 and ISO 14001
and OHSAS 18001system in meeting specified ISO 9001 and ISO 14001 and
OHSAS 18001objectives.
c) To verify that the ISO 9001 and ISO 14001 and OHSAS 18001system is working
as planned.
d) To afford an opportunity to improve the ISO 9001 and ISO 14001 and OHSAS
18001systems.
e) To meet regulatory requirements.
f) To afford and opportunity to improve the ISO 9001 and ISO 14001 and OHSAS
18001systems.
Types of audit: -
System Audits are divided into three categories:
1. First party audit :-
This is an audit, which is undertaken by an organisation on its own ISO 9001 and
ISO 14001 and OHSAS 18001system in order to assess if personnel are complying
with the company procedures and maintaining the appropriate records.
2. Second party audit :-
A second party audit is one, which is conducted on a company by the customer.

This is usually against the criteria of the contract and any supporting ISO 9001 and
ISO 14001 and OHSAS 18001 system standards. These could be customer derived
standards or international standards such as the ISO series.
3. Third party audit :-
A third party audit is one that is carried out by an independent organisation i.e. they
are not involved within the company or a representative of the customer.
Third party audits are carried out by accredited certification bodies such as KPMG,
BVQI, TUV, BSI, Lloyds Register of ISO 9001 and ISO 14001 and OHSAS 18001
Assurance, SGS, ICS, NQA, etc as part of the assessment of the ISO 9001 and ISO
14001 and OHSAS 18001 management system of an organisation prior to
registration.
Many people are confused by the difference use of the terms ‗audits‘ and
‗assessment‘ although these activities appear to be identical.
Vocabulary - International Terms defines an ‗EQHSMS audit‘ as:
―A systematic and independent examination to determine whether ISO 9001

and ISO 14001 and OHSAS 18001activities and related results comply with
planned arrangements and whether these arrangements are implemented
effectively and are suitable to achieve objectives‖.
The Term ‗assessment‘ has no such formal definition within ISO standard although
through industry custom and practice it is frequently used to describe the activities
carried out by a Certification Body when verifying an organisation‟s compliance with
an ISO 9001 and ISO 14001 and OHSAS 18001 management system standard
such as ISO: 9001;ISO;9001 and ISO 14001;OHSAS:18001 prior to initial
registration.

4.0 Internal ISO 9001 and ISO 14001 and OHSAS 18001 audit process:-
This is an audit carried out by a company on its own ISO 9001 and ISO 14001 and
OHSAS 18001 systems for the purpose of giving assurance to the management
that its ISO 9001 and ISO 14001 and OHSAS 18001 systems are effectively
achieving the planned ISO 9001 and ISO 14001 and OHSAS 18001 objectives.
The internal ISO 9001 and ISO 14001 and OHSAS 18001audits also known as self-
audit is a major component of the ISO 9001 and ISO 14001 and OHSAS
18001system. These audits can increase the confidence of management in its
production system & demonstrate to its personnel that the company is committed to
ISO 9001 and ISO 14001 and OHSAS 18001management.
Internal ISO 9001 and ISO 14001 and OHSAS 18001audits can be carried out by
the organisations own staff, provided they are independent of the systems being
audited or by outside consultants.
The steps involved in internal ISO 9001 and ISO 14001 and OHSAS 18001audits
are: -
(A) Audit Initiation.

(B) Audit Preparation.
(C) Audit Execution & Audit Report.
4.1 Audit initiation:-

4.1.1 Scope of audit: -
One should determine the scope of audit based on one's own needs & make the
final decision as to which ISO 9001 and ISO 14001 and OHSAS 18001 system
elements, departments & organisational activities are to be audited & within what
time frame. The particular department /section /activity to be audited should be
functional & not shutdown/discontinued during the period the audit is to be carried
out.
To decide whether or not an audit of any activity, department etc. is required

following points should be considered: -
(A) Audits should preferably be carried out when they are most effective, such as,
in the early or late stages of implementing the contract rather than in the mid
stream.
(B) Internal audits should be carried out also when there is a possibility of an
external audit such as by a certifying body, or by a customer or his
representative.
(C) Audit of a particular area becomes necessary also when there is customer
complaint relevant to the work of that area.
(D) Audit is needed also when the ISO 9001 and ISO 14001 and OHSAS 18001of
product is not meeting the specified requirements.
4.1.2 Frequency of audit:-
Factors to be considered for deciding audit frequency are: -
(A) Implementation phases of the ISO 9001 and ISO 14001 and OHSAS
18001system.
(B) The schedules as specified in the ISO 9001 and ISO 14001 and OHSAS
18001manual of the company.
(C) Significant changes in management, organisation, policy, techniques or
technologies that could affect the operating of the ISO 9001 and ISO 14001
and OHSAS 18001 system.
(D) Changes to the system itself.
(E) Results of recent previous audits.
(F) Status and importance of the activity / department.
In the interest, of efficiency & effectiveness of the audit & in the optimum use of
available resources, all these factors should be integrated into an audit schedule.
4.2 Preparation for audit:-

4.2.1 Audit planning:-
1. ISO 9001 and ISO 14001 and OHSAS 18001 Management Audit requires
systematic investigation of an organisation or department to determine
effectiveness of the ISO 9001 and ISO 14001 and OHSAS 18001 System
implemented. This investigation may only require, at times, examination of
selected aspects of the ISO 9001 and ISO 14001 and OHSAS 18001 System.
Obviously, this cannot be carried out effectively without adequate Audit
Planning, in advance.
2. Audit Planning, in third party audits, requires lot of preparation involving

following important activities.
(A) Examination of ISO 9001 and ISO 14001 and OHSAS 18001 Manual to
determine if all the aspects (ISO 9001 and ISO 14001 and OHSAS
18001elements) of standards are adequate addressed. Corrective actions are
warranted, if required, from the organisation.
(B) Prior to fixing audit programme, the lead auditor needs to make himself familiar
with the organisation & find out the audit time required depending on the
number of departments to be audited & number of people involved in
implementing the EQHSMS System. The lead auditor during such visit, prior to
actual audit, can also determine the preparedness of the organisation in
implementing the EQHSMS System.
(C) The lead Assessor during the pre-assessment visit can also ascertain logistic
requirements e.g. transport availability of office for the audit team during the
audit programme, protective wear required for the auditors, during audit etc.
(D) Prepare audit programme based on the pre-assessment visit.

(E) Prepare Assessment Checklist for audit.
3. Although many of the aspects do not apply in the case of internal EQHSMS
Audits still the Internal Auditors need to undertake activities before taking up
audits on the scheduled dates, fixed in advance.
4. Audit planning needs to be done keeping in view the Audit scope defined for the
purpose. This will vary in the following instances.
(A) For carrying out full assessment - all aspects of the standard for a
department; and / or
(B) For closing out non-conformances reported from previous audits.
In case of third party audits the requirements also vary when audits are carried out
for periodic surveillance of the organisation for continuing certification.
5. The requirement in the;ISO;9001 and ISO 14001;OHSAS:18001are same for

our organisation. In other words, irrespective of the product or service involved
the standard fixes criteria for assessing the EQHSMS Manual, Procedures &
other documents in the EQHSMS System can be examined with reference to
such criteria checklist. This can be extended while evaluating implementation
aspects. Following examples illustrate the point.
(A) ISO 9001 and ISO 14001 and OHSAS 18001 Policy needs to be examined for
following:
(I) Commitment to EQHSMS
(II) Understanding by people involved
(III) Actual implementation in the organisation
(B) Documents used in the ISO 9001 and ISO 14001 and OHSAS 18001system
require compliance to following:
(I) If these are approved prior to issue
(II) Are approving authorities identified
(III) Are current documents used
(IV) Are obsolete documents removed
(C) Control on sub-contractors involved in ISO 9001 and ISO 14001 and OHSAS
18001System need to be examined for following:
(I) Selection
(II) Records of acceptable sub-contractors
(III) Previous performance
(IV) Effective controls
6. ISO;9001 and ISO 14001;OHSAS:18001 standards prescribe criteria to address

the EQHSMS System requirements. However, an organisation can translate the
requirements in variety of ways. As such, each organisation has its own
methods of implementing these provisions in EQHSMS System. Since the

process of audit involves first determining adequacy of the documents with the
documents & the standards; the aspect of implementation is required to be seen
by referring to the documents rather than the standard alone. For this purpose.
Assessment Checklist is preferable. To illustrate the point consider the example
in para 5 (b)
The Assessment Checklist may look like following:
Department
Check Check for
Area
ISO 9001 and ISO  Availability.
14001 and  Current copy in use.
OHSAS 18001  Approving Authority
(I)
Manual,  Amendments Inspection
Procedures, carried out, approval Department
WIS, Forms for amendments.
( Documented
Information)
Specification, issued by  Availability.
Inspection
(II) standard for  Current copy in use.
Department
ex. IS: 2500  Understanding.
7. Checklists should be used for reference as Aids-Memoir but auditors should not
become their slaves. However, there is tendency to undermine importance of
checklists. Even experienced audits can overlook vital aspects, if they choose to
ignore checklists. Moreover, audit in such cases is done either on technical
expertise of the process or product of simply "through nose". Both of these
actions result in effective & inefficient audit.
4.2.2 Audit plan:-
The audit plan should be designed to be flexible in order to permit changes in

emphasis (on the basis of information gathered during the audit) & to permit
effective use of resources.
The plan should answer the following.
(A.) Which sections/departments of the companies are to be audited?

(B.) What activities will be audited?
(C.) Who is responsible for the audited activity?
(D.) Who are the team members responsible for carrying out the audit?
(E.) Date when the audit will be started?
(F.) What is the expected time duration for each major audit activity?
The Audit team leader in consolation with other auditors shall assign specific
elements or department/section to each auditor for audit.

Contents of Audit Plan

The audit plan may also cover the following, as appropriate:
 identification of the auditee‟s representative for the audit;
 the working and reporting language of the audit where this is different from the
language of the auditor or the auditee or both;
 the audit report topics;
 logistics and communications arrangements, including specific arrangements for
the locations to be audited;
 any specific measures to be taken to address the effect of uncertainty on
achieving the audit objectives;
 matters related to confidentiality and information security;
 any follow-up actions from a previous audit;
 any follow-up activities to the planned audit;
 coordination with other audit activities, in case of a joint audit.
4.2.3 Documents required:-
The following documents are needed to facilitate investigation by the auditors: -
(A) Check list/questionnaire for evaluation of ISO 9001 and ISO 14001 and
OHSAS 18001system elements. (A questionnaire with typical
examples for different functional areas for all the elements of ISO: ISO;9001
and ISO 14001; OHSAS system is given in this book).
(B) Forms for reporting audit observations
4.3 Audit execution and preparation of audit report: -

Audit execution shall be in following steps: -
(A) Initial meeting

(B) Data gathering & documentation
(C) Report of findings
(A) Initial meeting: -
Meeting with Management Representative & Chief executive before

commencing an audit is necessary if internal audit is performed by an outside
consultant. During this meeting the audit schedule is agreed & audited is
informed of the scope & nature of the proposed audit. If internal audit is done by
company's own staff then the meeting is not necessary.
(B) Data gathering & documentation: -
The data gathering is done through observation, interviews & study of

documents. Most information received document is checked against actual

operations by questioning & wherever possible by observations also. All these
Findings are documented before the finalisation, a meeting of the auditors is

held first with team leader & then jointly with departmental heads & Management
Representative to discuss on the findings. Then a report is made.
(C) Report of FINDING: -
An audit report is prepared by an auditor by filling the formats.
5.0 Audit Reporting & system effectiveness: -

5.1 General: -
The findings of an audit, carried out for a department or an organisation, need to be

documented & reported so that appropriate corrective actions are identified & taken
by the audited. Audit Reporting involves recording of following aspects.
(A) Compliance to ISO 9001 and ISO 14001 and OHSAS 18001System
requirements
(B) Non-conformance against ISO 9001 and ISO 14001 and OHSAS 18001System
requirements
(C) System effectiveness
In the internal Audits System Effectiveness is normally examined during the

Management Reviews. However, report on both compliance & Non-conformances
(if any) are still required. In the Third Party Audit all the three reports are necessary.
The System Effectiveness is summarised in the closing meeting by the Lead
Assessor.
5.2 Reporting on compliance: -
5.2.1 Compliance to the requirements of the EQHSMS System is established when

details of Audit Sample examined are documented. The details may include
following.
(A) Name of persons with whom discussion were held

(B) Place where this happened
(C) Reference to process/equipment/facility relevant to the audit sample
(D) Documents examined
(E) Records verified
(F) Details of audit trials to be followed subsequently
(G) Reference to clause of the standard
(H) Reference to relevant documents used or refereed in the ISO 9001 and ISO
14001 and OHSAS 18001 System
(I) Reference to the non-conformance report, as & when they are revealed.

5.2.2 There are distinct advantages in adopting the above practice. These are as
follows.
(A) The audit findings, consisting of only the non-conformance reports, are not
complete without report on compliance.
(B) The aspects included in the audit, as well as those overlooked or missed (due
to time constrain) can be verified. Accordingly, appropriate corrective
measures could be determined.
(C) The depth of auditing i.e. drawing representative samples can also be
revealed from the records.
(D) The effectiveness of the internal audit programme in following audit trials, can
be assessed. In case of the Third Party Audit, the effectiveness will apply to
the audit performed by Audit Team.
(E) The positive aspects recorded can help subsequent audit teams to be better
equipped with information on both strong & weak aspects of the area audited.
5.3 Reporting Non-conformances: -
5.3.1 Non-conformance reports help the auditee in identifying corrective actions. Non-
conformance Report reported during the audit may be examined in subsequent
reviews with the auditee. In the closing meeting also there may be occasion to clear
some of the non-conformances. Further, prior to registration, the Certification Body
may like to ascertain status against the outstanding Non-conformances. Similar
situation may arise during Surveillance Audit, carried out after registration.
It is therefore, important that a Non-conformance Report should not give rise to

any ambiguity nor should it be subject to mis-interpretation. A Non-conformance report as
such should be completed.
5.3.2 The following should be considered while raising Non-Conformance Reports:
(A) A Non-conformance is a condition adverse to EQHSMS.
(B) A Non-conformance arises when specified requirements are violated, indicated

in order of precedence, as follows:
 Conditions of contract (with Purchaser / client)
 EQHSMS Manual
 Procedures
 Work Instructions
 IMS standard requirements
(C) A Non-conformance may arise in any of the following situations:
a. Written procedure does not comply with requirements of ISO;9001 and ISO
14001;OHSAS:18001 standard.
b. Written procedures are not implemented as described in the procedures.

c. The practice is not effective i.e. required output is not achieved. This applied
even when written procedures / instructions are not required by the
standards.
(D) A Non-conformance report should include following aspects:

a. Exact observation of the facts
b. Where was it found
c. What was found
d. Why it is non-conformance
e. Who was there-indicate designation, avoid / personal identity.
f. Use local terminology.
g. Make it retrievable
h. Make it helpful (only in internal audit)
(E) A non-conformance should be carefully worded & should be crisp.
(F) Seriousness of a non-conformance should be judged on the basis of following:
a. What could go wrong if the non-conformance remains uncorrected?

b. What is the likelihood of such a thing going wrong?
(G) A non-conformance should be classified MAJOR in following situation:

a. A significant non-conformance with standard requirement.
b. A failure of complete system.
c. Lack of ISO 9001 and ISO 14001 and OHSAS 18001management system
requirement.
d. Significant number of minor non-conformances.
(H) A non-conformance should be classified MINOR in the following situation:

a. An isolated witnessed incident of failure to comply with a procedure or ISO
9001 and ISO 14001 and OHSAS 18001system Management requirement.
b. Minor problem are requiring attention.
5.3.3 The following shall be ensured while raising non-conformance reports:
(a) The Department / area where the non-conformance is noticed shall be made
aware about the fact by the auditor before leaving the area.
(b) While it is preferable to raise a non-conformance report, on the spot, the
choice is left to the auditor.
5.4 System effectiveness: -
The System Effectiveness is reported to convey informed judgement of the Lead

Assessor in the Third Party Audit. As a minimum, the following need to be
considered while reporting System Effectiveness.

(A) To what extent has the documented ISO 9001 and ISO 14001 and OHSAS
18001 System addresses the requirements of the standard.
(B) To what extent has the documented system been put into practice?
(C) To what extent is the system in practice effective?
(D) Do the non-conformances raised indicate a particular areas(s) of the
supplier's organisation is (are) weak?
(E) Do the non-conformances raised indicate a particular management system(s)
requirements(s) is (are) weak?
(F) The area where greatest risk & least assurance lie in the ISO 9001 and ISO
14001 and OHSAS 18001 System implemented by the supplier.
(G) Kinds of failures found & there relative frequency.
5.4.1 In trying to address the above aspects, the nature of non-conformances raised
along with the report on compliance will provide sufficient inputs for forming an
informed judgement on the system effectiveness.
5.4.2 The aspects mentioned below will provide additional inputs:
1. Frequent avoidable changes in documents

2. Avoidable rejects, concessions
3. Frequent customer complaints
4. Status on corrective actions & Management Review, reflecting on management
commitment.
5. Authority of Management Representative.
6.0 Auditing techniques: -

Auditing is performed based on random samples of product / processes or activities
/ records picked up for verification & investigated for compliance / conformance in
any of these methods.
 Trace forward
 Trace back
 Random checking
Trace forward: -
In the trace forward method, for a full audit, the auditor starts auditing within
production, purchase or sales, selects the product or order(s) of interest & follows it
(or them) through the various departments & audits associated with the phases of
the contract through to the despatch / shipping department (or whatever the
department from which the product is handed over the customer is called). In the
service industry, an example might be in auditing a hotel's ISO 9001 and ISO 14001
and OHSAS 18001management systems by following the path encountered by
a guest from reservations, portage & reception through to checkout & departure.

Trace back: -
This method works in the opposite direction to the trace forward method. For a full
audit, the auditor retraces the steps involved in completing the chosen contract right
back to the sales department. Trace back is particularly useful when auditing
services: in the case of a fast food store, for example, the auditor might start at the
point of consumption, work back through point of sale, food preparation & back
towards, say receipt of foodstuffs in the store. Thus the delivered product & service
results are seen first & their "genealogy" established: any illegitimate can then be
readily identified & banished from the family!
Random DEPARTMENT: -
Here, the auditor visits all the departments or units that are of interest in whatever
order he chooses. With this approach, the auditor has to be especially careful not to
miss a unit or department that is of interest.
Trace forward & trace back audit methods.
TRACE FORWARD
------------------------------->
Sales --> Design --> Procure -->
Manufacturer / make --> Inspect / test -->
Pack & despatch --> Delivery to customer -->
After sales service / warranty
<---------------------------------
TRACE BACK
7.0 The auditors conduct: -

Some of traits an auditor is supposed to have given below. The list is exhaustive
but not final. An auditor needs lot of common sense in addition to the conducts
listed here.
1. Look the part - Dressing smart.

2. Be calm & courteous.
3. Be punctual.
4. Be precise.
5. Be Prepared.
6. Do time management.
7. Have sense of proportion - Neglect Human Errors.
8. Be honest.
9. Be human.

10. Be decisive, determined & direct.

11. Get on the job.
12. Be fair.
13. Be independent & not guided or controlled by Auditee.
14. Use your power of deduction & inferences.
15. Know who's who for effective & proper communication.
16. Be sure from all corners - sufficient evidence.
17. Discuss problems on the spot.
18. Be aware of union relationship for smooth conduct of audit.
19. Meet daily in audit team conference for cross verification & progress control.
20. Dispense with unnecessary escorts to be effective.
21. Record Non-conforms / Non-compliances & Evidences; summaries daily.
22. Good Guy - Bad Guy approach (two auditor team) one for the task & other for
mild approach.
23. Key trait - Be a good listener.
8.0 The Auditees conduct: -

An auditor need to be vigilant & guarding him & against the tactics of auditee which
they use quite often in order to hide the weakness & prove power the auditors. An
inventory of auditee traits are listed below:
1. Time wasters
2. The coock's tour
3. Provocation‟s
4. Fixed ballot or loaded dice
5. The special case logic
6. The trial of strength by argument on competence
7. Insincerity - Kill him with kindness
8. Please for pity
9. The absentee
10. Amnesia - Let auditor forget it
11. Language barrier
12. The bribe
13. The right tactics
14. Desperation
In the process of audit the auditor has to interview various level of personnel in an
organisation for getting the factual information. One gets information only when he
listens. Therefore besides being a good interviewer an auditor has to be good
listener first. The following types of questions are normally used while interviewing
people.

 Unit concept: WHAT /WHY /WHEN /WHERE /HOW / WHO&SHOW ME.

A set of questions, which can be used in the given sequence as a unit followed
by a crunch question "Show me".
 Hypothetical question:
 Let us say?
 Suppose?
 If this not happen then? - Silent questions: Body language, silence
 Dumb question - Obvious one
 Inverse question: I am not sure, are you sure?
 Comparison question: comparing different situations or statements.
 Open ended / close ended / lead questions
 Begin with open-ended questions. While further investigating use mix open
ended lead questions & close the audit with a lead question. The key is that
being every question with prefix "are you please ....... / irrespective of the level of
auditee,
9.0 The success of an audit program is typically dependent on the

following: -
 A comprehensive audit plan needs a total understanding of the ISO 9001 and
ISO 14001 and OHSAS 18001system requirements and team effort.
 A detailed documented set of procedures and instructions everyone must know,
understand and follow uniform procedures.
 Qualified auditors require extensive audit training.
 Thorough and unbiased reports: requires qualified personnel, commitment,
training and independence of operability.
 Documentation and communication: require an effective documentation system
and reporting of deficiencies within and across all activities.
 Timely and effective corrective action: requires management commitment,
resources, authority and total co-operation.
 System elements checklist ensures that everything, which required doing, has
been done.
10.0 Assessment process: -
10.1 Preliminary assessments: -

Most accredited Certification Bodies, at the invitation of customers, will conduct
preliminary assessments prior to the formal assessment for the purpose of
examining and reporting on the existing ISO 9001 and ISO 14001 and OHSAS

18001systems. As a preliminary assessment must be conduct against a limited

timescale, due to economic considerations, the assessor will normally concentrate
on the general interpretation / implementation of the standard against a previously
defined and agreed assessment scope rather than detailed compliance to
documented procedures.
The assessment findings are reported against each specific requirement of the
relevant standard, i.e. Management Responsibility, ISO 9001 and ISO 14001 and
OHSAS 18001System, Contract Review, etc.
Where limitations on time prevented a particular system element or company

department form being reviewed or where there is no adverse finding to record the
report should always include a statement to that effect.
E.g. „The restricted sampling examination did not reveal any significant area of non-
compliance against this section of the standard.‟ or
„The time available did not permit review of this system element to be undertaken.‟
10.2 Stages in obtaining registration: -

10.2.1 Opening Meeting (30 Mins)
a) Introduction of Team
b) Describe assessment purpose and procedure
c) Confirm office accommodation
d) Check industrial relations
e) Timescales
f) Breaks
g) Reviews
h) Confirm assessment schedule
i) Answer any questions
Conducting the opening meeting
The purpose of the opening meeting is to:

a) confirm the agreement of all parties (e.g. auditee, audit team) to the audit plan;
b) introduce the audit team; ensure that all planned audit activities can be
performed
List of points to be discussed in the opening meeting:
 introduction of the participants, including observers and guides, and an outline of

their roles;
 confirmation of the audit objectives, scope and criteria;
 confirmation of the audit plan and other relevant arrangements with the auditee,
such as the date and time for the closing meeting, any interim meetings
 presentation of the methods to be used to conduct the audit,

 introduction of the methods to manage risks to the organization which may result
from the presence of the audit team members;
 confirmation of formal communication channels between the audit team and the
auditee;
 confirmation of the language to be used during the audit;
 confirmation that, during the audit, the auditee will be kept informed of audit
progress;
 confirmation that the resources and facilities needed by the audit team are
available;
 confirmation of matters relating to confidentiality and information security;
 confirmation of relevant health and safety, emergency and security procedures
for the audit team;
 information on the method of reporting audit findings including grading, if any;
 information about conditions under which the audit may be terminated;
 information about the closing meeting;
 information about how to deal with possible findings during the audit;
 Information about any system for feedback from the auditee on the findings or
conclusions of the audit, including complaints or appeals.
10.2.2 Interviews: -
A Conversation with a Purpose
Key elements:-
 It is planned meeting between 2 or more persons

 It is held for a specific purpose
 It is under the control of the Interviewer
 The Interviewer asks the questions
 The Interviewee‟s role is to answer the questions
 It must be seen as a Win-Win situation
DON‘T LISTEN TO WHAT I SAY

LISTEN TO WHAT I MEAN
10.2.3 Daily ‗Wash-up‘ meetings (15 Mins)
 To be held with company ISO 9001 and ISO 14001 and OHSAS 18001 Co-
ordinator
 Review discrepancies
 Monitor relations between assessors and company staff
 Resolve queries
 Monitor progress
 Agree Timescales for corrective action
10.2.4 Closing meeting (0.5 hours)
 Thanks for hospitality

 Disclaimer
 Team members present findings
 Team Leader sums up
 Announcement of result
 Copies of discrepancies given to company
 Confirm corrective action dates
 Conclusion and comments from both sides
Contents of closing meeting

As appropriate, the following should be explained in the closing meeting:
 advising that the audit evidence collected was based on a sample of the
information available;
 the method of reporting;
 the process of handling of audit findings and possible consequences;
 presentation of the audit findings and conclusions in such a manner that they are
understood and acknowledged by the management;
 any related post-audit activities (e.g. implementation of corrective actions, audit
complaint handling).
11.0 Non-compliance reports & categorisation: -

Introduction: -
The writing of non-compliance notes is one of the essential skills, which an

assessor/auditor must develop.
Every organisation responsible for carrying out audits and assessments will have
their own specific procedures and pro-formats.
Report Writing: -
The first thing that must be considered is who is actually going to read the report
and what action will they be required to take as a result.
In order to take action it is essential that all who need to read the report and what
action wills they be required to take as a result.
In order to take action it is essential that all who need to read such a report can

understand the problem it refers to.
The company‟s management representative and the management of the

department concerned are obvious choices as they will most likely be the people
who have to take the corrective action.
The lead assessor will normally also discuss each individual non-compliance report
with these people at the daily review meetings. Hence any clarification required can
be dealt with verbally.
However, there are also a number of other people who will read the report but may
not be in a position to receive verbal clarification from the lead assessor.
Therefore it is essential that the lead assessor ensure every non-compliance report
raised by the team is both factual and explicit in order to meet the possible needs of
the following:
The company‟s CEO and executive management
The lead assessor‟s own CEO and executive management
Colleagues who may have to verify that effective corrective actions have been
taken
Assessors from an Accreditation Body who are monitoring the assessment.
Assessors should avoid expressing their personal opinions and above all avoid
appearing petty or pedantic.
You and your organisation will be judged by the written reports long after the
assessment has been completed and the team has left the site.
Wherever possible try to use the actual words or phrases of the standard or the
companies own procedures to maintain objectivity, e.g.
“The company were unable to demonstrate that in-house calibration of measuring

and test equipment has been carried out against certified equipment having a
known valid relationship to nationally recognised standards”.
Avoid generalities; always state sufficient objective evidence to indicate the scope
of the problem, e.g. “From a random selection of 30 purchases orders raised on 10
sub-contractors over the past 6 months it was noted that 7 had been issued without
any evidence of prior review and approval by the company‟s General Manager as
required by the company‟s procedure Pur/016 Iss.3”.
11.1 Categorisation: -
The policy for categorisation or grading of those recorded of those recorded
instances where the assessment team have discovered objective evidence that a
company has failed to fully meet the state requirements of the chosen standard, will
be laid down in the operational procedures for the Certification Body or Assessment
Organisation to which the assessment team reports. Two types of categories are in
use in the U.K. & British based certifying body as described below:
Type: 1
Hold point
Defined as “A non-compliance finding which is indicative of a system deficiency that

may hazard or put at risk product EQHSMS and must be rectified before
approval is considered”
The issue of hold point non-compliance may result from a single major system
deficiency or lack of procedures. Additionally a series of minor deficiencies
indicating an overall system weakness or general lack of control in application of a
documented procedure would constitute a hold point situation.
(i) No evidence that follow-up action has been taken to rectify system
deficiencies reported during internal auditing.
(ii) Several instances noted of informal and unapproved changes to work
instructions.
(iii) A significant percentage of the measuring instruments outside valid calibration
status.
(iv) A failure to establish documented procedures for Contract or Design reviews.
On-going improvement
Defined as “A non-compliance finding which is indicative of a system deficiency but

poses no immediate hazard to product EQHSMS, and must be rectified within a
defined time limit”.
The grading of an „on-going improvement‟ may be declared when the relevant part
of a conforming system has been established and implemented, and evidence
found that it is working, but either there is a need for a minor improvement, or cases
have been found of a random nature, indicating a lack of discipline in application of
a documented procedure. However, such non-compliances should not be issued
where a procedure has been recently introduced and where further evidence of
satisfactory operation is required. Such cases, unless very unimportant, would be
hold items.
(i) A number of agreed corrective actions resulting from internal audit reports still
outstanding.
(ii) A drawing in use found to be marked up with unauthorised changes to design
tolerances.
(iii) A micrometer in use found to be just overdue for calibration.
(iv) A failure to keep records of contract or design reviews on one project only.

Type: 2
Major discrepancy
Defined as “The absence of a required procedure or the total breakdown of a

procedure”.
A number of minor discrepancies listed against the same requirement can

represent a total breakdown of a system and thus be considered a major
discrepancy.
Minor discrepancy
Defined as “A single observed lapse in a procedure”.
Note: -
Registration cannot be considered until such time as corrective

action has been taken in respect of all reported Major
Discrepancies. However, Minor Discrepancies would not prevent
registration from proceeding and would be followed up for
effective corrective action at the next surveillance visit.
12.0 Summary for developing internal audit system: -
 Define the purpose and scope of the audit.

 Establish goals and objectives.
 Appoint a team leader given responsibility and authority to take action.
 Establish an audit team if required.
 Establish an overall planning framework for the audit system.
 Define the parameters and boundaries of each activity to be audited.
 Develop implementation plans.
 Develop and document audit plans, procedures and instructions.
 Identify resources and personnel.
 Establish priorities, action plans and carry out the audits.
 Document the audit findings.
 Bring the audit results to the attention of the personnel having
responsibility in the audited area.
 Take corrective / preventive action on the deficiencies identified by the
audit.
 Assess the effectiveness of corrective action.
 Assess the effectiveness of the ISO 9001 and ISO 14001 and OHSAS
18001system and action taken by auditee.
 Identify opportunities and initiatives for improvement.

Annexure - I
Hints for an Auditor (Assessors)

The exhaustive list of Auditors trait is given in chapter 7.0. For ready reference to
Auditors When ISO 9001 and ISO 14001 and OHSAS 18001auditing, the following
tips have proven useful.
1. To make weaknesses become more apparent, compare the written word with
what happens in practice.
2. Avoid spending time on looking at novel processes; management of time is most

important.
3. Ask people to describe their jobs only after first ascertaining that they know why
you are there.
4. Listen carefully & ask one question at a time.
5. Avoid critical comments.
6. Never attempt to write non-compliance notes while you are in the middle of an
investigation, good report writing needs careful thought & time.
7. Draft the non-compliance using as far as possible, phrases from the system
standards.
8. Remember the purpose of an assessment or audit is to establish "Objective

Evidence", it must never become an adverse situation.
9. Assess quietly against the applicable standards in a polite & professional

manner with a view to help achieve the required standard.
10. Don't give a feeling of cross-examining & don't ask leading or loaded or
opinionated questions. Use such questioning techniques, which will require
thinking & explaining in reply rather than simple yes or no.
11. If answers given are unsatisfactory pursue your investigation until you have
established factual evidence in order to clarify the situation, but watch your time.

Annexure - II
Qualities, Which an Auditor Should Possess
1. Wise & alert with the ability to adapt to different people & situations.
2. An appropriate industrial experience especially in all departments of companies

& be conversant with laboratory techniques.
3. The ability to question people to ascertain the facts (without offending them) &
also to listen to them.
4. An ISO 9001 and ISO 14001 and OHSAS 18001of perseverance.
5. Knowledge of ISO 9001 and ISO 14001 and OHSAS 18001systems standards &
of assessment & audit techniques.
6. An analytical brain.
7. Sensitive to feelings, attitudes & motives so as to understand what people mean

when they say something.
8. Not expressing opinions during audits.
9. Ability to discuss without arguing.
10. Adequate skills in dealing with people at all levels.

Annexure - III
Guidelines to the guides during an external audit

When the auditors of certifying body or of the customer visit the companies for
auditing the ISO 9001 and ISO 14001 and OHSAS 18001system, the companies
should provide guides to help them during audit. Their duty is also to clarify doubts
raised by the members of auditing team.
Following are some of the tips to be kept in mind by the guides before & during the
audit: -
Guidelines for guides: -
Check list for guides: -
(A) Have a final check of your area just before the Assessor‟s arrival.
(B) Know your departmental procedures.
(C) Know the Assessment Programme.
(D) Know your Assessor.
(E) Be punctual.
(F) Be factual.
(G) Do not argue with or hustle the Assessor.
(H) Keep the Assessment Co-ordinator and line management fully briefed.
Final area check: -

(A) All absolute documents are removed.
(B) All unidentified materials & components are disposed
(C) Calibration status is maintained on all equipments.
(D) Proper identification marks are present on intermediate & final products.
(E) Record files are maintained up-to-date & are easily traceable.
(F) Work instructions, ISO 9001 and ISO 14001 and OHSAS 18001samples, etc.
are at proper places at all workstations.
(G) Inspection status of the products are clearly identified
(H) Make sure that objective evidence is readily available of compliance with
standard procedures.
(I) Copy of assessment programme is received by him & he has identified the
designated areas & time of escorting.
(J) He should ensure that all the key members of the relevant department would be
available during the audit, when required.
(K) He is punctual during the audit for all appointments & the external auditor is
introduced to the senior departmental personnel.
(L) He should not supply non-compliances to the auditors.
(M) If question asked by the auditor is not within employee's job knowledge, the
auditor is tactfully advised of the fact.
Moreover, the guide should know the work of each employee of the department to
whom he is escorting the auditor. He should answer the auditor's questions briefly,
courteously & truthfully. He should not argue with the auditor or allow self to be
provoked.
Annexure - IV
Most common non-conformances

The most common non-conformances are written below as a ready reckons for you to
check before assessment audit.
 Absence of Training Records for ISO 9001 and ISO 14001 and OHSAS
18001system.
 Uncontrolled documents on the manufacturing floor.
 Procedure does not reflect the reality and vice versa.
 Few departments aspect-impact is not identified
 No control on significant aspects
 No revision number on drawings / procedures.
 Non-calibrated equipment in the area.
 Storage area not identified.
 Preventive Maintenance overdue.
 Incorrect storage methods.
 Employees unaware of Policy and Procedures.
 Ship to Stock listing not updated regularly.
 Unauthorised Purchase Orders / Procedures / Policies.
 No reject tags on defective material.
 Safety housekeeping / handling instructions not followed.
 Operator.
 New Product Introduction process does not reflect the reality.
 Vendor rating not carried out regularly.
 No evidence of Vendor Survey Results meeting being held.
 Internal audits not carried out regularly.
 Corrective action report not issued / updated regularly.
 Written Instructions inadequate.
 Failure to follow instructions.
 Unauthorized document changes.
 Obsolete documents not removed from point of use / issue.
 Ineffective corrective and preventive actions.
 Uncelebrated equipment in use.
 No investigation of accidents and environmental incidents
 Risk and opportunity is not identified and actions not taken as well as not
discussed in management review meeting
 On an average product in storage.
 Repair operation not effective.
 Reworked product still wrong.
 No labelling of status after calibration.
 Aspect-impact and hazard risk for few areas not identified for example canteen,
scrap yard etc.
 Annexure

Annexure - V
Performing audit activities
Initiating the audit
Establishing initial contact with the auditee

Determining the feasibility of the audit
Preparing audit activities

Performing document review in preparation for the audit
Preparing the audit plan
Assigning work to the audit team
Preparing work documents
Conducting the audit activities

Conducting the opening meeting
Performing document review while conducting the audit
Communicating during the audit
Assigning roles and responsibilities of guides and observers
Collecting and verifying information
Generating audit findings
Preparing audit conclusions
Conducting the closing meeting
Preparing and distributing the audit report

Preparing the audit report
Distributing the audit report
Completing the audit
Conducting audit follow-up

Chapter: 6 Principals of Quality Management System-ISO 9001-2015
Principals of Quality management system as per ISO 9001-2015
This standard is based on seven universally accepted Quality management principles and
given in the ISO 9001 2015, which is synthesis of the philosophy of quality gurus. These 7
quality management principles have been defined in ISO 9001:2015, which serves as the
framework of new set of standards on quality management system. The principles were
developed and updated by international experts of ISO/TC 176, which is responsible for
developing and maintaining the ISO 9000 series on quality management standards. In the
revised draft standard the details provides a “statement” describing each principle and a
“rationale” explaining why an organization should address the principle
1. Customer focuses
2. Leadership
3. Engagement of people
4. Process Approach
5. Improvement
6. Evidence based decision making
7. Relationship Management
Principle 1 – Customer focus
Organizations depend on their customers and therefore should understand current and future
customer needs, should meet customer requirements and strive to exceed customer
expectations.
 Key benefits:
 Increased revenue and market share obtained through flexible and fast responses to
market opportunities.
 Increased effectiveness in the use of the organization's resources to enhance
customer satisfaction.
 Improved customer loyalty leading to repeat business.
 Application of this principle involves:
 Application of this principle involves :

 Primary focus to meet customer requirements and strive to exceed expectations
 Sustained success to attract & retain confidence of customer & interested parties
 Customer interaction provides opportunity to create value
 Understand current & future needs for sustained success
 Ensuring that the objectives of the organization are linked to customer needs and
expectations.
 Measuring customer satisfaction and acting on the results

Principle 2 – Leadership
Leaders establish unity of purpose and direction of the organization. They should create and
maintain the internal environment in which people can become fully involved in achieving the
organization's objectives.
 Key benefits:
 People will understand and be motivated towards the organization's goals and
objectives.
 Activities are evaluated, aligned and implemented in a unified way.
 Miscommunication between levels of an organization will be minimized.
 Establish purpose and direction. Create conditions (environment) to achieve quality

objectives
 Align strategies, policies, processes & resources to achieve objectives
 Considering the needs of all interested parties including customers, owners,
employees, suppliers, financiers, local communities and society as a whole.
 Establishing a clear vision of the organization‟s future. Setting challenging goals and
targets.
 Creating and sustaining shared values, fairness and ethical role models at all levels of
the organization. Establishing trust and eliminating fear.
 Providing people with the required resources, training and freedom to act with
responsibility and accountability.
Principle 3 – Engagement of people
People at all levels are the essence of an organization and their full involvement enables their
abilities to be used for the organization's benefit.
 Key benefits:
 Motivated, committed and involved people within the organization.

 Innovation and creativity in furthering the organization's objectives.
 People being accountable for their own performance.
 People eager to participate in and contribute to continual improvement.
 Essential that people are competent, empowered and engaged in delivering value and
enhance organization capability to create value
 Involve all people at all levels
 Recognition, empowerment & enhancement of skills to achieve organization objectives
 Inspiring, encouraging and recognizing people‟s contributions
 People understanding the importance of their contribution and role in the organization.

 People accepting ownership of processes and problems and their responsibility for
solving them.
 People freely sharing knowledge and experience.
 People openly discussing problems and issues.
.
Principle 4 – Process approach
A desired result is achieved more efficiently when activities and related resources are
managed as a process.
 Key benefits:
 Lower costs and shorter cycle times through effective use of resources.
 Improved, consistent and predictable results.
 Focused and prioritized improvement opportunities.
 Systematically defining the activities necessary to obtain a desired result.

 Consistent & predictable results when activity managed as interrelated processes
 Understanding how results are produced including all processes, resources, controls to
optimize performance
 Identifying the interfaces of key activities within and between the functions of the
organization.
 Focusing on the factors - such as resources, methods, and materials - that will improve
key activities of the organization.
 Evaluating risks, consequences and impacts of activities on customers, suppliers and
other interested parties.
Principle 5 – Improvement
Improvement of the organization's overall performance should be a permanent objective of the

organization. The word continual improvement is removed and now focus is on improvement
 Key benefits:
 Performance advantage through improved organizational capabilities.

 Alignment of improvement activities at all levels to an organization's strategic intent.
 Flexibility to react quickly to opportunities.
 On-going focus on improvement
 Improvement essential to maintain current levels of performance and react to internal &
external changes and opportunities
 Making improvement in products, processes and systems is an objective for every
individual in the organization.

 Establishing goals to guide, and measures to track improvement.
Principle 6 – Evidence based (Factual approach) decision making
Effective decisions are based on the analysis of data and information
 Key benefits:
 Informed decisions.
 An increased ability to demonstrate the effectiveness of past decisions through
reference to factual records.
 Increased ability to review, challenge and change opinions and decisions.
 Decisions based on analysis and evaluation of data are more likely to produce desired
results
 Facts, evidence & data analysis and interpretation leads to greater objectivity and
confidence in decisions
 Ensuring that data and information are sufficiently accurate and reliable.
 Making data accessible to those who need it.
 Analyzing data and information using valid methods.
 Making decisions and taking action based on actual analysis
Principle 7 – Mutually beneficial supplier relationships
An organization and its interested parties are interdependent and a mutually beneficial
relationship enhances the ability of both to create value.
 Key benefits:
 Increased ability to create value for both parties.

 Flexibility and speed of joint responses to changing market or customer needs and
expectations.
 Optimization of costs and resources.
 For sustained success, Organization manage their relationships with interested parties
like suppliers
 Interested parties influence organization performance
 Establishing relationships that balance short-term gains with long-term considerations.
 Pooling of expertise and resources with suppliers and interested parties.
 Inspiring, encouraging

Annexure-1
Seven Principles of ISO/DIS 9001:2015
Sr.
Principles ISO 9001: 2015 Approach
No.
Principle – 1 Meet customer needs and expectations determine levels of

1. customer satisfaction / dissatisfaction. Strive to exceed
Customer focus customer expectations
Principle – 2 Establish unit y of purpose and engage people in achieving

2.
Leadership quality objectives
Principle – 3 Focus on competency empowered and engaged people in

3. delivering value. Identify and manage human factors of the
Engagement of people work place.
Principle – 4
Systematically identify and manage the process employed.
4. Process approach Understand activities and manage it as interrelated processes
to get consistent predicted results
Principle – 5
5. Make ongoing focus on improvement
Improvement
Principle – 6
Decisions are based on analysis and evaluation of data and
6. Evidence Based Decision information to get desired results
Making
Principle – 7 Manage relationship with interested parties for sustained

7.
Relationship Management success

Chapter:7 ISO 9001 and 14001 and OHSAS 18001 EQHSMS audit records
1. Collecting and Verifying Information

During the audit information relevant to the audit objectives, scope and criteria,
including information relating to interfaces between functions, activities and processes,
should be collected by appropriate sampling and should be verified. Only information
that is verifiable may be audit evidence. Audit evidence should be recorded. The audit
evidence is based on samples of the available information. There for there is a element
of uncertainty in auditing and those acting upon the audit conclusions should be aware
of this uncertainty.
The following figure provide an overview of the process, from collecting information to
reaching audit conclusions
Collecting
Source of by Evaluating Reviewing Audit
Information Sampling against Audit Conclusion
and Criteria Findings
Verifying
2. Audit reporting
2.1 Audit Records

.
Records should include the following:
a) Records related to the audit programme, such as:
 documented audit programme objectives and extent;
 those addressing audit programme risks;
 reviews of the audit programme effectiveness;
b) Records related to each individual audit, such as:
 audit plans and audit reports;
 nonconformity reports;
 corrective and preventive action reports;
 audit follow-up reports, if applicable;
c) Records related to audit personnel covering topics such as:
 competence and performance evaluation of the audit team members;
 selection of audit teams and team members;
 maintenance and improvement of competence.
The form and level of detail of the records should demonstrate that the objectives of the
audit programme have been achieved.

2.2 Team Meetings
At a daily meeting (or before the summery report is compiled) the auditors discuss their
detailed observations with the audit team leader to determine if non – compliances
exist and if applicable, are categorized.
When the audit team leader is satisfied with the evidence presented him / she in turn
may discus any non – compliances with the audited representative to seek agreement
that they exist. This is not to suggest a „bargaining‟ situation, but one in witch the
audited is given an opportunity to discuss the non – compliances and allow the
production of any evidence to demonstrate that three is no deviation from the
requirements.
Equally, the opportunity to discuss and recognize a non – compliance may enable the
audited to initiate corrective action.
In either event, the non – compliance is still recorded but the fact that corrective action
has been taken it noted in the audit report.
It should be noted that non – compliances are owned by the auditee and not the
auditor.
2.3 Non – Compliance Categorization
It is common practice to classify non – compliances into categories. This subject is

dealt with in Section 12.
Categorization of non – compliances is normally decided through discussion between

the team leader and the auditors rather than applying a category at the time of the
incident. Categorization is not an end in itself but an aid to assist the team leader to
assess the severity of the non – compliance and form a reasoned judgment on the
auditee‟s ISO 9001 and ISO 14001 and OHSAS 18001 arrangements.
2.4 Non – Compliances
Reporting non – compliances is the method used to indicate to an organisation during

an audit that there is a deviation to the laid down ISO 9001 and ISO 14001 and OHSAS
18001requirements and the applicable legislative requirements.
A non – compliance is a non – fulfillment of specified requirements (GMP, SSOP,

EQHSMS, Quality, Environment).
Non – compliances arise from observations made during an audit.
An observation is a statement of fact recorded on the checklist . The audit team will
then review all of their observations to determine which of them are to be reported as
non – compliances. The audit team shall ensure that non – compliances are
documented in a clear, concise manner and are supported by objective evidence.

2.5 Non – Compliance Categorization
All non – compliances have to be dealt with regardless of how important an impact they
may on the established system. It is common practice to categories non – compliances
to enable the overall effectiveness of a EQHSMS management system and the urgency
of corrective action to be assessed.
There is no defined standard for categorization of NCR‟s, so if categorization is to be

applied the methods are required to be defined by the auditing organisation and made
clear to the audited at the start of the audit.
Categorization of NCR should be based on deviation to the ISO 9001, ISO 14001 AND
OHSAS 18001 / legislation and impact on product / process and its risk. Observations
need to support the grading with sufficient justification.
A typical classification is as follows:-
 Critical
The absence or total breakdown of the EQHSMS to meet the requirements of ISO
9001-2008 and the requirements of applicable regulations.
E.g. Customer complaint is not analysed and no actions taken

One critical NCR will lead to failure of certification.
Major
A non – compliance which is likely to result in the failure of the EQHSMS system or
reduce its ability to assure safety of processes or products.
E.g. improper control of chemical compound, shop workers are not very hygienic or
there is no necessary action to prevent food from contamination etc.
If there is any major NCR, registration is recommended subject to a satisfactory
verification visit. Verification visits will be arranged within eight weeks after the audit to
verify effectiveness of corrective actions.
 Minor
System deficiency, which do not directly affect the EQHSMS, but need to be improved.
random occurrence of system failure
E.g. environment of production areas is not in good condition, which may contaminate
food, inadequate light in production areas or cleaning facility is not in a good condition
etc.
When there are only minor NCRs and its number will not obstruct the system operation,
registration can be recommended subject to a satisfactory review and verification of
document evidence to corrective action. Document evidence, including self –
declaration of corrective actions, is required to be submitted within four weeks after the
audit.

A number of minor lapses of the same content (incorrect issue of documentation in use
in several areas) show a system breakdown and may therefore be regarded as more
serious and be upgraded.
It is normal with certification bodies that once a corrective action has been agreed that
the check for practice effectiveness may be left until the next surveillance visit.
Categorization of non – compliances is normally decided through discussion with the

lead auditor and the auditor rather than applying a the time of the incident.
Categorization is not an end in itself but an aid to assist the lead auditor to assess the
severity of the non – compliance and form a reasoned judgment on the auditee‟s
EQHSMS management system.
If the audit was undertaken for a 'Customer‟ or a „third party‟, then it may well be up to
them to decide on the acceptances of any non – compliance. This may be influenced
by any contractual or specification requirements. The lead auditor should be made
aware of any such restriction.
Reporting Non – Conformities
During the audit, the auditor will be documenting observations of the system. These
observations may well result in non – conformities being raised. When the auditor
decides that there is a non – compliance, then a written report will be submitted. This
type of report is commonly referred to as a NCR (Non – Compliance Report).
There should be sufficient detail in the report to clearly identify all the facts concerned,
the specification requirement and the evidence of the non – compliance. It is important
that sufficient information is provided to ensure traceability to the source of the problem
in order that effective corrective action can be completed.
A quick guide is to examine and describe the:-
 Where – the area where the non – compliance was found or can be identified.
 When – date of audit.
 What – description of the problem.
 Why – a statement of the requirements from the specification or procedure.
 Who – not the report must not attribute blame.
REMEMBER someone has to read the report. Clarity of information and the inclusion of
as many facts as possible will assist the reader to understand your findings THE FIRST
TIME.
The auditor must produce absolute proof that non – compliances exist.
A typical non – conformity report is attached.

3. Objective Evidence
Often members of the work force will give a rehearsed version of the controls being
applied. It is there fore very important during and audit to establish that the facts
investigated by the auditor and the observations made are a true and accurate
reflection of the way in which the food system is applied.
4. Audit Report Observations

Statements NOT substantiated by objective evidence may be made as comments if the
auditor thinks this will be useful or constructive.
These are usually observations noted during the audit, which did not require non
compliances to be raised since they do not contravene a standard or process, but could
included in the audit report to assist the assessed organization with potential
improvement.
The auditor should exercise care when making observation for improvements to ensure
that the auditee understands that he / she is responsible for any decision taken.
5. Preparing the Summary Report
At the conclusion of the audit, the team leader (lead assessor) in consultation with the
team auditors will prepare a summary report.
This report is normally hand written, while a formal typed copy is prepared later and
subsequently submitted. An example of a suitable format is included at the end of this
section.
As its title implies, the report summarizes the detailed reports of non – compliances and
observations, notes any corrective action to be taken and, depending on the authority
given, may allow the team leader to give a recommendation that the Audi tee‟s ISO
9001, ISO 14001 AND OHSAS 18001 arrangements are ACCEPTABLE,
CONDITIONAL or unacceptable.
(Acceptability may be conditional on certain agreed corrective action being completed

to the satisfaction of the team leader or customer, ie a CONDITIONAL
recommendation).
The three levels of recommendation may be applied as follows:-
 Acceptable - award certificate or accept as an approved supplier.

 Conditional – includes statement of agreed corrective action to be completed prior
to acceptance being granted.
 Unacceptable – failure due to a number of serious non – compliances.
A conditional recommendation report will indicate the corrective action required. The
team leader may make recommendations as to the way in witch corrective action
providing there is a clear understanding of the relationship between the two

organizations in terms of any cost or liability that may arise from taking the required
corrective action.
It is the 3rd party certification body which makes the decision to award a certification,
not the auditor. The auditor only makes a recommendation.
In the case of an audit by a certification body, the team leader will always make a
recommendation against the relevant specification.
For 2nd party audits it will be up to the purchaser to decide what action is taken
following an audit based on the auditor‟s recommendations and other commercial
factors, ie price, delivery etc when placing a supplier on their approved supplier list.
6. The Closing Meeting and Presenting the Summary Report

The summary report is formally presented at a closing Meeting attended by the audit
team and the auditee‟s management representatives. At this meeting the team leader
shall:-
 Thank the management for their assistance and co – operation.

 Point out that only a sample of the ISO 9001, ISO 14001 AND OHSAS 18001
arrangements has been taken and that the audit result has been determined against
this sample.
 Propose that any questions for clarification of the report findings are kept until the
end of the presentation.
 Present a summary of the findings and quantify the non – compliances raised.
 Invite each auditor to report their detailed findings and give a recommendation.
 Invite questions for clarification only and give answers
 Agree on any follow – up action which may be required, This may already have
been agreed on non – compliance reports (NCR‟s)
 Advise the auditee on the procedure for processing the final report (depending on
the instructions given to the team leader), but in any case advise that fully written
report will be raised.
 Agree the duration of any approval that may be granted.
 Make a statement regarding confidentiality of information.
Note:
The team leader may choose to present the whole report and only ask the auditors to
deal with the questions relating to their area of audit.

Before departing the team leader will normally leave a copy of Summary Report and
the original non – compliance reports.
7. Agreement and Follow – up of Corrective Action

Where the corrective action is required, the team leader may have agreed a date upon
which a revisit to the audited is to take place in order to verify that all non –
compliances have been successfully corrected.
It may be that the nature and number of non – compliances require a further complete
re – audit. If so, the team leader will state this at the closing meeting and in the final
report.
8. Audit programme
8.1 Contents of Audit Programme for Third party Certification audit
 Objectives for the audit programme and individual audits;
 Extent/number/types/duration/locations/schedule of the audits;
 Audit programme procedures;
 Audit criteria;
 Audit methods;
 Selection of audit teams;
 Necessary resources, including travel and accommodation;
 Processes for handling confidentiality, information security, health and safety, and
other similar matters.
8.2 Establishing the Audit programme objectives
The audit programme objectives can be based on consideration of the following:

a) management priorities;
b) commercial and other business intentions;
c) characteristics of processes, products and projects, and any changes to them;
d) EQHSMS management system requirements;
e) legal and contractual requirements and other requirements to which the
organization is committed;
f) need for supplier evaluation;
g) needs and expectations of interested parties, including customers;
h) auditee‟s level of performance, as reflected in the occurrence of failures or incidents
or customer complaints;
i) risks to the auditee;
j) results of previous audits;

k) level of maturity of the management system being audited.
8.3 Identifying and evaluating audit programme risks
There are many different risks associated with establishing, implementing, monitoring,
reviewing and improving an audit programme. These risks may be associated with the
following:
 planning, e.g. failure to set relevant audit objectives and determine the extent of the
audit programme;
 resources, e.g. allowing insufficient time for developing the audit programme or
conducting an audit;
 selection of the audit team, e.g. the team does not have the collective competence
to conduct audits effectively;
 implementation, e.g. ineffective communication of the audit programme;
 records and their controls, e.g. failure to adequately protect audit records to
demonstrate audit programme effectiveness;
 monitoring, reviewing and improving the audit programme, e.g. ineffective
monitoring of audit programme outcomes.
8.4 Implement the audit programme by means of the following:
 communicating the pertinent parts of the audit programme to relevant parties and
informing them periodically of its progress;
 defining objectives, scope and criteria for each individual audit;
 coordinating and scheduling audits and other activities relevant to the audit
programme;
 ensuring the selection of audit teams with the necessary competence;
 providing necessary resources to the audit teams;
 ensuring the conduct of audits in accordance with the audit programme and within
the agreed time frame;
 ensuring that audit activities are recorded and records are properly managed and
maintained.
8.5 Competence of the person managing the audit programme
The person managing the audit programme should have the necessary competence to
manage the programme as well as knowledge and skills in the following areas:
 audit principles, procedures and methods;
 Environmental management system standard (ISO 9001 AND ISO 14001 2015 as
well as ISO 19011) and reference documents;
 activities, products and processes;
 applicable legal and other requirements relevant to the activities and products;
 customers, suppliers and other interested parties.

8.6 Selecting the audit team members

In deciding the size and composition of the audit team for the specific audit,
consideration should be given to the following:
a) the overall competence of the audit team needed to achieve audit objectives, taking
into account audit scope and criteria;
b) complexity of the audit and if the audit is a combined or joint audit;
c) the audit methods that have been selected;
d) legal and contractual requirements and other requirements to which the
organization is committed;
e) the need to ensure the independence of the audit team members from the activities
to be audited and to avoid any conflict of interest [see principle e) in Clause 4];
f) the ability of the audit team members to interact effectively with the representatives
of the auditee and to work together;
g) the language of the audit, and the auditee‟s social and cultural characteristics.
These issues may be addressed either by the auditor‟s own skills or through the
support of a technical expert.
To assure the overall competence of the audit team, the following steps should be
performed:
 identification of the knowledge and skills needed to achieve the objectives of the
audit;
 selection of the audit team members so that all of the necessary knowledge and
skills are present in the audit team.
8.7 Auditor's Personal behavior

Auditors should exhibit professional behavior during the performance of audit
activities, including being:
 ethical, i.e. fair, truthful, sincere, honest and discreet;
 open-minded, i.e. willing to consider alternative ideas or points of view;
 diplomatic, i.e. tactful in dealing with people;
 observant, i.e. actively observing physical surroundings and activities;
 perceptive, i.e. aware of and able to understand situations;
 versatile, i.e. able to readily adapt to different situations;
 tenacious, i.e. persistent and focused on achieving objectives;
 decisive, i.e. able to reach timely conclusions based on logical reasoning and
analysis;
 self-reliant, i.e. able to act and function independently whilst interacting effectively
with others;
 acting with fortitude, i.e. able to act responsibly and ethically, even though these
actions may not always be popular and may sometimes result in disagreement or
confrontation;

 open to improvement, i.e. willing to learn from situations, and striving for better audit
results;
 culturally sensitive, i.e. observant and respectful to the culture of the auditee;
 collaborative, i.e. effectively interacting with others, including audit team members
and the auditee‟s personnel.
8.8 Generic knowledge and skills of an audit team leader

Audit team leaders should have additional knowledge and skills to manage and provide
leadership to the audit team, in order to facilitate the efficient and effective conduct of
the audit. An audit team leader should have the knowledge and skills necessary to do the
following:
a) balance the strengths and weaknesses of the individual audit team members;
b) develop a harmonious working relationship among the audit team members;
c) manage the audit process, including:
 planning the audit and making effective use of resources during the audit;
 managing the uncertainty of achieving audit objectives;
 protecting the health and safety of the audit team members during the audit,
including ensuring compliance of the auditors with the relevant health, safety and
security requirements;
 organizing and directing the audit team members;
 providing direction and guidance to auditors-in-training;
 preventing and resolving conflicts, as necessary;
d) represent the audit team in communications with the person managing the audit
programme, audit client and auditee;
e) lead the audit team to reach the audit conclusions;
f) prepare and complete the audit report

Annexure-1
Process flow for the management of an audit programme (Ref ISO 19011)
Establishing the audit programme objectives
PLAN
Establishing the audit programme
Roles and responsibilities of the person managing the
audit programme
Competence of the person managing the audit programme
Establishing the extent of the audit programme
Identifying and evaluating audit programme risks
Establishing procedures for the audit programme
Identifying audit programme resources
5.4 Implementing the audit programme

5.4.1 General Competence and
5.4.2 Defining the objectives, scope and criteria foran evaluation of auditors
individual audit (Clause 7)
5.4.3 Selecting the audit methods
5.4.4 Selecting the audit team members DO
5.4.5 Assigning responsibility for an individual auditto
the audit team leader Performing an audit
5.4.6 Managing the audit programme outcome
5.4.7 Managing and maintaining audit programme (Clause 6)
records
5.5 Monitoring the audit programme CHECK
5.6 Reviewing and improving the audit

programme ACT

Annexure-2
How to evaluate an Auditor
Evaluation
Objectives Examples
method
Analysis of records of
To verify the education, training,
Review of
background of the employment, professional
records
auditor credentials and audit
experience
To evaluate personal
behavior and
communication skills, to
Interview verify information and Personal interviews
test knowledge and to
acquire additional
information
Role playing, witnessed
behavior and the ability
Observation audits, on-the-job
to apply knowledge and
performance
skills
behavior and Oral and written exams,
Testing
knowledge and skills psychometric testing
and their application

CHEMICAL INCOMPATIBILITY CHART
Chemical Incompatibility Chart

Mixing these chemicals purposely or as a result of a spill can result in heat, fire, explosion, and/or
toxic gases. This is a partial list
Chromic Acid, nitric acid, hydroxyl-containing compounds, ethylene

Acetic Acid
glycol, perehlorie acid, peroxides, and permangantes.
Acetone Bromine, chlorine, nitric acid, sulfuric acid, and hydrogen peroxide.
Acetylene Bromine, chlorine, copper, mercury, fluorine, iodine, and silver.
Alkaline and Alkaline Earth

Carbon dioxide, carbon tetrachloride and other chlorinated
Metals such as calcium,
hydrocarbons, water, Bromine, chlorine, fluorine, and iodine, Do not
lithium, magnesium,
use CO2, water or dry chemical extinguishers. Use Class D
sodium, potassium,
extinguisher(e.g., Met –L-X) or dry sand.
powdered aluminum
Aluminum and its Alloys Acid or alkaline solutions ammonium persulfatc and water, chlorates,
hlorina ed compounds, nitrates, and organic compounds in
(Especially powders) nitrate/nitrate salt baths.
Bromine, chlorine, calcium hypo chlorite, hydrofluoric acid, iodine,

Ammonia (anhydrous)
mercury, and silver,
Acids, Metals Powders, Ilammable liquids, chlorates, nitrates, sulfur and

Ammonium Nitrate
finely divided organics or other combustibles.
Aniline Hydrogen peroxide or nitric acid.
Acetone, acetylene, ammonia, benzene, butadiene, butane and other

Bromine petroleum gases, hydrogen, finely divided metals, sodium carbide,
turpentine.
Calcium Oxide Water.
Carbon (activated) Calcium hype chlorite, all oxidizing agents.
Caustic (soda) Acids (organic and inorganic).
Acids, aluminum, ammonium salts, eyapides, phosphorous, metal

Chlorates or Perchlorates powders, oxidizable organics or other combustibles, sugar, sullies and
sulfur.
Acclone, acetylene, ammonia, benzene, butadiene, butane and other

Chlorine petroleum ases, hydrogen, finely divided metals, sodium carbide,
turpentine.

Chlorine Dioxide Ammonia, methane phosphine, hydrogen sulfide.
Acetic acid, naphthalene, camphor, alcohol, glycerin, turpentine and

Chromic Acid
other flammable liquids.
Copper Acetylene, hydrogen peroxide.
Cumene Hydroperoxide Acids
Cyanides Acids
Ammonium nitrate, chromic acid, hydrogen peroxide, nitric acid, sodium

Flammable Liquids
peroxide, bromine, chlorine, fluorine, iodine.
Fluorine Isolate from everything
Hydrazine Hydrogen peroxide, nitric acid, and other oxiding agents.
Bromine, chlorine, chromic acid, fluorine, hydrogen peroxide, and

Hydrocarbons
sodium peroxide.
Hydrocyanic Acid Nitric acid, alkali.
Hydrofluoric Acid Ammonia, aqueous or anhydrous.
Hydrogen Peroxide Chromium, copper, iron, most metals or their salts, aniline, any
flammable liquids, combustible materials, nitromethane, and all other
(Anhydrous) organics material
Hydrogen Sulfide Fuming nitric acid, oxidizing gases.
Iodine Acetylene, ammonia (aqueous or anhydrous), hydrogen.
Acetylene, alkali metals, ammonia, fulminic acid, nitric acid with ethanol,
Mercury
hydrogen, oxalic acid.
Combustible materials, esters, phosphorous, sodium acetate, stannous

Nitrates
chloride, water, zinc powder
Acetic acid, acetone, alcohol, aniline, chromic acid, flammable gases

Nitric acid (concentrated) and liquids. hydrocyanic acid, hydrogen sulfide and nitratable
substances.
Nitrites Potassium or sodium cyanide.
Nitroparaffins Inorganic bases, amines
Oxalic acid Silver, mercury and their salts.

Oxygen (liquid or enriched Flammable gases, liquids, or solids such as acetone, acetylene, grease,
air) hydrogen, oils, phosphorous.
Acetic anhydride, alcohols, bismuth and its alloys, paper, wood, grease,
Perchloric Acid
oils or any organic materials and reducing agents.
Peroxides ( organic) Acid (inorganic or organic). Also avoid friction and store cold.
Phosphorus (white) Air, oxygen.
Phosphorus pentoxide Alcohols, strong bases, water
Air (moisture and/or oxygen)or water, carbon fetrachloride, carbon

Potassium
dioxide.
Potassium Chlorate Sulfuric and other acids.
Potassium Perchlorate Acids.
Potassium Permanganate Benzaldehyde, ethylene glycol, glycerol, sulfuric acid,
Acetylene, oxalic acid, tartaric acid, fulminic acid, ammonium

Silver and silver salts
compounds.
Sodium See Alkali Metals.
Sodium Chlorate Acids, ammonium salts, oxidizable materials and sulfur.
Sodium Nitrate Ammonia compounds, ammonium nitrate, or other ammonium salts.
Any oxidizable substances, such as ethanol, methanol, glacial acetic

Sodium Peroxide acid, acetic anhydride, benzaldehyde carbon disulfide, glycerol,
ethylene glycol, ethyl a etate, methyl acetate furfural etc.
Sulfides Acids.
Sulfur Any oxidizing materials.
Chlorates, perehlorates, permanganates, compounds with light metals

Sulfuric Acid
such as sodium, lithium, and potassium.
Acetyl chloride, alkaline and alkaline earth metals, their hydrides and
oxides, barium peroxide, carbides, chromic acid, phosphorous
Water
oxychloride, phosphorous pentachloride, phosphorous pentoxide,
sulfuric acid, sulfur trioxide.

Literature MMM

Uploaded by

Document Informationclick to expand document informationMmm

Document Informationclick to expand document information

Copyright:

Available Formats

Literature MMM

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Literature MMM

Uploaded by

Copyright:

Available Formats

To provide an overview of the changes that is proposed for the ISO 9001:2015, ISO

HAND OUTS IN FILE

Chapter No. Section Page No.

Overview to ISO 9001:2015 QMS and ISO 14001:2015 EMS

copyright @ Green World Group; E-mail: info@greenwgroup.com

List of Documented information required under ISO 9001:2015

copyright @ Green World Group; E-mail: info@greenwgroup.com

List of Documented information required under ISO 14001:2015

copyright @ Green World Group; E-mail: info@greenwgroup.com

1.0 Background to the new standards

copyright @ Green World Group; E-mail: info@greenwgroup.com

10. Preventive, rather than curative.

Benefits of ISO: 9001 and ISO 14001 is summarised below.

copyright @ Green World Group; E-mail: info@greenwgroup.com

* Worldwide recognition and credibility.

4.0 ISO 9001 AND ISO 14001 Documented Information: -

1. Scope of the Quality and Environment management system(4.3 )

copyright @ Green World Group; E-mail: info@greenwgroup.com

14. Confirmation of customer‟s requirement in cases of verbal orders or no written statement

5.0 Introduction to OHSAS 18001: 2007 systems

copyright @ Green World Group; E-mail: info@greenwgroup.com

OHSAS Management System (OHSMS) refers to a system used by an Organisation to

Evidently, OHSAS Management System is not a Hi- Tech mechanism to address

Of course, the documentation can be supported by software.

Unlike the Quality Management System which concentrate only on customers

5.2 The need of OHSMS

Credibility comes in only when an independent, well respected, internationally

copyright @ Green World Group; E-mail: info@greenwgroup.com

5.3 Why implement OHSMS?

5.4 Developing an OHSMS: -

Thus OHSMS scope is as below.

 Must be based on control of causes, not hazards and risks reactive

copyright @ Green World Group; E-mail: info@greenwgroup.com

6.0 OHSAS 18000 Standards: -

copyright @ Green World Group; E-mail: info@greenwgroup.com

1. Commitments and Policy

4. Measurements and Evaluation

5. Reviews and Improvement

copyright @ Green World Group; E-mail: info@greenwgroup.com

6.2 Purpose and benefits of OHSMS (18001): -

1. Conduct awareness programmes (Top + Middle + Bottom Level).

copyright @ Green World Group; E-mail: info@greenwgroup.com

Clarification of new structure, terminology and concepts

1 Structure and terminology

The structure of clauses is intended to provide a coherent presentation of requirements

ISO 9001:2008 ISO 9001:2015

2 Products and services

The specific inclusion of “services” is intended to highlight the differences between

3 Context of the organization

copyright @ Green World Group; E-mail: info@greenwgroup.com

4 Risk Based Thinking

copyright @ Green World Group; E-mail: info@greenwgroup.com

8 Control of externally provided products and services

9 Summary of what is new in ISO 9001: 2015

copyright @ Green World Group; E-mail: info@greenwgroup.com

 Greater emphasis on processes achieving requirements for goods or services and

10 Structure and responsibility