Rank: Guest 
|
Posted By Graham Russell
A question regarding the inclusion of section 4.5.2 Evaluation of compliance in the 2007 revision of the standard. Without an up to date version of 18002 I am unsure what should be included in a procedure to cover this section. Can anyone provide some information on what should be covered and what audit evidence would be required. Thank you.
|
|
|
|
|
|
Rank: Guest
|
Posted By Robert K Lewis
Even 18002 does not help greatly with this clause.
It is about how one demonstrates that the organisation remains compliant with relevant legislation AND other documents such as approved codes, internal standards etc on an ongoing basis. It is NOT about checking once a year that you have identified all relevant legislation.
The procedure should therefore include identifyimg persons responsible for ensuring particular requirements happen as a matter of routine, what documentary evidence is required to demonstrate compliance, assessment for how often compliance is monitored, benchmarks set etc. Thus say for passenger lifts one might see such as maintenance manager, six monthly, tyest certificate, records etc.
Easy once you have fallen off the log a few times. The same requirement is in ISo 14001 but is more clearly set oput there. 9001 has again similar needs but is a bit weaker tha 14001 as regulation is not an issue particularly.
Bob
|
|
|
|
|
|
Rank: Guest
|
Posted By David Balkwell
Hello Graham
More than happy to explain this and forward you process/procedure guidance
As a Certification Body Assessor for the last 18yrs and over 3500 days of ISO9001 ISO14001 OHSAS18001(now BS OHSAS18001:2007) certification assessment
But not online.............
I also have some transition ie OHSAS18001:1999 to BS OHSAS18001:2007 guidance if anyone wants it
davidbalkwell@mobileemail.vodafone.net
Regards
David
|
|
|
|
|
|
Rank: Guest
|
Posted By Robert K Lewis
David
:-) :-)
Good advert as many of us auditors realise. I do think you are correct though - too amny practitioners think setting up an OHSAS system is just about following the guidance. As you and I realise it also is about the value of experience in getting the job done quickly.
Graham
I suppose this means you can talk to either one of use offline:-)
Bob
|
|
|
|
|
|
Rank: Guest
|
Posted By David Balkwell
Hi Bob
I am more than happy to talk to any one off line
There were good reasons for 4.5.2 being a separate clause and I contributed enough effort into ISO14001:2004 draft and BSOHSAS18001:2007 draft to agree and be quite clear of the requirements and benefits of the split
And as co-founder of OHSAS18001:1999 I am quite passionate about this
I could go on but please feel free to contact off line
I could give my business name but I'm not allowed :)
Drop me an email on..............
davidbalkwell@mobileemail.vodafone.net
regards
David
|
|
|
|
|
|
Rank: Guest
|
Posted By Robert K Lewis
David
Yes it is one of the key clauses and most systems I see regard it as purely being an annual audit to make sure everything relevant is listed. The procedure though actually is the driver to provide the evidence of operational control in my view. Like you I see most people not fully understanding the depth of meaning.
Bob
|
|
|
|
|
|
Rank: Guest
|
Posted By Carl Deaves
I would expect to see more than a list of what is involved. I have seen thi clause addressed by expanding the legal register on landscape sheets to provide an overview of requirements of each piece in one column, the documents and records used to evidence compliance in the next and the final column left blank and used for the "CHECK" which can be lists os samples taken during internal audits.
Hope this helps
Carl
|
|
|
|
|
|
Rank: Guest
|
Posted By David Matthew
Ah the old legal register - not specifically required by the standard IMHO but expected by any external auditor. I have to confess to being a bit of a cynic regarding these having developed them for both 14001 and 18001 with seemingly evermore detail in them to satisfy the personal whim of the auditor - don't get me started.
My personal opinion is that your procedures should address how the Company meets the legislative requirement, therefore if you proactively monitor your workplace and audit against your procedures it becomes apparent if you are complying with the law or not. This also means that your legal register can simply refer to the relevant procedure(s) otherwise there's a danger that ever increasing amounts of time are spent paraphrasing legislation creating a huge document that in reality only you and the auditor ever read.
This I believe is one of the problems companies find with going down the 18001 route is that chasing the certificate becomes paramount so changes are made to documentation driven by the external auditor which people forget contains or is the health and safety policy which all companies are legally obliged to have.
However that's only my opinion and I am a self confessed cynic.
Regards,
David
|
|
|
|
|
|
Rank: Guest
|
Posted By Robert K Lewis
David
Audits etc are part of a different clause. This one does require a register of legislation but a procedure to ensure that the organisation complies with the requirements of the "legal and other requirements" affecting the organisation.
Bob
|
|
|
|
|
|
Rank: Guest
|
Posted By Gerry Marchant
Would appreciate receiving any info if anyone is wishing to part with it concerning the setting up, maintenance etc etc of 14001 & 18001 as I am in the process of setting up both these systems.
We are a construction company of 150 employees if that helps
gtm@knowlesandson.co.uk
Many thanks
Gerry
|
|
|
|
|
|
Rank: Guest
|
Posted By David Balkwell
As this seems to be attracting some interest I will further the discussion
I am a Lead 9K 14K 18K Certification Auditor for 9 certification bodies and was the co-founder of OHSAS18001:1999
I spent 10yrs as an operations manager or a leading certification body before leaving to do my own thing in 1999
Evaluation of Compliance is one of the most underestimated sections in BSOHSAS18001:2007 (And ISO14001:2004)
Starting at the beginning – During the 14k 2004 drafting a selection of ISO14001 users were asked a number of questions, one of the questions was do you feel that certification to 14k helps demonstrate legal and requirements compliance ?
95% said no – well this caused quite a stir as it was in fact already contained in monitoring and measurement (ie the need to check legal compliance) – So the committee decided to add a new section called Evaluation of Compliance
They could have added it to Internal Audit – but didn't as this would add a whole series of questions ie compliance evidence coverage ie at what point will you have completed the task cycle and what about auditor legal knowledge
So it was kept separate plus the clear distinction made having identified the division in Policy requirements and legal management to separate Legal and Requirements – two different things
So..............................
The function of periodic evaluation of legal and requirements compliance is coming under greater scrutiny from certification bodies.
European co-operation for Accreditation (http://www.european-accreditation.org ) is in the process of adopting new informative guidance on "The relationship between ISO 14001 management system conformity assessments and Regulatory Compliance". The guidance is intended to be used by accreditation and certification bodies, as well as organisations using ISO 14001 as their EMS.
The latest draft of the guidance distinguishes between the role of the internal EMS audit and the periodic evaluation of legal compliance:
-the internal EMS audit is to be used to ensure that the system as a whole (including the commitment to comply with applicable legislation and requirements is undertaken) is challenged for compliance
-and Evaluation of Compliance, to undertake periodic evaluations of legal and requirement compliance as a separate function as planned, but shouldn't be used to carry out audit functions of the system.
This has implications on the way that organisations structure both their internal EMS audit arrangements and their periodic evaluation of compliance.
It's also worth noting that the guidance states that "It is the organisation’s responsibility, and a function of the EMS, to ensure that the organisation periodically evaluates compliance with each and every applicable legal requirement and that it is aware of its compliance status." Although auditing can be used to support this, (dependent upon the size scale and complexity of the organisation) sampling just a few legal requirements and then assuming that this represents compliance with "each and every legal requirement.." wouldn't be acceptable.
See UKAS document http://www.european-accr...n.org/n1/doc/ea-7-04.pdf Section 3.7.2 and 4 are key (And support the content of this posting)
Anyway the same logic is being applied to EofC for BSOHSAS18001:2007
The idea is to keep separate from Audit to allow for clarity and to follow a plan:(although for very low impact organisations it is possible to combine with audit - each case is different)
It is possible to consider ranking the entries on the register of legal and requirements ie H M L with respect to impact significance - and linkage into aspect evaluation / risk assessment and operational control
Then it is possible to use this information ie the impact (what the legislation means to the business) as a question set to test compliance and therefore prove evaluation of compliance has taken place
The ranking would help demonstrate impact/significance has been recognised and importance attached to test plus it is then easier to plan/schedule based upon significance
Do it in line with the Management Review/Audit Cycle so that feedback in relation to So How Compliant are we” can be challenged at the Management Review
Also bear in mind the need to be stronger with respect to corrective and preventive action especially findings closeout period ie asap that day for obvious reasons (a finding reflects a breach or possible breach and needs to be dealt with straight away - well as straight away as practically possible
As usual I am happy for any further off line discussion @
davidbalkwell@mobileemail.vodafone.net
Regards
David
|
|
|
|
|
|
Rank: Guest
|
Posted By Carl Deaves
David
Were you with one of the UKAS accredited ohsas 18001 certification bodies or one of the none accredited ?
|
|
|
|
|
|
Rank: Guest
|
Posted By Robert K Lewis
David
Excellent summary of this important clause. Just wonder whether it will be remembered by those involved. Doubtless like you I see many organisations who see this clause as simply checking that they have listed all relevant legislation and other requirements pertaining to the business.
Bob
|
|
|
|
|
|
Rank: Guest
|
Posted By David Balkwell
Firstly FAO Carl:
Yes I was witnessed for 18001 with a UKAS Accredited Certification Body - I have been witnessed over the last 19 yrs, 15 times for a total of 32 days for 9k BS7750 EMAS ISO14001 and 18k, oh and two National Highways Sector Schemes
Second Robert:
Many thanks for your kind words - its been a long hard slog to keep beating the interpretation drum and it import we communicate the correct interpretation - Many of us work hard every day to ensure Management Systems Certification is not just the badge on the wall but is an important business management tool - I provide Certification Assessment resource to many UKAS Accredited certification bodies - On average I raise 8-10 Major NCR's per quarter - When the reasons are explained and how the standard will enhance /improve the business then resolution is always welcome - but as you well know to do that you need to understand the standards inside out and know exactly how to apply them
Email me off line I would be interested to know your background
Regards
David
|
|
|
|
|
|
Rank: Guest
|
Posted By R Joe
David / Bob
Interesting discussion. Putting 18001 to one side for a moment, however, isn't the underlying issue the often very narrow, unquestioning approach to OHS auditing? There isn't in my experience a one size fits all OHS audit that can be rolled out annually to confirm all aspects of OHS management or all aspects of OHS legal compliance. If an informed debate takes place as part of the bigger picture of internal control at the start of the annual audit programme, a question about what aspects of legal OHS compliance need to be audited, why, and what level of confidence is being sought, should be part of this. There are many aspects of OHS that can be audited, the issue is understanding what is needed over the next 12 months and why (as well as where to best target resources). This is where many approaches to OHS auditing fall down, they are too regimented, restrictive and silo based.
Used as you would like to see it, 18001 takes account of this I suspect, the danger is that used as many practitioners seem to approach it, it provides one unquestioning approach to replace another. Just a thought.
|
|
|
|
|
|
Rank: Guest
|
Posted By David Balkwell
Hi Joe
You are quite right Joe one size does not fit all - All this should be based upon "size , scale and complexity of the organisation" which needs to be the basis of the decision on how to tackle this
However - also lets not mix internal audit with certification audit they have two different purposes
The point in the standards (14k & 18K ) of course is that EofC is a separate clause to internal audit - by design to ensure the intent is met
The related legal and requirements processes, identification, management and incorporation into RA/Aspect Evaluation and Operational Control through to EofC can be done through the internal audit process
Important point that EofC needs to be added to the usual Internal Audit programme and internal audits carried out
But the EofC exercise is different and evidence of meeting its intent raises many issues
The final point you make Joe I guess reinforces the point that this is not widely understood and needs to be
Good topic point
Regards
David
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.