www.apcergroup.com
ISO 14001:2015 Changes and challenges
Dick Hortensius | NEN Management Systems
31 March & 1 April 2016
www.apcergroup.com
Overview of presentation
Background of the revision:
• The High Level Structure for ISO MSS and the plug-in model for integration
The major changes in ISO 14001:2015
• Related to the introduction of the HLS
• Related to the recommendations of the Future Challenges study group
www.apcergroup.com
ISO 9001:2008
Quality management
ISO 14001:2004 Environmental management
OHSAS 18001
OHS management
ISO 50001
energy management
ISO 30301
Records
management ISO 22000
Food safety
ISO 27001 Information
security
BS 25999 Business
Continuity
BSI PAS 55 Asset management
ISO 28000 Supply chain
security
www.apcergroup.com
New approach: two advisory groups
SAG MSS: strategic advisory group, users of MSS, future of management system standards
JTCG: practical coordination, representatives of ISO/TC/PC/SC, alignment of management system standards
www.apcergroup.com
Shortcomings of ISO MS(S) according to the SAG MSS
Architecture of the standards:
• Lack of a common model/framework
• Too many separate standards, no incentives to integrate
Implementation
Little integrated application of MSS
Insufficient links to ‘business risks’
Relationship with corporate governance
Not embedded in the governance of organizations
No integral risk management
www.apcergroup.com
Generic
core with
basic requirements
for a
management-
system
Environment
quality
OH&S
Other Safety
Flowermodel Van NEN
www.apcergroup.com
HLS Core elements
and requirements
Quality management
Environmental management
OH&S management
Ge
ne
ric
stan
dar
ds
Sector standards
TC 1
69
49
ISO 2
90
01
Examples: • Automotive • Medical devices • Oil and Gas industry
Generic guidelines
ISO
19
60
0
ISO
31
00
0
ISO
26
00
0 Examples:
• Risk management • Social Responsibility • Compliance management
Examples: • Auditing • Documentation
Spe
cific guid
elin
es
ISO 19011
Plug-in model for ISO MSS
Orador:
Local e Data:
www.apcergroup.com
MSS CORE ELEMENTS
The core of the ‘plug-in’ model requires for MSS:
• Same structure (HLS))
• Identical terms and definitions
• Common basic requirements
Core of the ‘plug in model’
JTCG
www.apcergroup.com
Draft ISO Guide 83 Annex SL text
High level structure and identical text for MSS and common core MS terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
• Resources • Competence • Awareness • Communication • Documented information
• Monitoring, measurement, analysis and evaluation
• Internal audit • Management review
• The organization and its context (issues/risks)
• Needs and expectations of interested parties
• Scope of MS
• Leadership and commitment • Policy • Organizational roles,
responsibilities and authorities • Actions to address risks and opportunities
• Objectives and plans to achieve them
• Nonconformity and corrective action
• Continual improvement
• Operational planning and control
www.apcergroup.com
Core elements Plug-in model High Level Structure
HLS Clauses
Context of the organization
Leadership
Planning
Resources
Operation
Evaluation of performance
Improvement
Management processes
Leadership
Stakeholder management
Risk management
Compliance management
Process management
Improvement management
(human) resources and support
www.apcergroup.com
High level structure and identical text for MSS and common core MS terms and definitions
Management processes
Seven generic management processes:
1. Leadership
2. Stakeholder management
3. Risk management
4. Compliance management
5. Process management
6. Improvement management
7. (Human) resources management
Orador:
Local e Data:
www.apcergroup.com
Connecting HLS clauses and generic management processes (vertical linkages)
Context of the organisation
Leadership
Support
Operation
Evaluation of performance
Planning
Improvement
4 Context of the
organization
Leadership
7.1 resources
9.3 Management
Review
5 Leadership
10.2 improvement
Stakeholder management
4.2 Stakeholders
needs and expectations
7.4 Communication
9.3 Management
Review
Risk management
4.1 Internal and external issues
6.1 Risks and opportunities
8 Risk control
9.1 monitoring of control
10.1 correction, corrective action
Compliance management
4.2 stakeholders,
needs and expectations
6.1 addressing requirements in
planning
8.1 Process control
9.1 monitoring of compliance
10.1 correction, corrective action
Process management
8.1 Operational
control
6.2 objectives/ planning
7.1/7.2 resources,
competencies
9.1 Monitoring, measuring
5.1 Integration system in business
processes
10.1 correction, corrective acion
Improvement
management
5.2 Policy
6.2 Objectives
7.1 Resources
9.1, 9.2, 9.3 Evaluatie prestaties
10.1, 10.2 Corrective
actions and improvement
Support, (human)
resources
4.4 Management
system
5.3 Structure, roles,
responsibities
7 Support
Themes HLS
Management of Change
Changes In the context
Monitoring, auditing
Control of changes
Planning of changes
resources, competencies, communication documentation
Responsibilities, authorities for
MoC
Orador:
Local e Data:
www.apcergroup.com
4 Understanding the context
What is happening what are the trends?
Who are we effecting? Who are affecting us? Who do we need to consider?
4.1 Issues (factors)
4.2 stakeholders
6.1 Risk management
6.1 compliance management A
nalysis, p
rioritizatio
n
What are the requirements, needs and expectations? What are our compliance obligations?
From context analysis to operational control
Strategic assessment
What are the risks (threats/opportunities)?
8 Operational control 9 Monitoring
www.apcergroup.com
Two management levels in the HLS
4.1/4.2 context analysis
4.3/4.4 system
5.1 leader ship
5.2 policy
9.3 manage-
ment review
6.1 addressing risks and
opportunites
6.2 objectives and planning
8 Operation 9 Evaluation of performance/ internal audit
10 Corrective action and
improvement
Strategic level “doing the right things”
Operational level “doing the things right”
5.3 structure
7 support
Supporting elements
Operational
Risk assessment
External/internal issues and
developments
Stakeholders, needs and
expectations
strategic analysis
PDCA
PDCA
Operational
controls
Inp
ut re
vie
w
www.apcergroup.com
6.1 aanpakken
van risico’s en kansen
6.2 doelstellingen en
planning
8 Uitvoering 7 support
9 Evaluatie van prestaties/
interne audit
10 Corrigerende
acties en verbetering
‘Doing the right things’ Mission and strategy
‘Doing the things right’ Operational excellence
PDCA
PDCA
Link strategy and
operation
HLS Leadership
Risk management
Compliance management
Humans & resources
Process management
Stakeholder management
The contribution of SHEQ to corporate governance
4.1/4.2 context analyse
4.3/4.4 systeem
5.1 leider schap
5.2 beleid 5.3 structuur
9.3 manage-
ment review
www.apcergroup.com
Companies:
• ISO management systems become part of the corporate governance
• Integration and expansion of systems becomes easier
• Assists in dealing with current and future societal challenges
Stakeholders:
• Interests (issues and requirements) are taken into account in managing the organization
Importance HLS/plug-in model
www.apcergroup.com
For certification:
• Makes combined audits and modular approach to certificates easier
• Better focus on assessing new modules?
• Easier (ex)change of CB’s?
For governmental supervision/inspection:
• Risk management and compliance management are an integral part of (certified) management systems
Importance HLS/plug-in model
www.apcergroup.com
ISO 9001
kwaliteitsmanagement
ISO 14001
milieumanagement
OHSAS 18001
arbomanagement
ISO 50001
energy management
ISO 30301
Records
management HACCP/ISO 22000
Food safety
ISO 27001 Information
security
ISO 22301 Business
Continuity
PAS 55/ISO 55001 Asset management
ISO 28000 Supply chain
security
Guide 83
HLS
ISO 14001
ISO 9001
OHSAS
18001
ISO 50001 ISO 22000
Orador:
Local e Data:
www.apcergroup.com
www.apcergroup.com
Revision ISO 14001 Two challenges
How to apply the ‘high level structure’ to the new edition of ISO 14001?
How to cope with the reccomendations of the ‘Future challenges’ study group?
www.apcergroup.com
Established in 2008; convenership: NEN
Identification and assessment of new trends and developments in the application of EMS since the publication of ISO 14001 in 1996 en 2004
Issues amongst others:
• Relationship with CSR/sustainability and strategic management
• Compliance with legislation and regulatory requirements
• Improvement of environmental performance
• Value chain management (life cycle)
• External communication
“Future challenges” study group
www.apcergroup.com
Related to application of HLS
• Structure of the standard
• Systems approach and documentation requirements
• Context analysis and explicit risk-based thinking
• Leadership
Related to the FC recommendations
• Life cycle approach
• Communication
• Monitoring with KPI
• Evaluation of compliance - compliance status
• Continual improvement of environmental performance
Revision ISO 14001 Two types of changes
Orador:
Local e Data:
www.apcergroup.com
New structure of 14001:2015 (I)
ISO 14001:2015 ISO 14001:2004
1 Scope 1 Scope
2 Normative references 2 Normative references
3 Terms and definitions 3 Terms and definitions
4 Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested
parties 4.3 Determining the scope of the EMS 4.4 The environmental management system
4.1 General requirements
5 Leadership 5.1 Leadership and commitment 5.2 Environmental policy 5.3 Organizational roles, responsibilities and authorities
4.2 Environmental policy 4.4.1 Resource, roles, responsibility and authority
6 Planning 6.1 Actions to address risk and opportunities (6.1.1 general/6.1.2 environmental aspects/6.1.3 compliance obligations/6.1.4 planning actions) 6.2 Environmental objectives and planning to achieve them (6.2.1 environmental objectives/6.2.2 planning actions to
achieve environmental objectives)
4.3 Planning 4.3.1 Environmental aspects 4.3.2 Legal and other requirements 4.3.3 Objectives, targets and programmes
Orador:
Local e Data:
www.apcergroup.com
New structure of 14001:2015 (II)
ISO 14001:2015 ISO 14001:2004
7 Support 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication (7.4.1 General/7.4.2 Internal communication/ 7.4.3 External communication 7.5 Documented information (7.5.1 General/7.5.2 Creating and updating/7.5.3 Control of documented information)
(4.4 Implementation and operation) 4.4.2 Competence, training and awareness 4.4.3 Communication 4.5.4 Documentation 4.5.4 Control of records
8 Operation 8.1 Operational planning and control (including the life cycle perspective) 8.2 Emergency preparedness
4.4 Implementaton and operation 4.4.6 Operational control 4.4.7 Emergency preparedness
9 Evaluation of performance 9.1 Monitoring, measuring, analysis and evaluation (9.1.1 general/9.1.2 evaluation of compliance) 9.2 Internal audit
(9.2.1 general/9.2.2 Internal audit programme) 9.3 Management review
4.5 Control 4.5.1 Monitoring and measuring 4.5.2 Evaluation of compliance 4.5.5 Internal audit 4.6 Management review
10 Improvement 10.1 General 10.2 Nonconformity and corrective action 10.3 Continual improvement
4.5.3 Nonconformity, corrective action and preventive action
Orador:
Local e Data:
www.apcergroup.com
www.apcergroup.com
Systems approach of ISO 14001
2004 edition:
15 procedures
• 14 ‘system procedures’ (documentation not required)
• X ‘operational procedures’ (4.4.6) (documented when necessary)
Documents and registrations
2015 edition:
No procedures required
• More use of ‘direct requirements’: The organization shall determine, identify, conduct, establish….
• Sometimes ‘establish, implement and maintain a process’
Documented information (maintain, retain)
www.apcergroup.com
“The policy shall be maintained as documented information” (a document)
“The organization shall maintain documented information to the extent necessary to have confidence that the process is carried out as planned” (can be a procedure)
“The organization shall retain appropriate documented information as evidence of monitoring, measurement,
analysis and evaluation” (a record)
Documented information 3 types of documents
www.apcergroup.com
In many cases documentation is not (explicitly) required:
“The organization shall determine external and internal issues..…”
“Top management shall ensure that responsibilities and authorities for relevant roles are assigned and communicated …”
“The organization shall plan how to evaluate the effectiveness of these actions ...”
Documented information to be determined by the organization
www.apcergroup.com
Procedures processes
www.apcergroup.com
New processes
www.apcergroup.com
Context analysis (4.1)
4.1 Understanding the organization and its context
Determine internal and external issues that:
are relevant to the purpose of the organization and
Affect the ability to achieve the intended outcomes of the EMS
This includes environmental conditions that are affected by the organization and vice versa
Intended outcomes of the EMS (see scope):
Improvement of environmental performance
Fulfilment of compliance obligations
Achievement of environmental objectives
www.apcergroup.com
A.4.1
Examples of issues:
• Environmental conditions related to climate, air quality, water quality, land use, natural resource availability and biodiversity
• external cultural, social, political, regulatory, financial, technological, economic, natural and competitive circumstances
• internal characteristics or conditions of the organization, such as its activities, products and services, strategic direction, culture and capabilities (people, knowledge, systems)
Context analysis (4.1)
www.apcergroup.com
4.2 Understanding the needs and expectations of interested parties
The organization shall determine:
• Interested parties relevant to the EMS
• The relevants needs and expectations (the “requirements”) of these interested parties
• Which of these needs and expectations become compliance obligations of the organization
General understanding in 4.2; detailed analysis in 6.1
Context analysis (4.2)
www.apcergroup.com
Examples of interested parties (3.1.6)
• customers,
• communities,
• suppliers,
• regulators,
• non-governmental organizations,
• investors and
• employees
Context analysis (4.2)
Orador:
Local e Data:
www.apcergroup.com
4 Context analysis
What is happening?
What are the trends
and developments?
Who are we effecting?
Who are affecting us?
Who do we need to consider?
Issues/factors (4.1)
Stakeholders (4.2)
Risk management 6-10
Compliance management 6-10
What are the requirements, needs and
expectations?
What are our compliance obligations?
What are the risks and opportunities)?
Operational control 8.1
Emergency preparedness 8.2
From context analysis to operational control in ISO 14001:2015
Linkages with environment aspects, processes,
products and services (6.1)
Linkages with environment aspects, processes,
products and services (6.1)
An
aly
sis
, prio
ritizatio
n
www.apcergroup.com
6.1 actions to address risks and opportunities
6.1.1 general determination of risks and opportunities related to significant environmental aspects, compliance obligations and other issues (4.1/4.2) that need to be addressed to achieve the intended outcomes of the EMS , to prevent negative effects and to achieve continual improvement
6.1.2 Significant environmental aspects Identification and evaluation of environmental aspects significant environmental aspects can result in risks and opportunities
6.1.3 Compliance obligations Identification of compliance obligations and determination of how these apply to the organizations (activities, products, services, assets, environmental aspects) compliance obligations can result in risks and opportunities
6.1.4 Planning action
Planning of actions to address risks and opportunities, significant environmental aspects, compliance obligations, how to integrate these actions in the EMS and how to evaluate the effectiveness of these actions
Planning
www.apcergroup.com
Environmental aspects (4.3.1)
Significant environmental aspects
Legal and other requirements (4.3.2)
Objectives/ targets (4.3.3)
criteria
criteria
Operational control (4.4.6)
ISO 14001:2004 ISO 14001:2015
Environmental Aspects (6.1.2)
Significant environmental aspects
Compliance obligations (6.1.3)
Planning actions (6.1.4)
criteria
Operational control (8.1)
criteria
Risks and opportunities
(6.1.1)
Context analysis (4)
Policy
Objectives (6.2)
Orador:
Local e Data:
www.apcergroup.com
Context: issues, (changing) circumstances, stakeholders, requirements, needs,
expectations
Environmental aspects
Signicifant environmental
aspects
6.1.2
Risks and opportunities in ISO 14001
4.1/4.2
Compliance
obligations 6.1.3
Risks and opportunities 6.1.1
• Regulatory energy scan; resulting in required measures
• Carbon footprint information
• Requirements of the CO2 performance certificate • CO2 emissions
• Energy use
• Climate change • Decarbonization of
economy • Clients require
information on carbonfootprint
• Prorail requires CO2 performance certificate
• Governmental requirements
Risks: • Environmental pollution • Non-compliances • Loss of clients • Own policy is not achieved, loss of image Opportunities: • Improving the environment, sustainable
products • Increasing market share • Cost savings
• x % reduction of energy use
• Enhance share of energy from renewable resources
• New technologies • Enhance awareness
of employees
• Energy savings in operation of processes
Planning of
actions
Establishing
objectives Operational control
6.1.4
6.2
8.1 Resources/competencies 7.1/7.2 Monitoring 9.3
• Installation of smart meters
• Monitoring energy use
• Monitoring CO2 emissions
www.apcergroup.com
Leadership (I)
5.1 Leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the environmental management system by:
taking accountability for the effectiveness of the environmental
management system;
ensuring that the environmental policy and environmental
objectives are established and are compatible with the strategic
direction of the organization;
ensuring the integration of the environmental management system
requirements into the organization’s business processes;
ensuring that the resources needed for the environmental
management system are available;
www.apcergroup.com
communicating the importance of effective environmental
management and of conforming to the environmental management
system requirements;
ensuring that the environmental management system achieves its
intended outcomes;
directing and supporting persons to contribute to the effectiveness
of the environmental management system;
promoting continual improvement;
supporting other relevant management roles to demonstrate their
leadership as it applies to their areas of responsibility.
Leadership (II)
www.apcergroup.com
Life cycle (3.3.3):
consecutive and interlinked stages of a product (or service) system, from raw material acquisition or generation from natural resources to final disposal
Scope (1):
This International Standard…..is applicable to the environmental aspects that the organization determines it can either control or influence considering a life cycle pespective
Life cycle perspective (I)
www.apcergroup.com
Environmental aspects (6.1.2):
The organization shall determine the environmental aspects of its activities, products and services that it control and those that it can influence ........ considering a life cycle perspective.
Life cycle perspective (II)
www.apcergroup.com
Operational planning and control (8.1)
Consistent with a life cycle perspective, the organization shall:
a) establish controls, as appropriate, to ensure that its environmental requirement(s) is (are) addressed in the design and development process for the product or service, considering each life cycle stage;
b) determine its environmental requirement(s) for the procurement of products and services, as appropriate;
c) communicate its relevant environmental requirement(s) to external providers, including contractors;
d) consider the need to provide information about potential significant environmental impacts associated with the transportation or delivery, use, end-of-life treatment and final disposal of its products and services.
Life cycle perspective (III)
www.apcergroup.com
3.2.9 Compliance obligation (preferred term):
Legal and other requirements (admitted term)
legal requirements that an organization has to cmply with and other requirements that an organization has to or chooses to comply with (source: ISO 19600)
Understanding the needs and expectations of interested parties (4.2):
The organization shall determine…. which of these needs and expectations become its compliance obligations.
Compliance status (I)
www.apcergroup.com
Compliance obligations (6.1.3)
The organization shall:
Determine and have access to the compliance obligations related to its environmental aspects
Determine how these compliance obligations apply to the organization
Maintain documented information of its compliance obligations
Compliance status (II)
www.apcergroup.com
Evaluation of compliance (9.1.2)
The organization shall:
Evaluate the fulfilment of its compliance obligations
Determine the frequency that compliance will be evaluated
Take action if needed
Maintain knowledge and understanding of its compliance status
Compliance status (III)
Orador:
Local e Data:
www.apcergroup.com
Commitment to fulfil its compliance obligations (5.2)
Determine compliance requirements (6.1.3)
Identification of needs and expectations of interested parties
and determine compliance obligations (4.2)
Planning actions (6.1.4)
Risks and opportunities related to compliance requirements (6.1.1)
Compliance-evaluation (9.1.2)
Actions and measures (6.2, 7, 8.1, 8.2)
Management review (9.3)
Compliance status
changes?
Source: SCCM
Compliance status (IV)
www.apcergroup.com
Communication (I)
7.4 Communication 7.4.1 General
The organization shall establish, implement and maintain the process(es) needed for internal and external communications relevant to the environmental management system, including:
a) on what it will communicate;
b) when to communicate;
c) with whom to communicate;
d) how to communicate.
When establishing its communication process(es), the organization shall:
take into account its compliance obligations;
ensure that environmental information communicated is consistent with information generated within the environmental management system, and is reliable.
www.apcergroup.com
External communication (7.4.3)
The organization shall externally communicate information relevant to the environmental management system, as established by the organization's communication process(es) and as required by its compliance obligations.
Communication (II)
www.apcergroup.com
Planning actions to achieve environmental objectives (6.2.2)
The organization shall establish ……
• how the results will be evaluated, including indicators for monitoring progress toward achievement of its measurable environmental objectives
Monitoring using KPI (I)
www.apcergroup.com
Monitoring, measurement, analysis and evaluation (9.1)
The organization shall determine…
• The criteria against which the organization will evaluate its environmental performance, and appropriate indicators
Monitoring using KPI (II)
www.apcergroup.com
Environmental performance (3.4.11)
Performance (i.e measurable result) related to the management of environmental aspects
Scope (1)
Intended outcomes of the EMS include…
Enhancement of environmental performance
Policy (5.2)
Includes a commitment to continual improvement of the EMS to enhance environmental performance
Improvement of environmental performance (I)
www.apcergroup.com
Management review (9.3)
Input: opportunities for continual improvement
Output: decisions related to continual improvement opportunities
Continual improvement (10.3)
The organization shall continually improve… of the EMS with a view to enhance environmental performance
Improvement of environmental performance (II)
www.apcergroup.com
New structure (HLS based)
Context analysis: internal and external issues, stakeholders, needs
and expectations, determination of compliance obligations
Commitment, involvement and responsibilities of top management
is more explicit.
Value chain management (life cycle perspective) is more explicit
throughout the standard
ISO 14001:2015 Most important changes(I)
www.apcergroup.com
ISO 14001:2015 Most important changes(II)
Inclusion of the concept ‘risks and opportunities’
Application of (key performance) indicators to monitor
achievement of environmental objectives.
More emphasis on external communication and the ‘quality’ of
environmental information
Changes in requirements related to documentation
The mechanism of (continual) improvement is more explicitly
related to improvement of environmental performance
Orador:
Local e Data:
www.apcergroup.com
ISO 9001:2015 and 14001:2015 Certification Transition Timeline
September 2015 start of 3 years transition period to September 2018
2018 2017 2016 2015
September 2015
Published International Standard
Orador:
Local e Data:
www.apcergroup.com
More information
www.nen.nl/denieuweiso
KAM-MAIL
Top Related