In autumn 2018 the international standard with guidelines for management system auditing was updated. This has implications to all auditors at all levels who are now expected to reflect a new approach to auditing
The ISO 19011:2018 – Changes include:
- updates in terminology, ensuring better consistency across standards and recognising some of the new approaches to risk-based auditing
- the addition of a new, seventh, principle of auditing,
- minor alterations in clauses 5 to 7 on developing auditing programmes and how competences of auditors will be defined
Changes in terminology:
Within the revision of the Terms and Definitions section, the revision includes:
- the inclusion of the most important terms and definitions of ISO 9000:2015 such as: audit, audit team, management system, and risk. Note that there is now evidence to objective evidence and that it will be assessed objectively
- the terms ‘documents and records’ have been replaced with ‘documented information’ and
- ‘suppliers’ has been replaced with ’external providers’.
Clause changes – ISO 19011:2018
The clauses (5, 6, & 7) within ISO 19011:2018 have undergone a complete update and re-organisation to reflect Annex SL structures and the updates to ISO 9001 etc. Core to the changes is the consideration of a risk-based approach to auditing (the new, seventh, principle of auditing)– this means considering risks when developing the audit programme as well as when collecting evidence during an audit. Auditors now should be asking themselves if risks have been identified and that they are being effectively managed within the scope of every audit they complete.
Auditor competencies has been updated in Section 7 which covers the overall competence of the audit team for each individual audit. This includes expectation on knowledge and skills as well as achieving competence through experience and by audit delivery.
Importantly, from now on, audit team leaders are expected to possess the competencies to discuss strategic issues with the top management. This will also have to be demonstrated during Certification Body Audits.
A new Annex A (which contains much that was in the old Annex B) provides further supporting information on a wide range of issues that will be of use to the auditor. This includes human interaction (how auditors conduct interviews and get the best information from people, professional judgement (which partly comes from experience) and how we verify the information and evidence collected in the audit process.
To Summarise, the main changes in the ISO 19011:2018 standard include:
- Updated terms and definitions so as to be in line with the definitions used in other standards;
- The addition of the 7th principle of auditing – risk-based approach;
- Additional information on managing an audit programme, including audit planning, audit programme risk, conducting an audit, elaboration of the generic competence requirements for auditors;
- Expansion of Annex B (now Annex A), including the additional sections on process approach, lifecycle, professional judgment, audit risks and opportunities, audit leadership and commitment use of information and communication technologies during auditing virtual activities
“The focal point of the new version of the standard is the consideration of evolving technologies and the increased focus on risk.” Auditor Training now becomes more important to your organisation than ever before….
QCS is proud to announce that we have recently completed a refurbishment and extension of our training facilities in Cumbernauld. Two new training rooms and an updated dining facility are now finished and being used to deliver a wide range of courses on management systems and management system auditing.
Our main training room can now accommodate up to 24 delegates in comfort. It also offers more space for group work and break-out sessions, ensuring that we can continue to deliver courses of the highest standard in the very best of surroundings. A new, smaller, more intimate training room is now also available for 8 delegates, allowing us to run courses with lower demand and fewer participants.
In addition to our training rooms we also have new, comfortable dining facilities in which delegates can take a break from the course, relax and spend time discussing learning points with fellow attendees.
All of our public courses take advantage of our new training rooms and bookings through to the end of 2019 are being taken. A full list of courses and booking instructions can be found within our website.
Call the office on 01236 734447 if there is anything we can do to help you determine the best course for you and your company.
ISO 13485 QMS requirements and FDA’s QSR to Merge.
Medical device companies need to be adept at negotiating different regional regulatory requirements. They have become accustomed to the complexities surrounding varying requirements and establishing processes to cope.
It had been suspected, given the changes introduced in the 2016 version of ISO 13485, that harmonisation with US requirements was at the front of the technical committees mind.
The new version of the standard shunned Annex SL, applied in the new version of ISO 9001:2015, in favour of the existing standard format.
FDA press officer Stephanie Caccomo is reported as stating: “With the publishing of the ISO13485:2016 revision, there has been industry evaluation of the regulatory requirement linkages to the standard. In the spirit of global harmonization of quality management systems, the FDA is considering an evaluation/mapping of the 13485 clauses to the appropriate U.S. regulatory requirements.”
This is a welcome development for the medical device industry, simplifying the requirements for quality management systems.
For once, things might get a little simpler.
For August Only
Train 2 Delegates for the Price of 1
23 – 24 August 2018
DON’T MISS OUT
LIMITED 2 FOR 1 PLACES AVAILABLE
Cost for 2 Delegates £775 + vat
OUT WITH THE OLD …………………… (OHSAS 18001:2007)
IN WITH THE NEW ………………….. (ISO 45001:2018)
- 12th March 2018 – ISO 45001 was published
- March 2021 – OHSAS 18001 will be withdrawn
- Currently Certified to OHSAS 18001? – 3 years to migrate to ISO 45001
- ISO 45001 will follow common terminology and structure of Annex SL
- Easily integrated with other management systems, such as ISO 9001 and ISO 14001
- ISO 45001 enables organisations who trade internationally across geographic areas
- ISO 45001 will be a truly international management standard
WHAT IS NEW ?
- Organisations MUST consider what external risks exist
- This means not only looking internally but at any impacts on the wider society
- Annex SL will focus the organisation on Context, Role of Top Management and Employee contribution.
- Health and Safety integrated into both organisational structure and additional management systems
- Accountability for Health & Safety responsibilities will NOT be solely with the Health & Safety Manager but integrated into business operations.
- Clearer and improved requirements and clauses
- Employee participation into core Health & Safety Management Systems
- Simple integration into ISO 9001 (Quality), ISO 14001 (Environmental)
- Top Management involvement
- Organised risk management to reduce hazards and risks
- “Context of Organisation”
- Clear understanding of internal and external drivers
- Clarity on company planning and objectives
- Clear and unambiguous process for managing outsourcing of contractors for reduced risks
QCS Works with some of the first Scottish Companies to gain ISO 45001 on 12 March 2018
QCS International is proud to have worked with both companies to ensure implementation and integration of the new ISO 45001 International standard was a seamless process into their existing management systems
OKI and OPG
QCS International have been working with OPG, one of Scotland’s leading suppliers of vehicle graphics solutions, for over 8 years. Health and safety concerns were always of paramount consideration to OPG, and QCS assisted in the development of health and safety management system to achieve OHSAS 18001.
Aiming to be at the forefront of new developments, OPG has sought to become one of the first companies in Scotland to achieve certification to ISO 45001. Given that certification bodies seek exemplar clients to assist in the development of their auditor skills, OPG was chosen to be a leader in ISO 45001 Certification Programme. We are pleased to have worked with them and very happy to see them awarded this certification on the day of its publication!
OKI UK Ltd in Scotland manufactures Original OKI Consumables used in OKI’s pioneering digital LED printers and MFPs for professional in-house printing and OKI’s robust dot matrix printers for multi-part forms and invoices.
QCS supports OKI UK; the company uses our services to ensure ongoing compliance for environmental regulations (ISO 14001) and for health and safety requirements.
The new ISO 45001 standard includes a requirement to commit to and to achieve all relevant compliance obligations and we are happy to have assisted OKI UK to achieve certification to the new standard on the day of its publication.
QCS International Ltd
We are the experts to ensure you gain the full benefits that can be achieved through certification to management system standards. ISO 45001, as the first international standard for health and safety management, is the best way to have your organisations health and safety arrangements recognised here and throughout the world.
For companies with OHSAS 18001 QCS is able to offer a full migration service to ensure you meet the new, updated requirements that ISO 45001 contains. Our fixed-price service reviews your arrangements and then delivers a bespoke action plan to address any gaps or weaknesses in your current systems. Just call us today for a quotation.
If you are new to health and safety management systems, then the introduction of this new standard gives you a great opportunity to develop health and safety management arrangements now to gain early certification to the standard. There is great commercial and regulatory advantage to being one of the first to gain certification. QCS is able to assist you with consultancy support and training to meet the requirements of the standard.
If you are migrating from OHSAS 18001 to the new ISO 45001, QCS suggests that you are aware of the following changes, and avoid some obvious pitfalls:
- Do not think what you already have is not fit for purpose! Much of OHSAS 18001 requirements have been adopted in ISO 45001 – so do hold on to much of what you already have (QCS can advise). Do not throw anything away!
- If you have made transition to the new ISO 9001 or ISO 14001 then there is lots of commonality with ISO 45001. However, do not assume that they are completely identical!
- If you have certification to ISO 9001 and/or ISO 14001 then the most obvious approach is to now have an integrated management systems. Combining elements of each reduces overall resource requirements
- Do not leave things too late! With three years to complete transition you may think that there is nothing to worry about. Experience shows that this is dangerous and that the sooner you take action the better. Some companies are now struggling with completion of ISO 9001 transition this year, for example.
Your Certification Body will support you through the migration process and at QCS International we can provide you with guidelines, consultancy and training to help you make the transition as simple as possible, in a timescale to suit your company objectives.
With experienced health & safety consultants and trainers, QCS can assist with a full transition programme over a three month period at a fixed price, or selected assistance. What we can also offer is our highly focused ISO 45001 migration auditor workshops and foundations courses.
Our Certification Body, BSI, has advised that the undernoted overview of new and updated concepts in ISO 45001:2018 cover the following:
Brexit and Health and Safety Regulation
The 1974 Health and Safety at Work Act underpins the regulatory framework for health and safety in the UK. This act has been used to introduce new and updated regulations, some of which have been to fulfil EU directives and requirements. For the past 44 years this has worked, and many EU requirements have been issued as regulations under the UK act – they are now UK law.
For example, the EU directives on Display Screen Equipment Use led to the UK DSE regulations being enforced from 1991.
The Great Repeal Act, currently being debated in the UK Parliament, suggests that all current EU law will simply be transferred to become UK laws. For health and safety this is not necessarily the case as shown for DSE, this is now a UK piece of legislation and nothing needs to happen.
With Brexit there is, therefore, no requirement to review, update or change current health and safety regulations. However, it will offer an opportunity, through time, for the UK to develop its own laws, possibly diverging from EU frameworks and requirements. The degree to which this will be possible is yet to be fully understood, but it is highly unlikely that there shall be a significant reduction in the regulatory requirements relating to health and safety.
Those supporting Brexit frequently suggest that it is an opportunity to simplify, remove and ‘take back control’. With regard to health and safety this simply does not apply.
Do you have questions about the ISO 45001 health and safety management system?
In this article the new ISO 45001 health and safety management system requirements are described in detail.
Read on for a thorough explanation of all things relating to this new health and safety management system.
ISO 45001: A Health and Safety Management System
ISO 45001 after much delay, will be published as an international standard on the 15th March 2018. The development to finalise an disuse this document has taken a considerable amount of time, it has not been easy to gain agreement across a wide range of interest groups and international representatives. Soon, however, it will become the new standard of workplace health and safety.
What Is It?
Essentially, ISO 45001 is a new standard for a management system that addresses occupational health and safety. A management system is simply a description of how any organisation might address key issues or concerns and ensure that there is an expected outcome. For health and safety, the expected outcome is a safe working environment and the reduction in hazard exposure for staff.
It follows the same approaches taken by other management systems such as ISO 14001 and ISO 9001. In its development it has considered and reflected upon other standards such as the British standard OHSAS 18001 and the International Labour Organisation’s ILO-OSH Guidelines.
Why Is It Necessary?
Many thousands of people die every year, directly or indirectly due to their exposure to hazards in the workplace. This can include being involved in incidents or through the development of cancers due to exposure to hazardous materials.
Did you know that more than 6,000 people die every day from accidents or diseases relating to work? That’s more than 2 million people per year!
ISO 45001 is intended to be used by any organisation, no matter its size or the kind of work it entails. Plus, it is easily integrated with other health and safety programs like worker wellness and wellbeing.
What Does It Do?
ISO 45001 will help organisations reduce the burden of occupational hazards. It will provide a framework so that organisations can pursue improving the safety of their employees.
Reducing risks in the workplace and creating more safe working conditions all over the world will be a great threat to a large number of people who are harmed by their working environments.
It includes the following key elements:
- That an organisation has in place a mechanism for the identification of hazards in the workplace
- That it assesses these hazards and develops controls to minimise the likelihood of hazards causing harm (risk assessment)
- That wider internal and external influences are considered in the identification of hazards
- That legal requirements for health and safety are achieved, as a minimum
- To deliver the above, there are clear policies and objectives, led by top management
- Controls and other measures to reduce potential harm are effectively implemented
- That there are systems to monitor performance
- Actions are taken to improve health and safety performance and the management system
Having a new health and safety management system like ISO 45001 in place is important for both employers and the global economy as a whole.
Why become ISO 45001 Certified?
ISO 45001 certification demonstrates that your organisation has an effective health and safety management system in place. Proper training is important in every industry.
Having this certification will demonstrate that your organisation has taken positive steps towards health and safety management and that it will meet legal obligations, as a minimum.
As certification is awarded by independent bodies, this provides assurances to staff and other interested parties that what systems have been developed for health and safety are effective and meet the ISO 45001 standard requirements.
In addition to demonstrating your commitment and providing reassurance to clients, ISO 45001 certification also contributes towards making your organisation a safer place to work in or visit.
Having a safe place of work provides benefits to the workforce, reduces costs through lost time and can make a positive contribution towards productivity and profit.
Additionally, ISO 45001 certification satisfies the core requirements of SSIP. And, for other industry schemes, the certification will qualify as “deemed to satisfy.”
Having this certification will demonstrate that your company knows what it’s doing. It will show that steps are being taken proactively to comply with all relevant legislation.
This also proves that your company makes it a point to stay up to date with any changes in legislation that are applicable to you.
In short, this certification will show that your organisation is using a health and safety management system for best practices in your field of work.
Safety and Savings
In addition to giving off a great impression of your company, ISO 45001 certification makes your organisation an overall more safe place to work.
With safety comes savings and an increased peace of mind, which is a priceless gift. The substantial amount of money you will save from the accidents prevented by having this health and safety management system in place is hard to measure.
How Is ISO 45001 Better Than OHSAS 18001?
This is a natural question when reviewing the details of the ISO 45001 certification.
Though it is a replacement for OHSAS 18001, there are many significant improvements that have been made.
Most obvious, of course, is the fact that ISO 45001 is more up to date. Everything is brought up to current industry standards and takes into account the modern world.
Plus, it can integrate seamlessly with other ISO management systems.
Have Additional Questions?
If you still have questions about the ISO 45001 health and safety management system or any other aspects concerning the protection of your business, we can help.
QCS International is a CQI and IRCA approved training partner and provides ISO and Health and safety training courses within Scotland, across the UK and beyond.
We are here to exceed your expectations and ensure full satisfaction as a customer. Please contact us today if you have any questions for us or simply want to place an order.
Both ISO 9001 and ISO 14001 have a whole new clause of leadership for the management system. This replaces the old concept of top management commitment that appeared in the previous versions of both standards.
To begin, if you already have top management who are fully engaged in the management systems you have, and who actively participate in decisions and take note of issues and concerns the system raises, then this will be much easier. If, however, senior staff rarely comment on the QMS or EMS and who limit their involvement to management review then this will require some work.
Key to understanding leadership here is accountability. Top managers are busy people and were happy in the past to delegate much of the system function to a representative who would ‘keep the certificate on the wall’. The function of a management representative has been removed from the standards so it is no longer the case that this can be easily delegated.
To be accountable, top management must really have their finger on the pulse and be aware of issues and concerns within the system as soon as they occur. This allows them to allocate resource, drive improvement and ensure that the system really does contribute towards the organisation. To have certification should always be a benefit and never a burden.
The most obvious areas for top management to demonstrate their involvement include:
- Considering the quality and environmental implications of decisions they have taken, and ensuring the QMS and EMS develops alongside wider business/organisation improvement. The QMS should never be an afterthought
- Actively and continually reviewing progress against objectives and targets – and not simply waiting for an end of year review to find out these are not going to be met
- Making sure different departments and activities throughout the organisation work together to deliver the product/service and deliver good environmental management – the process approach
- Supporting all staff who may be trying to deliver the quality management system
- Being aware of risks and opportunities and using these when developing organisational strategy
Much of this already occurs within an organisation, but it is now part of ISO 9001 and ISO 14001. Much of this does not necessarily have to be documented in any way, but the top manager within your organisation shall have to be able to demonstrate this during certification body audits, usually through interview or by explaining the decisions they have made. There is no harm including top management in your own internal audit programme to ensure they are well prepared!
ISO 45001 is intended to replace the widely implemented BS OHSAS 18001 and it is anticipated that organisations currently certified to BS OHSAS 18001 will require to migrate to ISO 45001 within three years of the new standard’s publication.
You need to attend this workshop if you ..
- Manage an Occupational Health and Safety Management System
- Manage processes in your organisation
- Carry out internal audits of an Occupational Health and Safety Management System
- Require an understanding of the extent and nature of the changes introduced by ISO 45001:2016, that will supersede OHSAS 18001:2007.
- You are considering gaining certification to the new standard
The Workshop Includes …
- Annex SL explained, and its impact as the foundation for all current and future management systems standards
- Using the new high-level structure for a health and safety management system
- The additional/changed requirements defined in ISO 45001:2018 when compared with OHSAS 18001:2007
- Transition period you have before the changes become mandatory
- Guide to the actions you need to take.
What are the benefits of attending the Workshop?
- Understanding of the implications of ISO 45001 relevant to your business
- Planning required to introduce or transition to ISO 45001
- Assist in gaining certification
- Mapping Guide OHSAS 18001 to ISO/DIS 45001
To attend the workshop you will require to have some knowledge of the current OHSAS 18001:2007 requirements