help is here.
Implementing an ISO/OHSAS management system: the general steps
- Plan system, taking into account a) business objectives; b) business structure; c) requirements of the relevant Standard(s); d) identified compliance gaps.
- Define policy statement, ensuring that it is a) unique to your business, b) written in your language, and c) user-friendly.
- Define processes (core and support) and their interaction.
- Document core processes (preferably in flow chart form).
- Document core sub-processes with work instructions as necessary.
- Document key support processes as necessary (i.e. training, purchasing, document control, etc.)
- Identify or establish key system performance metrics (i.e. cost of poor quality); identify baseline and commence data gathering and analysis.
- Establish document distribution system such that system documents are reasonably available to those that need them.
- Orient / train work force in a) aspects of the system that everyone has to know (such as the policy statement, and their role in the corrective action process) and b) aspects of the system specific to their jobs.
- Internally audit system to confirm that it is understood, implemented, and compliant with the Standard. (Some processes may require re-audit after corrective action.)
- Hold initial management review.
- Select registration body.
- Undergo registration audit.
"The Names have been Changed"
a blog by Rob Kantner
What corrective actions are "mandatory"?
Last week we discussed preventive action. This time let's look at corrective action.
Strictly speaking, corrective action is aimed at eliminating the causes of nonconformities that have actually happened. So with corrective action, the key step is to identify the root cause of the problem. (This step often gets short shrift.) The corrective action itself ("the fix") is aimed at eliminating the root cause.
The fix may require two phases: a short-term corrective action (to stop the problem in its tracks and keep it from getting worse), and a long term fix to prevent the problem from returning.
The final step required by the standard is a review to verify the effectiveness of the corrective action. In the process we recommend to clients, this review would be made at a reasonable time after the corrective action is made, to confirm that the problem has not recurred.
"Correction" is a less impactful version of corrective action. It is referenced as an option in the internal audit requirement (8.2.2) and the monitoring/measurement of processes requirement (8.2.3). "Correction" in my view would be a quick fix of something that is not systemic, does not threaten customer satisfaction, and would not seem to require the add-on preventive step to be effective.
But where must we carry out corrective action? Here's our list. . .some from the Standard, some driven by experience.
- Customer complaints
- Process problems resulting in customer dissatisfaction (even if they don't officially "complain")
- Process problems that result in waste or inefficiency beyond norms
- Areas where quality improvement measures go flat or turn downward (as determined by analysis of data)
- Internal audit noncompliances (note: some can be downgraded to corrections, at the MR's discretion)
All employees should be empowered to initiate corrective actions on any kinds of problems they see. You can screen out the ones that are trivial, impractical, or out of the scope of the system, and perform corrective action (or correction) on the rest. It's a powerful tool for improvement, if you let it.
April 14, 2015