Transitie checklist ISO :2015

Transcriptie

1 Transitie checklist ISO :2015 Klant : Project nummer : Lead Auditor / Auditteam : Datum uitgevoerd : Dit document geeft alleen de specifieke wijzigingen en nieuwe eisen van de ISO :2015 aan. In sommige gevallen is een note aangegeven om de normeis te verduidelijken, in de rechterkolom is aangegeven wat er verwacht mag worden en wat de auditor zou moeten kunnen vaststellen. Die tekst mag gedelete worden zodra er wordt ingevuld hoe de organisatie wel/niet aan de eisen voldoet. Benoem de beoordeelde documenten/registraties en geef in het kort een toelichting aan hoe deze invulling geven aan de normeis. Minimale documentatie eisen: In dit document is aangegeven bij welke normeisen documentatie wordt vereist of dat er alleen sprake is van de verplichting dat de organisatie eea moet vaststellen. Documentation requirements Zie Appendix 1: Documentation requirements ISO 9001:2015 (achteraan dit document) Documentation equirements Zie Appendix 2: Documentation requirements ISO 14001:2015 (achteraan dit document) DNV GL ISO :2015 Transitie Checklist Page 1 of 9

2 Veranderingen Element Items reviewed Resultaat OK? Beoordeelde documentatie, registratie en informatie 4.1 Inzicht in de organisatie en haar context Hoe heeft de organisatie externe en interne belangrijke punten (issues) vastgesteld die relevant zijn voor haar doel en de strategische richting ervan? Note: - Dit kunnen positieve en negatieve factoren zijn. - Externe factoren kunnen voortkomen uit juridische, technologische, concurrentie-, markt-, culturele, maatschappelijke en economische omstandigheden, zowel internationaal, nationaal, regionaal als lokaal. - Interne factoren kunnen verband houden met waarden, cultuur, kennis en de prestaties van de organisatie. Er is geen document vereist, maar dit zou herleidbaar moeten zijn in notulen van vergaderingen, strategie c.q. strategische analyse, SWOT analyse etc. afhankelijk van de complexiteit van de organisatie. Specifiek voor 9001 Hoe worden deze issues gemonitoord en beoordeeld? Welke milieueffecten kan de organisatie zelf beïnvloeden c.q. kunnen de organisatie beïnvloeden? 4.2 Inzicht in de behoeften en verwachtingen van belanghebbenden Hoe heeft de organisatie vastgesteld: - welke belanghebbenden relevant zijn voor het MS - welke eisen van deze belanghebbenden relevant zijn voor het MS Ook hier geen documentatie vereist, maar verwacht mag worden dat de uitkomst van de stakeholderanalyse is verwerkt in een tabel met verschillende belanghebbenden en overeenkomstige behoeften en verwachtingen (eisen). Specifiek voor 9001 Hoe wordt de informatie over deze belanghebbenden en hun relevante eisen gemonitoord en beoordeeld? Welke behoefte en verwachtingen betreft compliance verplichtingen? 4.3 Het toepassingsgebied van het kwaliteits- Is de scope van het MS vastgelegd en zijn de producten, diensten en uitsluitingen hierin opgenomen? Dit dient gedocumenteerd te zijn. DNV GL ISO :2015 Transitie Checklist Page 2 of 9

3 Veranderingen Element Items reviewed Resultaat OK? Beoordeelde documentatie, registratie en informatie managementsysteem vaststellen Note: Bij het vaststellen van de scope moet de organisatie het volgende overwegen: - de in 4.1 genoemde externe en interne belangrijke punten (issues) - de in 4.2 genoemde eisen van relevante belanghebbenden Is de scope beschikbaar voor stakeholders? 4.4 QMS en de processen ervan Heeft de organisatie van de processen vastgesteld: - de inputs en outputs - de bijbehorende prestatieindicatoren - de verantwoordelijkheden en bevoegdheden - de risico s en kansen (zie ook 6.1) Hier dient de organisatie documentatie bij te houden om de processen te ondersteunen en aan te tonen dat de processen beheerst verlopen. Note: In de norm ISO 9001:2015 staat onder een schematische weergave van de elementen van een proces Deze eis is nvt voor milieu. 5.1 Leiderschap en betrokkenheid Hoe is leiderschap aantoonbaar van de directie i.r.t.: - de effectiviteit van het MS - de strategie van de organisatie - integratie van eisen in de processen - het betrekken van de medewerkers om het MS te ondersteunen Dit is bvb terug te vinden in de strategie, beleid, doelstellingen, interne communicatie, (management) meetings maar ook zichtbaarheid van de directie. Specifiek voor proces- en risicogericht denken Geen extra eisen. 5.2 Beleid Is het beleid compatibel met strategische richting en de context van de organisatie? Dit dient gedocumenteerd te zijn. Bevat het beleid een verbintenis tot bescherming van het milieu, waaronder DNV GL ISO :2015 Transitie Checklist Page 3 of 9

4 Veranderingen Element Items reviewed Resultaat OK? Beoordeelde documentatie, registratie en informatie preventie van milieuvervuiling en andere relevante specifieke verbintenis(sen) Note: Andere specifieke verbintenissen tot bescherming van het milieu kunnen onder andere bestaan uit duurzaam gebruik van hulpbronnen, het tegengaan van en aanpassen aan klimaatverandering, en het beschermen van biodiversiteit en ecosystemen. 6.1 Acties om risico s en kansen op te pakken Is er sprake van een systematische aanpak om de risico s en kansen vast te stellen, rekening houdend met de factoren uit 4.1 en de stakeholderanalyse uit 4.2. Je mag verwachten dat er registraties worden bijgehouden, dit zijn zowel corrigerende als preventieve maatregelen. Note: voor milieu gaat het primair om de high level risico s Hoe zijn acties en beheersmaatregelen voortkomend uit de risico s en kansen geïmplementeerd in de processen zoals gedefinieerd in 4.4? Hoe wordt de effectiviteit van de acties en beheersmaatregelen geëvalueerd? Is bij het vaststellen van de milieuaspecten en bijbehorende impact rekening gehouden met: - een levenscyclusperspectief - abnormale omstandigheden - redelijkerwijs voorzienbare noodsituaties Note: Kenmerkende fasen van de levenscyclus van een product (of dienst) zijn het winnen van grondstoffen, ontwerp, productie, transport/levering, gebruik, behandeling bij het einde van de levensduur en de definitieve verwijdering. (zie A van de norm) 6.2 Kwaliteitsdoelstelling en en de planning om ze te bereiken Zijn de doelstellingen: - consistent met de strategie en de vastgestelde factoren uit relevant voor het voldoen aan eisen van producten en Doelstellingen dienen te zijn gedocumenteerd. De methode van evaluatie van doelstellingen dient te zijn vastgesteld, dit kan per doelstelling verschillen. DNV GL ISO :2015 Transitie Checklist Page 4 of 9

5 Veranderingen Element Items reviewed Resultaat OK? Beoordeelde documentatie, registratie en informatie diensten en voor het verhogen van de klanttevredenheid Hoe worden de resultaten geëvalueerd? Note: voor het monitoren van meetbare milieudoelstellingen dienen milieuindicatoren te zijn opgesteld Houden de doelstellingen rekening met: - de belangrijke milieuaspecten - de bijbehorende compliance verplichtingen - risico s en kansen 6.3 Planning van wijzigingen Worden wijzigingen in het QMS op geplande (systematische) wijze doorgevoerd? Er is geen eis van 1 methode, maar volgens de HLS (zie ook 8.1) is management of change vereist, de norm verwijst ook naar 4.4. v.w.b. beheersing van processen. Hier zit ook een link met als het gaat om noodzakelijke kennis vaststellen, borgen en beheersen. Wordt er rekening gehouden met: - het doel van de wijzigingen - gevolgen (risicobenadering) - noodzakelijke middelen - verantwoordelijkheden en bevoegdheden Deze eis is nvt voor milieu Kennis binnen de organisatie Hoe houdt de organisatie rekening met noodzakelijke kennis om te kunnen (blijven) voldoen: - werking van de processen - kwaliteit van producten en diensten - wijziging in behoeften en trends (reageren op de factoren uit 4.1. en de behoefte en verwachtingen uit 4.2) Dit is kennismanagement en gaat verder dan kennis van mensen, maar betreft ook die van (data)systemen, processen, routines, samenwerking, etc. Note: Dit is kennis die specifiek is voor de organisatie, verkregen door ervaring en kan worden gebaseerd op: a) interne bronnen (bijv. intellectueel eigendom; aan ervaring ontleende kennis; lessen die zijn geleerd uit mislukkingen en geslaagde projecten; het opvangen en DNV GL ISO :2015 Transitie Checklist Page 5 of 9

6 Veranderingen Element Items reviewed Resultaat OK? Beoordeelde documentatie, registratie en informatie delen van niet-gedocumenteerde kennis en ervaring; de resultaten van verbeteringen in processen, producten en diensten); b) externe bronnen (bijv. normen; academische wereld; conferenties; het vergaren van kennis van klanten of externe aanbieders). Deze eis is nvt voor milieu. 7.4 Communicatie Heeft de organisatie vastgesteld welke interne en externe communicatie relevant is, inclusief: a) waarover te communiceren; b) wanneer te communiceren; c) met wie te communiceren; d) hoe te communiceren; e) wie er communiceert. Hoe voorziet interne communicatie in de mogelijkheid voor de medewerkers om bij te dragen aan continue verbetering? Dit kan communicatie zijn naar alle stakeholders, zoals klanten en overheden. Hoe wordt milieurelevante informatie extern gecommuniceerd en voorziet deze in compliance verplichtingen? 8.1 Operationele planning en beheersing Hoe beheerst de organisatie het doorvoeren van geplande en de consequenties van onbedoelde wijzigingen? Hier is documentatie verplicht van zowel de uitvoering als de uitkomst van processen. Wordt er rekening gehouden met de vastgestelde processen volgens 4.4, en de acties die benoemd zijn onder 6.1 om risico s en kansen op te pakken? Note: in dit normelement worden ook eisen gesteld over beheersing van uitbestede processen, die zijn verder onder 8.4 uitgewerkt. Hoe worden milieueisen meegewogen vanwege het levenscyclusperspectief DNV GL ISO :2015 Transitie Checklist Page 6 of 9

7 Veranderingen Element Items reviewed Resultaat OK? Beoordeelde documentatie, registratie en informatie bij: a) het ontwerp- en ontwikkelproces, met overweging van elke fase van hun levenscyclus; b) inkopen c) de inzet van externe leveranciers, met inbegrip van aannemers (ook uitbesteed werk) d) communicatie over mogelijke belangrijke milieueffecten in verband met transport of levering, gebruik, behandeling bij het einde van de levensduur en definitieve verwijdering 8.2 Voorbereid zijn en reageren op noodsituaties Hoe wordt in relatie met de vastgestelde kansen en bedreigingen uit 6.1 de noodsituaties vastgesteld? Hier is documentatie verplicht om te kunnen aantonen dat dit volgens planning verloopt Hoe worden relevante stakeholders voorzien van relevante informatie en training met betrekking tot het voorbereid zijn en reageren op noodsituaties. Specifiek voor 9001 Deze eis is nvt voor kwaliteit 8.4 Beheersing van extern geleverde processen, producten en diensten Heeft de organisatie vastgesteld welke vorm van verificatie of toezicht nodig is om te zorgen dat extern geleverde (uitbestede!) processen, producten en diensten aan de eisen voldoen? Hier is documentatie en registratie verplicht van het toezicht, de genomen maatregelen en evaluaties. Note: onder 7.2 wordt ook de eis gesteld dat de competentie van personeel, zowel ingehuurd als van derden, wordt vastgesteld en beoordeeld. (dit wordt onder A8 in de norm toegelicht) Deze eis is nvt voor milieu Heeft de organisatie vastgesteld of er Soms zijn er geen formele Nazorgactiviteiten sprake is van nazorg en hierbij verplichtingen opgenomen maar is er rekening gehouden met: a) eisen uit wet- en regelgeving; toch sprake van service waarbij aan DNV GL ISO :2015 Transitie Checklist Page 7 of 9

8 Veranderingen Element Items reviewed Resultaat OK? b) de mogelijke ongewenste gevolgen die samenhangen met haar producten en diensten; c) de aard, het gebruik en de beoogde levensduur van haar producten en diensten; d) eisen van klanten; e) feedback van klanten. Beoordeelde documentatie, registratie en informatie deze voorwaarden moet worden voldaan. Note: Nazorgactiviteiten kunnen bestaan uit acties die voortvloeien uit garantiebepalingen, contractuele verplichtingen zoals onderhoudsdiensten, en aanvullende diensten zoals recyclen of definitieve verwijdering. Deze eis is nvt voor milieu Beheersing van wijzigingen Hoe worden wijzigingen voor productie of diensten beoordeeld en beheerst om zeker te stellen dat de organisatie aan de eisen blijft voldoen? Note: de organisatie moet gedocumenteerde informatie bijhouden over de resultaten van de beoordeling van wijzigingen, de perso(o)n(en) die toestemming geeft/geven voor de wijziging en eventuele noodzakelijke maatregelen die voortkomen uit de beoordeling. Dit gaat alleen om wijzigingen van producten/diensten, niet zoals bij 8.1 van processen. Geplande wijzigingen kan voortkomend vanuit ontwerp of bvb Inkoop, bij ongeplande wijzigingen gaat het erom of de organisatie deze risico s al in kaart had gebracht (bvb 2 de leverancier, extra voorraad, extra opgeleid personeel, etc.) Deze eis is nvt voor milieu. 9.1 Monitoren, meten, analyseren en evalueren Heeft de organisatie t.b.v. monitoren, meten, analyseren en evalueren het volgende vastgesteld: a) wat b) welke methoden c) wanneer monitoren en meten d) wanneer geanalyseerd/geëvalueerd Hier is documentatie en registratie verplicht van de analyse en evaluatie. - criteria en bijbehorende indicatoren waartegen milieuprestaties worden geëvalueerd DNV GL ISO :2015 Transitie Checklist Page 8 of 9

9 Veranderingen Element Items reviewed Resultaat OK? Beoordeelde documentatie, registratie en informatie Hoe worden de analyse resultaten gebruikt om tot evaluatie te komen van: - de doeltreffendheid van ondernomen acties voor het oppakken van risico s en kansen; - de prestaties van externe aanbieders (dus ook uitbesteed werk) De organisatie moet relevante informatie over milieuprestaties zowel intern als extern communiceren, zoals geïdentificeerd in haar communicatieproces(sen) en zoals vereist volgens haar compliance verplichtingen. 9.3 Directiebeoordeling Heeft de organisatie gebruikt gemaakt van de volgende input: - (veranderingen in) interne en externe factoren (4.1) - ook terugkoppeling van andere stakeholders dan klanten (4.2) - effectiviteit van genomen acties vanwege kansen en bedreigingen (6.1) -> dus impliciet het functioneren van management of change (6.3) - prestatie van leveranciers van uitbesteed werk (8.4.1) - geschiktheid van middelen Formeel is alleen documentatie van de output van de management review verplicht, maar van de input is bij bij 9.1(3) en diverse normelementen al verplicht gesteld om dit te documenteren. Hier wordt meer nadruk gelegd op het behandelen van wijzigingen in: 1. externe en interne belangrijke punten (issues) die relevant zijn voor het EMS 2. de behoeften en verwachtingen van belanghebbenden, met inbegrip van compliance verplichtingen 3. haar belangrijke milieuaspecten 4. risico s en kansen DNV GL ISO :2015 Transitie Checklist Page 9 of 9

10 Appendix 1: Documentation requirements ISO 9001:2015 In the HLS Documented information replaces both the nouns documentation and record used in prior editions. From the text it is normally evident when documented information relates to records as evidence of performed activity/process and when documents information relates to how to perform an activity/ process. Normally the standard refers to shall maintain documented information when the meaning is how to perform an activity/process and shall retain documented information when the meaning is to keep evidence of performed activity/process. These are the minimum documentation requirements. Organizations themselves can decide that they need additional documented information. Clause 4.3 (Scope) 4.4 (Quality management system and its processes) (Communicating the quality policy) 6.2 (Quality objectives and planning to achieve them) (Monitoring and measuring resources General) (Measurement traceability) Documentation requirement The scope of the organization s quality management system shall be available and be maintained as documented information. The scope shall state the types of products and services covered, and provide justification for any requirement of this International Standard that the organization determines is not applicable to the scope of its quality management system To the extent necessary, the organization shall: a) maintain documented information to support the operation of its processes; b) retain documented information to have confidence that the processes are being carried out as planned The quality policy shall: a) be available as documented information; b) be communicated, understood and applied within the organization; c) be available to interested parties, as appropriate; The organization shall maintain documented information on the quality objectives. The organization shall retain appropriate documented information as evidence of fitness for purpose of monitoring and measuring devices. When measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in the validity of measurement results, measuring equipment shall be: a) calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; when no such standards exist, the basis used for calibration or verification shall be retained as documented information; 7.2 (Competence) The organization shall: Updated October 1st 2015

11 Page 2 of 8 d) retain appropriate documented information as evidence of competence (Documented information - General) The organization s quality management system shall include: a) documented information required by this International Standard; b) documented information determined by the organization as being necessary for the effectiveness of the quality management system. NOTE The extent of documented information for a quality management system can differ from one organization to another due to: - the size of organization and its type of activities, processes, products and services; - the complexity of processes and their interactions; - the competence of persons. 8.1 (Operational planning and control) e) determining, maintaining and retaining documented information to the extent necessary 1) to have confidence that the processes have been carried out as planned; 2) to demonstrate conformity of products and services to their requirements (Review of requirements for products and services) The organization shall retain documented information, as applicable: a) on the results of the review; b) on any new requirements for the products and services (Design and development planning) (Design and development inputs) (Design and development control) (Design and development output) (Design and development In determining the stages and controls for design and development, the organization shall consider: j) the documented information needed to demonstrate that design and development requirements have been met. The organization shall retain documented information on design and development inputs. The organization shall apply controls to the design and development process to ensure that: f) documented information of these activities is retained The organization shall retain documented information on the design and development outputs. The organization shall retain documented information on: a) design and development changes; Updated October 1 st 2015

12 Page 3 of 8 changes) 8.4 (Control of external provided products and services General) (Control of production and service provision) b) the results of reviews; c) the authorization of the changes; d) the actions taken to prevent adverse impacts. The organization shall retain documented information of the results of these activities and any necessary actions arising from the evaluations. Controlled conditions shall include, as applicable: a) the availability of documented information that defines: 1) the characteristics of the products to be produced, the services to be provided, or the activities to be performed; 2) the results to be achieved; (Identification and traceability) (Property belonging to customers or external providers) (Control of changes) 8.6 (Release of goods and services) The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability. When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred. The organization shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review. The organization shall retain documented information on the release of products and services. The documented information shall include: a) evidence of conformity with the acceptance criteria; b) traceability to the person(s) authorizing the release (Control of nonconforming outputs) 9.1 (Monitoring, measurement, analysis and evaluation General) The organization shall retain documented information that: a) describes the nonconformity; b) describes the actions taken; c) describes any concessions obtained; d) identifies the authority deciding the action in respect of the nonconformity. The organization shall retain appropriate documented information as evidence of the results. Updated October 1 st 2015

13 Page 4 of (Internal Audit) The organization shall: f) retain documented information as evidence of the implementation of the audit programme and the audit results (Management review) 10.2 (Nonconformity and corrective action) The organization shall retain documented information as evidence of the results of management reviews The organization shall retain documented information as evidence of: a) the nature of the nonconformities and any subsequent actions taken; b) the results of any corrective action. Updated October 1 st 2015

14 Page 5 of 8 Furthermore, the new standard in several places uses the wording shall determine. What does this mean? Annex A.3 of ISO 14001:2015 explains The change from identify to determine is intended to harmonize wih the standardized management system terminology. The word determine implies a discovery process that results in knowledge. There is no explicit documentation requirement, but where determine is used the organization should at least be able to demonstrate and give confidence of completeness and control of such activities/processes. 4.1 (Understanding the organization and its context) 4.2 (Understanding the needs and expectations of interested parties) The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system. Due to their impact or potential impact on the organisation s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine: a) the interested parties that are relevant to the quality management system; b) the requirements of these interested parties that are relevant to the quality management system. 4.3 (Scope) 4.4 (Quality management system and its processes) The organization shall determine the boundaries and applicability of the quality management system to establish its scope. The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall: a) determine the inputs required and the outputs expected from these processes; b) determine the sequence and interaction of these processes; c) determine and apply the criteriaand methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes; d) determine the resources needed and ensure their availability; e) assign the responsibilities and authorities for these processes; f) address the risks and opportunities as determined in accordance with the requirements of 6.1; g) evaluate these processes and any needed to ensure that these processes achieve their intended results; h) improve the processes and the quality management system. 6.1 (Actions to address risks and When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to: Updated October 1 st 2015

15 Page 6 of 8 opportunities) 6.2 (Quality objectives and planning to achieve them) a) give assurance that the quality management system can achieve its intended result(s); b) enhance desirable effects; c) prevent, or reduce, undesired effects; d) achieve improvement When planning how to achieve its quality objectives, the organization shall determine: a) what will be done, b) what resources will be required, c) who will be responsible, d) when it will be completed, and e) how the results will be evaluated. 7.1 (Resources General) (People) (Infrastructure) (Environment for the operation of processes) (Monitoring and measuring resources) The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the quality management system. The organization shall determine and provide the persons necessary for the effective implementation of its quality management system and for the operation and control of its processes. The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes to achieve conformity of products and services. The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services. The organization shall determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements. The organization shall determine if the validity of previous measurement results have been adversely affected when measuring equipment is found to be unfit for its intended purpose and shall take appropriate action as necessary (Organisational knowledge) The organization shall determine the knowledge necessary for the operation of its processes and to chief conformity of products and services. When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates. 7.2 (Competence) The organization shall: Updated October 1 st 2015

16 Page 7 of 8 a) determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the quality management system; 7.4 (Communication) The organization shall determine the internal and external communications relevant to the quality management system including: a) on what it will communicate, b) when to communicate, c) with whom to communicate, d) how to communicate e) who communicates (Design and development inputs) The organization shall determine requirements essential for the specific type of products and services being designed and developed. The organization shall consider: a) functional and performance requirements; b) information derived from previous similar design and development activities; c) statutory and regulatory requirements; d) standards or codes of practice that the organization has committed to implement; e) potential consequences of failure due to the nature of the products and services. 8.4 Control of externally provided processes, products and services General) The organization shall determine the controls to be applied to externally provided processes, products and services when: a) products and services from external providers are intended for incorporation into the organization s own products and services; b) products and services are provided directly to the customer(s) by external providers on behalf of the organization; c) a process, or part of a process, is provided by an external provider as a result of a decision by the organization. The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements (Type and extent of control) 9.1 (Monitoring, measurement, The organization shall: a) determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements. The organization shall determine: Updated October 1 st 2015

17 Page 8 of 8 analysis and evaluation General) a) what needs to be monitored and measured; b) the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results; c) when the monitoring and measuring shall be performed; d) when the results from monitoring and measurement shall be analysed and evaluated (Customer satisfaction) 10 (Improvement General) The organization shall monitor customers perceptions of the degree to which their needs and expectations have been fulfilled. The organization shall determine the methods for obtaining, monitoring and reviewing this information. The organization shall determine and select opportunities for improvement and implement necessary actions to meet customer requirements and enhance customer satisfaction. Updated October 1 st 2015

18 Appendix 2: Documentation requirements ISO 14001:2015 In the HLS Documented information replaces both the nouns documentation and record used in prior editions. From the text it is normally evident when documented information relates to records as evidence of performed activity/process and when documented information relates to how to perform an activity/ process. Normally the standard refers to shall maintain documented information when the meaning is how to perform an activity/process and shall retain documented information when the meaning is to keep evidence of performed activity/process. These are the minimum documentation requirements. Organizations themselves can decide that they need additional documented information. Clause 4.3 (Scope) 5.2 (Policy) (General) (Environmental aspects) (Compliance obligations) (Environmental objectives) 7.2 (Competence) (Communication General) (Documented information General) Documentation requirement The scope shall be maintained as documented information and be available to interested parties. The environmental policy shall be maintained as documented information. The organization shall maintain documented information of its: - risks and opportunities that need to be addressed; - process(es) needed in to 6.1.4, to the extent necessary to have confidence they are carried out as planned. The organization shall maintain documented information of its: - environmental aspects and associated environmental impacts; - criteria used to determine its significant environmental aspects; - significant environmental aspects The organization shall maintain documented information of its compliance obligations. The organization shall retain documented information on the environmental objectives. The organization shall retain appropriate documented information as evidence of competence. The organization shall retain documented information as evidence of its communications, as appropriate. The organization s environmental management system shall include: a) documented information required by this International Standard; b) documented information determined by the organization as being necessary for the effectiveness of the environmental management system. NOTE The extent of documented information for an environmental management system can differ from one organization to another due to: - the size of organization and its type of activities, processes, products and services; - the need to demonstrate fulfilment of its comlaince obligations - the complexity of processes and their interactions; - the competence of persons. 8.1 (Operational The organization shall maintain documented information to the extent necessary to have confidence that the processes have been carried out as planned. Updated October 1 st 2015

19 Page 2 of 4 planning and control) 8.2 (Emergency preparedness and response) (Monitoring, measurement, analysis and evaluation General) (Evaluation of compliance) (Internal audit programme) 9.3 (Management review) 10.1 (Non-conformity and corrective action) The organization shall maintain documented information to the extent necessary to have confidence that the process(es) is (are) carried out as planned. The organization shall retain appropriate documented information as evidence of the monitoring, measurement, analysis and evaluation results. The organization shall retain documented information as evidence of the compliance evaluation result(s). The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results. The organization shall retain documented information as evidence of the results of management reviews. The organization shall retain documented information as evidence of: the nature of the nonconformities and any subsequent actions taken; the results of any corrective action.

20 Page 3 of 4 Furthermore, the new standard in several places uses the wording shall determine. What does this mean? Annex A.3 of ISO 14001:2015 explains The change from identify to determine is intended to harmonize wih the standardized management system terminology. The word determine implies a discovery process that results in knowledge. There is no explicit documentation requirement, but where determine is used the organization should at least be able to demonstrate and give confidence of completeness and control of such activities/processes. Clause 4.1 (Organisational context) 4.2 (Interested parties) 4.3 (Scope) 6.1 (Actions to address risks and opportunities) (General) ISO requirement The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its environmental management system. Such issues shall include environmental conditions being affected by or capable of affecting the organization. The organization shall determine: the interested parties that are relevant to the environmental management system; the relevant needs and expectations (i.e. requirements) of these interested parties; which of these needs and expectations become its compliance obligations. The organization shall determine the boundaries and applicability of the environmental management system to establish its scope. When planning for the environmental management system, the organization shall consider: a) the issues referred to in 4.1; b) the requirements referred to in 4.2; c) the scope of its environmental management system; and determine the risks and opportunities, related to its environmental aspects (see 6.1.2), compliance obligations (see 6.1.3)and other issues and requirements, identified in 4.1 and 4.2,that need to be addressed to: give assurance that the environmental management system can achieve its intended outcomes; prevent, or reduce, undesired effects, including the potential for external environmental conditions to affect the organization; achieve continual improvement. Within the scope of the environmental management system, the organization shall determine potential emergency situations, including those that can have an environmental impact (Environmental aspects) Within the defined scope of the environmental management system, the organization shall determine the environmental aspects of its activities, products and services that it can control and those that it can influence, and their associated environmental impacts, considering a life cycle perspective. The organization shall determine those aspects that have or can have a significant environmental impact, i.e. significant environmental aspects, by using established criteria.

21 Page 4 of (Compliance obligations) (Planning actions to achieve environmental objectives) 7.1 (Resources) 7.2 (Competence) 8.1 (Operational planning and control) (Monitoring, measurement, analysis and evaluation General) (Evaluation of compliance) 10 (Improvement) 10.1 (General) The organization shall: a) determine and have access to the compliance obligations related to its environmental aspects; b) determine how these compliance obligations apply to the organization. When planning how to achieve its environmental objectives, the organization shall determine: what will be done; what resources will be required; who will be responsible; when it will be completed; how the results will be evaluated, including indicators for monitoring progress toward achievement of its measurable environmental objectives The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the environmental management system. The organization shall: - determine the necessary competence of person(s) doing work under its control that affects its environmental performance and its ability to fulfil its compliance obligations. - determine training needs associated with its environmental aspects and its environmental management system; Consistent with a life cycle perspective, the organization shall: b) determine environmental requirement(s) for the procurement of products and services, as appropriate; The organization shall determine: a) what needs to be monitored and measured b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results; c) the criteria against which the organization will evaluate its environmental performance, and appropriate indicators; d) when the monitoring and measuring shall be performed; e) when the results from monitoring and measurement shall be analysed and evaluated. The organization shall: a) determine the frequency that compliance will be evaluated; The organization shall determine opportunities for improvement (see 9.1, 9.2 and 9.3) and implement necessary actions to achieve the intended outcomes of its environmental management system.