ISO 9001 | ISO 14001 | OHSAS 18001

Consulting | Training | Audit Services

We help organizations of all kinds meet your quality, environmental, and safety management system challenges with expert guidance, effective education, and field-tested products. Whether you're certified or not -- interested in ISO 9001 or ISO 14001, ISO/TS 16949, or OHSAS 18001 --
help is here.

Implementing an ISO/OHSAS management system: the general steps

  • Plan system, taking into account a) business objectives; b) business structure; c) requirements of the relevant Standard(s); d) identified compliance gaps.
  • Define policy statement, ensuring that it is a) unique to your business, b) written in your language, and c) user-friendly.
  • Define processes (core and support) and their interaction.
  • Document core processes (preferably in flow chart form).
  • Document core sub-processes with work instructions as necessary.
  • Document key support processes as necessary (i.e. training, purchasing, document control, etc.)
  • Identify or establish key system performance metrics (i.e. cost of poor quality); identify baseline and commence data gathering and analysis.
  • Establish document distribution system such that system documents are reasonably available to those that need them.
  • Orient / train work force in a) aspects of the system that everyone has to know (such as the policy statement, and their role in the corrective action process) and b) aspects of the system specific to their jobs.
  • Internally audit system to confirm that it is understood, implemented, and compliant with the Standard. (Some processes may require re-audit after corrective action.)
  • Hold initial management review.
  • Select registration body.
  • Undergo registration audit.

Rob Kantner

"The Names have been Changed"

a blog by Rob Kantner

What corrective actions are "mandatory"?

Last week we discussed preventive action. This time let's look at corrective action.

Strictly speaking, corrective action is aimed at eliminating the causes of nonconformities that have actually happened. So with corrective action, the key step is to identify the root cause of the problem. (This step often gets short shrift.) The corrective action itself ("the fix") is aimed at eliminating the root cause.

The fix may require two phases: a short-term corrective action (to stop the problem in its tracks and keep it from getting worse), and a long term fix to prevent the problem from returning.

The final step required by the standard is a review to verify the effectiveness of the corrective action. In the process we recommend to clients, this review would be made at a reasonable time after the corrective action is made, to confirm that the problem has not recurred.

"Correction" is a less impactful version of corrective action. It is referenced as an option in the internal audit requirement (8.2.2) and the monitoring/measurement of processes requirement (8.2.3). "Correction" in my view would be a quick fix of something that is not systemic, does not threaten customer satisfaction, and would not seem to require the add-on preventive step to be effective.

But where must we carry out corrective action? Here's our list. . .some from the Standard, some driven by experience.

  • Customer complaints
  • Process problems resulting in customer dissatisfaction (even if they don't officially "complain")
  • Process problems that result in waste or inefficiency beyond norms
  • Areas where quality improvement measures go flat or turn downward (as determined by analysis of data)
  • Internal audit noncompliances (note: some can be downgraded to corrections, at the MR's discretion)

All employees should be empowered to initiate corrective actions on any kinds of problems they see. You can screen out the ones that are trivial, impractical, or out of the scope of the system, and perform corrective action (or correction) on the rest. It's a powerful tool for improvement, if you let it.

April 14, 2015

Earlier blog entries