Our Consultancy and Training Services In

Our Consultancy and Training Services In

Ourconsultancy and training services in

International management systems

ISO9001:2008 QMS

ISO14001:2004 EMS

ISO22000:2005 FSMS

ISO 27001:2005 ISMS

SA8000 2008 SAMS

note: we also have OHSAS and IMS expertise QUALITY MANAGEMENT SYSTEM (ISO 9001)

1) INTRODUCTION– The need for ISO 9001 Quality Management System

The Internet age has ensured that national frontiers are fast vanishing and the world is becoming a single market .The Indian economy has become irreversibly integrated with the global economy .We have no time for complacency. These are times when only the fittest will survive. Our past success does not guarantee even our future survival. Competition and customer expectations are increasing day by day. Deregulation, globalisation and opening up of the Indian market are current realities, which cannot be wished away. We have to rapidly adapt ourselves changes.

The present scenario demands that we attain World Class levels of Productivity and Quality. This has to be an organization-wide concern and all levels of personnel in the organization are to gear up to ensure survival and achieve prosperity.

We have to attract, serve and retain customers and continually improve our performance. (See Fig. 1)

Even if you are on the right track, you will be run over if you sit still.

2) ISO 9001 QUALITY SYSTEM

It is an international standard brought out by the International Organization for Standardisation based in Geneva, Switzerland. It is about customer satisfaction and continual improvement.

In the ISO 9000 family of the 1994 version, there were three separate certifiable standards

ISO 9001 – Model for Quality assurance in Design Development Production Installation and servicing, ISO 9002 – Model for Quality assurance in Production Installation and servicing, ISO 9003 – Model for Quality assurance in Final Inspection and testing.

In 2000 version, all are merged into a single standard. i.e. ISO 9001 : 2000 – Quality Management system requirements (Second revision). Now in 2008 November the 2008 version has come out .New organisations are certified as per the new version only.

3) ISO 9001:2008 IMPLEMENTATION A STEP BY STEP PROCEDURE

Various steps of ISO 9001 implementation are as follows. We will be actively involved in all the steps helping and guiding you.

  1. Study the entire system of operation of the organization
  2. Top Management Workshop & Core group Training
  3. Identification of Quality Policy and improvement Objectives
  4. Preparation, Approval & Release of

Quality System Manual

Quality System Procedures

Product Specification

Quality Plan &

Work Instructions

Formats

5. Staff & Employee training

6. Commencement of System implementation.

7. Internal Quality Auditor Training.

8. First Internal Quality Audit

9. Corrective Action

10. First Follow up Audit

11. First Management Review Meeting

12. Selection of Third Party Auditor

13. Second Internal Quality Audit

14. Corrective Action

15. Second Follow up Audit

16. Second Management Review Meeting

17. Pre-assessment Audit by Third Party Auditor

18. Corrective Action on Pre-assessment findings

19. Follow up Audit

20. Certification Audit by Third Party Auditor

21. Corrective action on certification audit findings

22. Receipt of Certificate (Valid for three years)

4) BENEFITS OF ISO 9001 CERTIFICATION

  1. High level of Customer Satisfaction and lesser Customer Complaints
  2. Transparency in working of the Organisation
  3. Reduction in defects
  4. Reduction in Wastage and subsequent Cost savings
  5. Reduction in “Firefighting” and Crisis Management
  6. Improved delivery to Customer
  7. Higher credibility with prospective Customers especially overseas buyers
  8. Introduction of Professional Management Practices
  9. Better Accountability of Supervisory staff
  10. Measurable improvement in Operational Performance through better efficiency and effectiveness. (see Fig. 3)
  11. Better Resource utilization
  12. Disciplined approach to work
  13. Work ceases to be dependent on the person doing the job
  14. Higher Quality awareness among workmen
  15. Better management of Subcontracted activities

Fig. 2Deming Cycle

Part 2 ENVIRONMENTAL MANAGEMENT SYSTEM (ISO 14001)

1) WHY ISO 14001

During the last few centuries man has made unbelievable progress. Many landmark discoveries and inventions have contributed towards better living in many respects. However, some of the activities undertaken to improve the quality of life have backfired, owing mainly to lack of forethought and inability to foresee long-term effects.

Problems faced by us today such as Environmental Pollution, Acid Rain, Ozone Depletion, Greenhouse Effect, Cancer, and other Health Hazards are a few of the unforeseen results of man’s overindulgence in using natural resources. Population explosion and industrialization have caused the degradation of our environment to such an extent that life on planet earth is at great risk. Unless drastic and urgent measures are undertaken to check further damage and to undo the harm already done, the earth will cease to be a planet of living systems.

Many of the damages done to the environment are irreversible.

One approach for a better environment is to plan for reducing the environmental impacts. A systematic addressing of the issues will result in achieving better results, and this approach can be achieved through an environmental management system (EMS).

2) THE STANDARDThe ISO 14001 standard is a structure for Environmental Management that the international Organisation for standardization (ISO) has issued in September 1996 and revised on 15th November 2004. The standard is based on the principles of continual improvement in Environmental performance of a company’s Environmental aspects. The standard has utilized the TQM concept of Plan-Do- Check-Act, (Fig. 2) thus causing improvement. ISO 14001 is the specification of an Environmental Management System. It contains a set of requirements that a company has to address and implement in its activities. The basic purpose is to continually improve its Environmental Performance. The standard also makes clear requirement that the industry and the people within it shall be committed towards prevention of pollution. Prevention of pollution has an altogether different meaning when it applies to the company where it may be the provision of appropriate technology, techniques and resources to avoid pollution at source, rather than depend on end-of-pipe treatment. For people within the company, the prevention of pollution is by their acts and practices that avoid a pollutant to enter into the environment. Another commitment desired from a company is the explicit commitment to Legislative Compliance. This means that the company complies with the applicable Environmental laws, which is something a company has to do so in the first place itself.

3) NEED FOR IMPLEMENTING ISO 14001

In order to have control on all activities of the Organisation, which can affect the environment, and to ensure that no activity is detrimental to the environment. Positive aspects of the Organisation will be enhanced. Mandatory compliance to environmental laws and regulations will become easier to meet. Environmental performance of the organisation (which is a liability for most organisations) becomes an asset.

4) STEPS

  1. Documentation of the system
  2. Identification of aspects and impacts
  3. Environmental policy and objectives
  4. Regulatory requirements
  5. Emergency preparedness plan
  6. Competence requirements
  7. Operation and control procedures
  8. Monitoring methods
  9. Nonconformity control
  10. Document control
  11. Record control
  12. Environmental management programmes EMPs
  13. Implementing the system
  14. Training all employees
  15. Auditing implemented system
  16. Taking action on audit findings
  17. Conducting management reviews
  18. Acting on review decisions
  19. Certification audit by the certifying body

The certificate is valid for three years. The certifying body will conduct periodic surveillance audit during the 3 years. At the end of three years, the certificate is to be renewed.

5) BENEFITS OF IMPLEMENTING ISO 14001 SYSTEM

  1. Better credibility with the customers, public, authorities and other interested parties
  1. Confidence to management about the effective functioning of the system
  1. Improve regulatory compliance and proving due diligence
  1. New customers/ markets
  1. Increased employee morale
  1. Enhanced image with public
  1. Conserving resources thereby savings in cost
  1. Prevention of environmental disasters/ accidents
  1. Reduction of health hazards to employees and public

Fig. 3Process Approach

Part 3FOOD SAFETY MANAGEMENT SYSTEM ISO 22000:2005

To Ensure Integrity of Food Supply Chain

1. AIM:-

  1. Control food safety hazards in order to consistently provide safe end products that meet both requirements agreed with the customer and those of applicable food safety regulation.
  2. Enhance customer satisfaction through the effective control of food safety hazards.

2. APPLICABILITY: - all type of organisations within the food chain (Farm to fork)

-Feed producers

-Primary producers

-Food Manufacturers

-Transport and storage operators

-Subcontractors

-Retail and food service outlets (Hotels and caterers)

-Manufacturers of Equipment, packing material, cleaning agents& Additives, Ingredients.

3. FOOD SAFETY: -Preventing food borne hazards at the point of consumption

4.METHODOLOGY: -Combine HACCP plans and pre requisite programmes (PRPs) to ensure hazard control. PRPs are further divided into infrastructure and maintenance (PRPs) and operational PRPs. Identify the risks evaluate the risks and take action. Keep improving through verification of effectiveness.

5. BENEFITS:-

Increased Due Diligence

More Efficient And Dynamic Food Safety Hazard Control

All Control Measures Subjected To Hazard Analysis

Fill The Gap Between ISO 9001:2000 And HACCP.

System Approach Rather Than Product Approach.

Covers the entire Food chain.

Make the organization ready to meet the requirements of new FOOD SAFETY ACT.

Easier to meet the new food safety bill requirements

Better traceability

6. STEPS IN IMPLEMENTATION

  1. Training of top management
  2. Identification of FOOD SAFETY POLICY AND OBJECTIVES
  3. Formation of inter disciplinary FOOD SAFETY TEAM & appointment of Team Leader.
  4. Development of documentation of the Quality Manual, Food Safety Manual and procedures. ( Including the following lower level documents )
  1. Emergency preparedness and response plan
  2. Product description including raw materials ingredients and food contact materials [also covering statutory & regulatory requirements]
  3. Prerequisite Programmes (PRP)
  4. Quality Plan
  5. Flow diagram, process steps, control measures, traceability system
  6. Hazard assessment
  7. Selection and assessment of control measures
  8. HACCP Plan
  9. Operational Prerequisite programmes
  10. Withdrawal programme(Product recall procedure)
  11. Formats
  1. Training of Internal Auditors.
  2. Implementation of the system
  3. Internal Audits (Food Safety) as per the system and follow up activities
  4. Management Review Meetings
  5. Pre-assessment audit by third party auditor
  6. Audit of third party auditor and clearance of certification audit in two phases

10.1 Pre assessment

10.2 Certification (valid for three years)

Part 4INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) ISO 27001

1) AIM: -A comprehensive information security management system (ISMS) plays a critical role in ensuring the ability of your organization to successfully face information security threats from a wide range of sources and continue your operations. It is so due to the present day trend of paperless office and businesses being too dependent on internet/e-mail communication/wide area networks etc. Being online can sometimes be a nightmare. The sources of these threats may include sabotage, espionage, vandalism, fraud, hacking etc (remember the Gurgaon or the Bangalore BPO: Bank fraud cases?)

The standard ISO 27001 lays down the principal elements and policies of the organization’s information security system. These include risk assessment and management, objectives for control of information security practices and business continuity management processes. The standard also seeks the organization to establish a set of comprehensive and balanced system of measurements to monitor and review the performance of information security management system. The risk management and business continuity management form the most important elements of the standard. These help the management to determine the priorities for managing information security risks and identify appropriate actions to address these risks and to meet the requirements and expectations of interested parties.

2) BENEFITS

Commitment: certification serves as a guarantee of the effectiveness of the effort put into rendering the organization secure at all levels, and demonstrates the due diligence of its administrators.

Compliance: certification demonstrates to competent authorities that the organization observes all applicable laws and regulations & contractual requirements.

Risk management: leads to a better knowledge of information systems, their weaknesses and how to protect them. Equally, it ensures a more dependable availability of both hardware and data.

Credibility and confidence: Partners, Shareholders and Customers are reassured when they see the importance afforded by the organization to protecting information. Certification can help set apart a company from its competitors and in the marketplace

Reduced costs related to information security breaches, and possible reduction in insurance premiums.

Improves employee awareness of information related issues and their responsibilities within the organization.

Better Business continuity and recovery from emergency situations so as to meet SLAs

3) SUMMARY OF THE STANDARD [CONTROL OBJECTIVES]

  1. Information security policy

Provide management direction and support for information security. Defines corporate objectives for information security

  1. IT security organisation & 3rd party connections

Manage information security within the company. Maintain the security of organizational information processing facilities and information assets accessed by 3rd parties (suppliers, partners, customers).

Maintain the security of information when the responsibility for information processing has been outsourced to another organization.

  1. Assets classification and control

Determine and maintain appropriate protection of corporate assets.

  1. Personnel security

Reduce risks of human error, theft, fraud or misuse of facilities. Ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work. Minimize the damage from security incidents and malfunctions and learn from such incidents.

  1. Physical & environmental security

Prevent unauthorised access, damage and interference to business premises and information. Prevent loss, damage or compromise of assets and interruption to business activities. Prevent compromise or theft of information and information processing facilities.

  1. Computer & network management

Ensure the correct and secure operation of information processing facilities.

Minimise the risk of systems failures. Protect the integrity of software and information.

Maintain the integrity and availability of information processing and communications.

Ensure the safeguarding of information in networks and the protection of the supporting infrastructure.

Prevent damage to assets and interruptions to business activities. Prevent loss, modification or misuse of information exchanged between organizations.

  1. System access control

Control access to information. Prevent unauthorized access to information systems. Ensure the protection of networked services. Prevent unauthorized computer access.

Detect unauthorised activities. Ensure information security when using mobile computing and teleworking facilities.

  1. System development & maintenance

Ensure security is built into operational systems. Prevent loss, modification or misuse of user data in application systems. Protect the confidentiality, authenticity

and integrity of information. Ensure IT projects and support activities are conducted in a secure manner. Maintain the security of application system software and data.

  1. Business continuity planning

Counteract or prevent interruptions to business activities and to critical business processes from the effects of major failures or disasters.

  1. Compliance

Avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements.

Ensure systems security parameters, operating procedures etc. comply with organisational security policies and standards.

Maximize the effectiveness of and to minimize interference to/from the system audit process.

4) STEPS IN IMPLEMENTATION OF ISMS

  1. Training of top management
  2. Identification of ISMS POLICY AND OBJECTIVES
  3. Awareness training to all employees
  4. Development of documentation ISMS DOCUMENTS
  5. Identification of information assets
  6. Risk assessment methodology [ including legal & contractual requirements]
  7. Risk assessment
  8. Defining the scope of ISMS
  9. Identifying the appropriate control objectives and controls
  10. Statement of applicability
  11. Risk treatment plan
  12. Procedures as per ISMS
  13. Business continuity Plan
  14. Formats
  15. Training of Internal Auditors.
  16. Implementation of the documented system
  17. Internal Audits (ISMS) as per the system and follow up activities
  18. Management Review Meetings
  19. Pre-assessment audit by third party auditor
  20. Audit of third party auditor and clearance of certification audit in two phases

10.1 Pre assessment

10.2 Certification (valid for three years)

SA8000

SA8000 is a global social accountability standard for decent working conditions, developed and overseen by Social Accountability International (SAI). Detailed guidance for implementing or auditing to SA8000 is available from its website. SAI offers training in SA8000 and other workplace standards to managers, workers and auditors. It also operates an accreditation agency that licenses and oversees auditing organizations to ward certification to employers that comply with SA8000.

Basis

SA8000 is based on the UN Universal Declaration of Human Rights, Convention on the Rights of the Child and various International Labour Organization (ILO) conventions. SA8000 covers the following areas of accountability:

Child labour

Forced labour

Workplace safety and health

The right to organize

Discrimination

Workplace discipline

Working hours

Wages

Management system for Human Resources

Corporate social responsibility

Respect for human rights

Fair treatment for the workforce

Protecting the environment

Ethical behaviour of the organization

Being a good neighbour

Details of the standard

The first global standard for ethical sourcing

Designed for independent verificationA global standard, designed for use by any
company, anywhere in the worldHas been developed with stakeholdersIs designed to take local laws andrequirements into account

Certifications

More than 640,000 workers are employed in 1200 facilities certified to SA8000, in 60 countries and 70 industrial sectors. The industrial sectors with the most certifications include apparel and textiles; building materials; agriculture; construction; chemicals; cosmetics; cleaning services and transportation. The countries with the most certification to SA8000 include Brazil, India, China and Italy.

Top View