1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hello and Welcome to The Quality Forum Online...Continuing in the spirit of People Helping People !
    Dismiss Notice
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Legal requirements compliance ... To keep OR keep away from QMS

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Somashekar, Aug 17, 2015.

  1. Somashekar

    Somashekar Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    97
    Trophy Points:
    27
    With the needs and expectations of relevant interested parties and the context of the organization required to interact with the quality management system as shown in the figure 2 on page viii AND with the standard telling the the FDIS does not include requirements specific to other management systems, such as those for environmental management, occupational health and safety management, or financial management.....
    Would you consider the compliance requirements of environment and occupational health and safety (Legal requirements) included within the quality management system ~~~~~
    What will your RBT tell you from the point of view of the need to demonstrate the ability to consistently provide products and services.
     
  2. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    637
    Likes Received:
    190
    Trophy Points:
    42
    Does section 7.1.4 not address Health and safety?? If occupational health and safety and social responsibility are excluded how do you audit this clause of the standard.Thanks.
     
  3. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    197
    Likes Received:
    155
    Trophy Points:
    42
    Location:
    Northeast USA
    Me, personally, ... I want one management system.
    As such, the various needs of the organization (EH&S, processes, formulations, testing, order acknowledgements, vacation/personal time, the whole ball of wax) are covered in a single system.
    That system facet-by-facet is compliant with whatever interested or accrediting party governs that facet.

    Safety: governed by OSHA, DEP and ISO
    Testing: governed by ISO
    Finance: governed by SEC, IRS and ISO
    and on and on...
     
  4. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    586
    Likes Received:
    425
    Trophy Points:
    62
    Location:
    USA
    As of now, legal requirements are covered under 4.1 but are limited to product. With both the 2008 and the 2015 revision we ought to consider the risk of labor disruptions from safety problems that may remove key personnel and affect performance to metrics like on-time delivery. This may sound harsh - I do care about safety for the people's sake, but I am drawing the links to the QMS. Some of my clients already do this and include "Zero injuries" as a quality metric.

    With an arrangement like that the safety regulatory body becomes a stakeholder in ISO 9001:2015 and its requirements made a part of the quality management system. In this way ISO has been moving toward increased systems integration. Having more integration would allow us to notice if working too many days with long hours impacts work performance and becomes a factor in product/service quality.

    If you are using a modified FMEA it would be possible to put all the risk management documentation into one document, but I would not find that necessary. I would consider using Excel with one tab each for quality, safety and environmental as their factors can be very different, and listing the top risk factors from each on one tab for the sake of convenient review.
     
    Somashekar likes this.
  5. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    197
    Likes Received:
    155
    Trophy Points:
    42
    Location:
    Northeast USA
    I can't help but think that there are really only two paths here...

    1. You've considered risk vs. reward all along, and you've either made a good business or gone under. On this path, I don't see much change with the adoption of ISO 9001:2015

    2. You don't really consider risk and you are in it for the quick bucks. ISO 9001:2015 will be a nice logo that lets you have customers for a little while.

    As much of a foundation change as it is in terms of what ISO focuses on...it really isn't a big change to the company.
    If we did not consider risk all along, we wouldn't be here.
    Now that it is required, I see no real need to spend a ton of time in meetings drafting up FMEAs for what is considered common knowledge already.
    Gonna be a fun first audit.
     
    Jennifer Kirley likes this.
  6. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    586
    Likes Received:
    425
    Trophy Points:
    62
    Location:
    USA
    I agree. Also I agree that there's no need to draft a bunch of FMEAs when you have other documentation in place and RBT can be demonstrated in other ways. ISO tends to support that in section 6 of its guidance document ISO/TC 176/SC2/N1276.
     
  7. Somashekar

    Somashekar Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    97
    Trophy Points:
    27
    The EHS legal requirements are relevant to the organization quality management system to improve its overall performance and provide a sound basis for sustainable development initiatives.

    The EHS legal requirements helps in addressing risks and opportunities associated with its context and objectives, and hence its ability to EXIST and therefore consistently provide products and services that meet whatever whatever ~~~

    BUT

    There is no requirement in this International Standard for the organization to consider interested
    parties where it has decided that those parties are not relevant to its quality management system. It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its quality management system. [ From the FDIS A3.]

    MY TAKE ….

    The EHS legal requirements hence has all the reasons to be considered as requirements of corresponding interested parties relevant to its quality management system
     
    Jennifer Kirley likes this.
  8. Somashekar

    Somashekar Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    97
    Trophy Points:
    27
    The organization can only decide that a requirement is not applicable if its decision will not result in failure to achieve conformity of products and services., [From the FDIS A5.] Missing here is the “Consistently provide products and services”

    I WOULD LIKE TO SEE THIS:

    The organization can only decide that a requirement is not applicable if its decision will not result in failure to achieve conformity of products and services., AND TO CONSISTENTLY PROVIDE PRODUCTS AND SERVICES
     
    Jennifer Kirley likes this.
  9. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    637
    Likes Received:
    190
    Trophy Points:
    42
    Thank you. This post was very enlightening.
     
  10. Randy A. Kaczynski

    Randy A. Kaczynski Member

    Joined:
    Aug 3, 2015
    Messages:
    16
    Likes Received:
    9
    Trophy Points:
    2
    ISO/FDIS 9001:2015 reference to the "applicable statutory and regulatory requirements" refer only to the products and services provided, nothing else.
     
    Sidney Vianna likes this.
  11. Somashekar

    Somashekar Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    97
    Trophy Points:
    27
    Yes Randy. This is perfectly understood.
    When my customer is an interested party, and he tells me that I have to respect and be compliant with all my applicable legal requirements which governs my existence and operation. Why does he say so?
    He wants to be sure that I am not forced to close operations due to any violations and therefore not be able to consistently provide products and services.
    In this case, would you then consider all applicable legal requirements which governs your existence and operation into your QMS activity for the PDCA.
    Even if the customer does not ask of you, you are required to respect and be compliant with all the applicable legal requirements which governs your existence and operation.
    In which case based on the standard's intent, why not make all the applicable legal requirements which governs your existence and operation, a part of your QMS ??
    One of the key purposes of a quality management system is to act as a preventive tool.... See clause A.4 in the FDIS
    The FDIS at several places indicates to consider them in the scope.... And then also says this ....
    There is no requirement in this International Standard for the organization to consider interested parties where it has decided that those parties are not relevant to its quality management system. It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its quality management system. [ From the FDIS A3.] ... SO KEEP or KEEP AWAY ~~~ ???
     
    Jennifer Kirley likes this.
  12. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    586
    Likes Received:
    425
    Trophy Points:
    62
    Location:
    USA
    Your customer has apparently considered the value of responsible activities, possibly in light of the effects well publicized corporate safety and environmental-related disasters in the U.S. If this customer's business is valuable enough to drive integrated safety, environmental (as some European companies do) and quality systems, so be it. Your organization might otherwise choose to do it based on a projected ROI from safe practices. Whichever the case, these regulations not directly related to product or service quality could be handled under a safety/environmental system as long as you can show the customer it's being done. The customer does not have the right to dictate how the thing will be done if you don't allow them to; just that it will as a condition of their business involvement with you. If you choose to have safety and environmental management systems, it is best to manage them - starting with Legal and Other Requirements, in the most appropriate fashion for your organization's success.
     
    Somashekar likes this.
  13. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    171
    Trophy Points:
    42
    I am strongly in the camp that opposes the view that any and all legal requirement becomes, by default, part of the QMS.

    Any organization that allows that misperception to take place will then be "forced" to allow external parties to assess very sensitive records. In addition to EHS legal requirements, if an organization is publicly traded in the stock market, requirements such as Sarbanes Oxley apply. Would you open your financial records and disclosures to a CB auditor performing an audit against ISO 9001?

    It would be very easy to make a case that financial risks could lead to an organization failing to fulfill their order commitments.

    I don't understand how, after reading 0.4 and A.3 of the FDIS ISO 9001:2015 people would still think that ANY legal requirement is a legit aspect of a QMS. That has not changed from ISO 9001:2008. Legal requirements, in the context of ISO 9001, STILL limits itself to PRODUCT CONFORMITY.

    At least, in my view.
     
    Last edited: Aug 21, 2015
    Eric Twiname, MCW8888 and Somashekar like this.
  14. Eric Twiname

    Eric Twiname Well-Known Member

    Joined:
    Jul 31, 2015
    Messages:
    197
    Likes Received:
    155
    Trophy Points:
    42
    Location:
    Northeast USA
    Totally agree. The key words, IMO, are "by default"...you may choose to incorporate all in one, or keep them separate, depending on the bigger picture and the repercussions of going one way or the other. Yet again a cost/benefit judgement.
     

Share This Page