IMS20081101

Vol. 8, No.
November-December 2008
When Results Count. ISO Standards.
IMS
ISO Management Systems

ISSN 1680-8096
Next generation ISO 14001

Scoring with ISO 9001:2000 The ISO Survey 2007 ISO 26000 moves to next stage Environmental competence of suppliers
Measuring carbon footprints of products
Port of Houston and ISO 28000
1: Tl
A l
A , V . /
~ . l ' ! \ \ \
yA
\V
i p
1 0 I 1
4t
1
f
; I
le
i'
lie,
, P r ' r , '
l '
T77 7 ! "
' : c
I
"544
v
_
i4 `
J? ,y`!C}. X41 -
a
33 ct X `1 r
t 1r
r .
I .t i ,: . ' . ,
4Z
.' }:
asi
04
The ISO Pack on Food Safety Management Systems on CD.

The supp ly chain that puts food from the farm on to our table is a bit longer than in nature. It can supply chain to implement management systems that ensure the food we eat is safe. The ISO Pack on Food Safety
Available from ISO national member institutes (listed with contact details on the ISO Web site at www.iso.org) and from the ISO Central Secretariat Webstore at www .iso.org/isostore or e-mail to sales@iso.org , ISBN 978-92-67-01166-0 International Organization for Standardization Central Secretariat 1, ch. de la Voie-Creuse
stretch across continents and include producers , processors,

t r a n s p o r t and storage o p e r a t o r s , and retail outlets. The ISO 22000 fami ly of standards helps all t y p e s of o p e r a t o r in the
ma
Management Systems
foo d saatY
ft so
mca+
includes on one CD the entire ISO 22000 family of standards , in English and in French . It costs
just 379 Swiss francs (about USD 340 - EUR

231).
Case postale 56 CH-1211 Geneva 20
l1 `
/.
ISO Management Systems, www.iso.org/ims
by Roger Frost
EDITORIAL
ISO 9001:2008 respite or opportunity?

ith around one million organizations in 175 countries implementing a quality management system certified to ISO 9001:2000, its not surprising that the publication of ISO 9001:2008 imminent when this article was written was being eagerly awaited by many people around the world. It should be added that the arrival of the new edition was no doubt also being awaited with apprehension by some, even dread. Its a fair bet that there are quality management trainers, consultants, authors and certification bodies who must have been anticipating the publication of a new edition as a boost to their business activities. At the same time, its also sound to assume that there are quality managers who have been having sleepless nights at the thought of having to modify their organizations management system to meet new or revised requirements. Presumably, the former can sigh with disappointment and the latter with relief because ISO 9001:2008 contains no new requirements. In the event, ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 based on eight years experience of implementing the standard worldwide and also introduces changes intended to improve consistency with ISO14001:2004. This means that organizations implementing ISO 9001 can get on with their primary activity of delivering products or services without having to adapt to new requirements. After all, even the best quality management system in the world is not in itself a product or service that brings in the money. The organization still has to crank the handle. All this begs a question : why does ISO bother publishing a new edition if the differences are editorial, rather than of substance ?
Another important point is that the review is not carried out by a few professional standardizers sitting in an ivory tower. ISO technical committee ISO/TC 176, which is responsible for the ISO 9000 family, unites expertise from 80 participating countries and 19 international or regional organizations with liaison status, as well as other technical bodies in the ISO system. The review of ISO 9001 resulting in the 2008 edition has included a number of inputs, including the following: a justification study against the criteria of ISO/Guide 72:2001, Guidelines for the justification and development of management system standards ; feedback from the ISO/TC 176 interpretations process ; a twoyear systematic review of ISO 9001:2000 within ISO/TC 176 ; a worldwide user survey carried out by ISO/TC 176 subcommittee SC 2, and further data from national surveys. The revised ISO 9001 therefore results from a structured process giving weight to the needs of users and to the likely impacts and benefits of the revisions. This is good news for those users who, above all, appreciate a quiet life to get on with their business without what they might see as the disruption of their activities by a need to bring their quality management systems into conformity with new requirements above and beyond the ongoing requirement for continual improvement. For these, ISO 9001:2008 may be welcomed as a respite. On the contrary, for those users who would welcome disruption as a stage in the creative process of taking continual improvement up a few pegs, then ISO 9001:2008 could also be seen as an opportunity. The prominence of ISO 9001 has usually tended to overshadow the other useful standards in the ISO 9000 family. Now could be a good time for managers to investigate these and the potential benefits of implementing these specific tools in support of with their management systems. In fact, ISO/TC 176 explains how to do this in the ISO Web site section, Selection and use of the ISO 9000 family of standards, which can be found at: www.iso.org/iso/ iso_9000_selection_and_use
9001:2008 9001:2008 9001:2008 9001:2008 9001:2008 9001:2000

ISO 9001:2008 requirements are the baseline, while the top limit is the sky
Well, ISO 9001 did not invent continual improvement. This is an inherent aim of standardization as practised by ISO. All ISO standards currently more than 17 400 are periodically reviewed. Several factors combine to render a standard out of date, such as technological evolution, new methods and materials, or new quality and safety requirements. To take account of such factors and to ensure that ISO standards are maintained at the state of the art, ISO has a rule requiring them to be periodically reviewed and a decision taken to confirm, withdraw or revise the document. Therefore, ISO 9001:2008 is the outcome of a rigorous examination confirming its fitness for use as an international benchmark for quality management.
Whether ISO 9001:2008 represents a respite or an opportunity, it serves to illustrate the flexibility of ISO International Standards. A minimalist approach to implementation may well be appropriate to an organizations level of development, context or resources. However, as long as the requirements of the standard are met, this keeps the organization in the game and tends to raise the general level when the standard is widely implemented. For maximizers , the standards requirements are the baseline, while the top limit is the sky.
ISO Management Systems November-December 2008 1
._
a .
{/
IF C `
. r ; :
"
'
V ..
r
fi ` _ r..r
` i
. .(
,. , .
ti-w
h r ./ 14
y
yi ,1 : _
! .AF-..--
rw
r 4 ' -
.. -
1 s
, 1ri " r 3
via,(
44
ISO Standard s Collection - ISO 9000 Quality management.

Users of the ISO 9000 quality management standards typ ically report benefits like greater efficiency increased effectiveness , satisfie customers and continual improve ment. That's business language. often quoted in people language . Pride. The pride of staff who have met a majo challenge like imp lementing SO
IF
Abilb, I!
Collection - ISO 9000 Quality management groups the entire f a m i l y of quality man-
There's another benefit that's
Abilll
agement system s t a n d a r d s and

supporting tools in a handy book , or on CD,
Available from ISO national member institutes (listed with contact details on the ISO Web site at www.iso.org) and from the ISO Central Secretariat Webstore at www .iso.org/isostore or e-mail to sales@iso.org, Book: ISBN 978-92-67-10455-3 CD: ISBN 978-92-67-10456-0 International Organization for Standardization Central Secretariat 1, ch. de la Voie-Creuse Case postale 56
CH-1211 Geneva 20
_ qW
ch for 300 Swiss 260 , EUR 180).
francs (about USD
9001:2000 . The ISO Standards
You'll be proud to put it to work.
Iso
CONTENTS
SPECIAL REPORT Next-generation ISO 14001

Future stakes for ISOs EMS standards
With 15 years experience as leader of the ISO group responsible for ISO 14001 and ISO 14004, Oswald A. Dodds, who this year handed on the relay baton to his successor (see next article), is well placed to deliver a personal, but informed view of the issues and stakes related to the next editions of ISOs environmental management system standards.
IMS 6-2008 E.indd 1
21.10.2008 14:16:24
ISO MANAGEMENT SYSTEMS is published six times a year by the Central Secretariat of ISO (International Organization for Standardization) and is available in English, French and Spanish editions.
Publisher : ISO Central Secretariat, 1, ch. de la Voie-Creuse, Case postale 56, CH-1211 Geneva 20, Switzerland. Tel. + 41 22 749 01 11. Fax + 41 22 733 34 30. E-mail central@iso.org Web www.iso.org Editor in Chief : Roger Frost. Contributing Editor : Garry Lambert. Artwork : Pascal Krieger and Pierre Granier. A one-year subscription (six issues) to ISO MANAGEMENT SYSTEMS costs 128 Swiss francs. Subscription enquiries : Sonia Rosas-Friot, ISO Central Secretariat. Tel. + 41 22 749 03 36. Fax + 41 22 749 09 47. E-mail sales@iso.org Advertising enquiries : ISO Central Secretariat, Case postale 56, CH-1211 Geneva 20, Switzerland. Contact : Rgis Brinster. Tel. + 41 22 749 02 44. E-mail brinster@iso.org
Three questions and 3Cs

Anne-Marie Warris, the new Chair of ISO technical committee ISO/TC 207, Environmental management, subcommittee SC 1, Environmental management systems, shares her perspectives on future challenges.
ISO INSIDER
14
The ISO Survey 2007 shows ISO management systems standards implemented in 175 countries Stakeholder consensus enables ISO 26000 on social responsibility to move up in development status ISO and IAF announce schedule for implementation of accredited certification to ISO 9001:2008 Colombias Environment Minister urges TC 207 to continue fighting climate change ISO launches development of future standard on energy management New ISO standard provides information security guidelines for health sector
y O Su rve Th e IS ion s t i fi ca t o f Ce r
2007
INTERNATIONAL
13.10.2008 12:03:00
23
Port of Houston Authority achieves ISO 28000 certification for security efforts
ISO, November-December 2008
One of the worlds largest ports, the Port of Houston ranks first in the US for foreign waterborne tonnage and second for total tonnage. In 2002, it became the first US port to attain ISO 14001 certification for its environmental management programme. Six years later, it has become the first port authority in the world to attain ISO 28000:2007 certification for security.
ISO Survey 2007.indd C1
ISSN 1680-8096
The views expressed in ISO MANAGEMENT SYSTEMS are those of the authors. The advertising of products, services, events or training courses in this publication does not imply their approval by ISO. Cover photo : iStock
Singapore company enhances supply chain security with ISO 28000 Spanish sports club scores with ISO 9001:2000 Italian survey Do organizations ensure environmental : competence of suppliers? British project on measuring carbon footprint of products
NEXT ISSUE
41
SPECIAL REPORT
SPECIAL REPORT
Next-generation ISO 14001

Future stakes for ISOs EMS standards
by Oswald A. Dodds
honour and privilege to chair up to July 2008. ISO/TC 207/SC 1 set to work developing two standards on environmental management systems (EMS), ISO 14001 (requirements) and ISO 14004 (guidelines), of which the first editions were published by ISO in 1996. The second editions of both were published in 2004 after a thorough process designed to improve the clarity and intent of the language used in both standards, and to increase the compatibility of ISO 14001 with ISO 9001:2000, Quality management systems Requirements.
This guidance standard will, once finally approved, be published as ISO 14005, Environmental management systems Guide for the phased implementation of an environmental management system including the use of environmental performance evaluation. In addition, when this article was written, a ballot was coming to an end within SC 1 concerning the establishment of a new working group to develop a further EMS guidance standard, the future ISO 14006, this time dealing with eco-design in effect, a specific application of ISO 14001.
be covered) and the potential for gaps and/or duplication and/or variations in approaches taken. The group currently comprises 16 user participants drawn from 13 countries with three representatives from different groups within the ISO system. At the time of writing, it had held four meetings with more planned for October 2008 and early 2009.
With 15 years experience as leader of the ISO group responsible for ISO 14001 and ISO 14004, the author, who this year handed on the relay baton to his successor (see next article), is well placed to deliver a personal, but informed view of the issues and stakes related to the next editions of ISOs environmental management system standards.
Oswald A. Dodds, MBE, recently retired as Chair of ISO technical committee ISO/ TC 207s Subcommittee 1, which is responsible for the environmental management system standards, ISO 14001 and ISO 14004. He served in this post from 1993 to July 2008. In addition to serving on ISO technical bodies on conformity assessment and social responsibility, he has also been also active in standardization at all levels within the British Standards Institution (BSI) and the European Committee for Standardization (CEN). Former executive director of a large British local government authority, Oswald Dodds now runs his own business support company and has a number of directorships of companies in the private and charity sectors. E-mail oad.osanda@btinternet.com
The SAG-MSS is looking critically at ISOs current approach and range of MSS as well as what it thinks the user community will need and expect from any ISO MSS in the future. It is endeavouring to look 10 years ahead. Clearly, whatever decisions are taken as a result of its investigations could have a major impact on the work and structure of ISOs current technical committees producing MSS.
High-level structure
ISO has long been committed to developing and publishing standards that meet the needs of its stakeholders in a timely manner, that are effective, relevant and coherent, and that are produced in a transparent, open and impartial way using a consensus-based approach. It achieves these aims both by the processes it uses, as well as by ensuring liaison and cooperation amongst the technical committees that develop ISO standards. In the case of MSS, the two technical committees that are responsible, respectively, for the ISO 9000 and ISO 14000 families of standards
ISOs involvement with environmental management systems grew out of its commitment to support the objective of sustainable development discussed at the United Nations Conference on Environment and Development, in Rio de Janeiro, in 1992. However, already in 1991, ISO had been approached on the subject by the World Business Council on Sustainable Development.
Along with interest from elsewhere from countries as well as businesses this led ISO and its partner the International Electrotechnical Commission (IEC) to create the ISO/IEC Strategic Advisory Group on the Environment (SAGE). Over a two-period from 1991 to 1992, SAGE focused the efforts of representatives of 20 countries and 11 interna-
tional organizations in defining the basic requirements of a new approach to environmentrelated standards. It recommended the setting up of a new technical committee which led in 1993 to ISO creating ISO/TC 207, Environmental management. This in turn established subcommittee SC 1, Environmental management systems, which I have had the
SC 1 has now started to prepare for the third editions of ISO 14001 and ISO 14004. In addition, the subcommittee is also finalising a new standard designed to offer a phased approach to implementing an environmental management system, as well as introducing users of this approach to environmental performance evaluation.
MSS strategy
Given the increasing worldwide interest in management system standards (MSS), in 2006 ISO established a Strategic Advisory Group (SAGMSS) to advise it on future needs in this area. Among issues being explored by the group is the variety of topics and sectors now addressed by MSS (or that need, or wish to
ISO operates a cyclical review of its standards to ensure they are at the state of the art
4 ISO Management Systems November-December 2008
SPECIAL REPORT
SPECIAL REPORT
ISO/TC 176 and ISO/TC 207 have been cooperating for many years to improve, in particular, the compatibility of ISO 9001 and ISO 14001. More recently, however, ISOs Technical Management Board (TMB) has formed the Joint Technical Coordination Group (JTCG) which includes representatives of all ISO technical committees and subcommittees that develop management system standards. The group is now working on a high level structure for management system standards. One of the areas being investigated by the group is going beyond compatibility to alignment , which involves a common structure and approach for all ISO MSS.
and how it may be applied, not only to the MS requirements standards, but also to the supporting standards developed by the committees concerned, for example, on terminology and auditing. It is also intended that the JTCG should play a role in considering proposals for new ISO MSS.
direction is chosen not just for ISO, but also for the users of its standards. Even if the above standards were to be integrated in some way, that still leaves significant areas of management that would not be covered including and beyond even the excellent documents already produced in the areas of food safety, IT security, security in the supply chain and work underway in areas such as energy and risk management.
ISO/TC 207s business plan

All ISO technical bodies are required to have business plans in place and these are periodically reviewed to keep them up to date. The objectives of ISO/ TC 207, as stated in its business plan (currently under review), are as follows : ensure that ISO/TC 207 is aware of relevant international policy developments and trends within its scope ; ensure that market needs are served ; ensure global participation in the development, revision, acceptance and use of the ISO 14000 standards ; ensure the continual relevance and quality of ISO/ TC 207s standards ; protect the brand and integrity of the usage of the ISO 14000 series of standards ; ensure the compatibility of ISO 14001 with other management system standards. The plan goes on to identify strategies to achieve these objectives and it is principally these that are currently being reviewed and refined.
Where or not to integrate MSS really is a major strategic issue

This group is now responsible for building upon the previous efforts referred to above by ensuring that the technical content and approach used within ISO for the development of MSS is coherent and consistent. It is also expected to ensure that revision cycles are sufficiently aligned in the future in order to improve the overall content of the families of standards and thus ensure that they will co-evolve in a consistent manner. As part of its activities, the JTCG has been asked to consult with industry users of MSS to determine what form of joint vision (see below) is needed
As part of the review, all subcommittees and other groups within ISO/TC 207 have prepared a brief vision or strategy statement to cover the period from 2008 to 2015. They have been submitted to the committee and will be brought together as the updated business plan is finalised.
its meeting in Bogot, Colombia in June 2008 to create two new groups to prepare for any future changes. The first Task Group will mirror the work of the JTCG and provide any necessary input to its activities relating to MSS. The second, proposed as a Study Group, will look into changes that have taken place in the understanding and composition of environmental management systems, including changes in technology and stakeholder requirements since the current editions were developed. The SC 1 leadership is to draft the terms of reference of this group which will then be balloted within the SC 1 membership so that, if finally approved, work can commence shortly. It is expected that the work of both groups will heavily influence the future approach and content of ISO 14001 in particular and, by reflection, the other SC 1 standards ISO 14004,
ISO 14005 and ISO 14006 as they all use or will use ISO 14001 as their base document and are required by SC 1 to be consistent with it.
to ISOs overall approach to dealing with the development of MSS, including the possibility that a new super committee might be suggested to oversee all MSS activity. It is also possible that the architecture of MS documents could be changed to follow a new uniform model with a common core and bolt on technology-based annexes to cover, for example, quality, environment, risk, food safety, IT security, etc.
Obviously, there are other possible options that might be suggested and time will tell which direction ISO will agree to move towards and what its consequences are. Then we have the integration conundrum part of, but yet separate from the previous point. During my ISO activities, I have heard many suggestions that integration is the only way forward. Many of these views appear to concern only the integration of quality, safety and environment as a requirement, although most would acknowledge that this probably came about because of the existence of ISO 9001, ISO 14001 and OHSAS 18001 (dealing with occupational health and safety, not an ISO standard) ! Whether or not MSS are integrated brings with it another set of queries and challenges all of which need careful consideration because it would be a high price to pay if the wrong
Issues that should be addressed include the needs of governments and regulators and of NGOs
The future
When turning to the future, writing this article becomes problematic, as my crystal ball is no more developed than those of the readers of this magazine. Clearly too, the views expressed are mine personally and should not be taken as the official position of ISO, or its various groups technical or otherwise including ISO/TC 207/SC 1. There are a number of internal and external influences to contend with too that are described in the following paragraphs. Internally, SC 1 will have to deal with the consequences of the work of the SAG-MSS should they impact on its work. These might include changes
ISO 14001 and ISO 14004 today

ISO operates a cyclical review of its standards to ensure that they are still needed and, if so, are maintained at the state of the art. Such a review has just been completed for ISO 14001 and ISO 14004 and, as a result, both have been confirmed without change for a further five years. However, because of the work of the JTCG and the need to identify issues that will need to be considered during any activity relating to the Joint Vision (see below), ISO/TC 207/SC 1 decided at
Where or not to integrate MSS really is a major strategic issue for ISO and, perhaps more importantly, the user community and I include the potential users in this as, they are at least as important in my view as the existing user base. Clearly, this debate should be stimulated once the SAG-MSS reports but, to me at least, ISO will need to carefully balance the needs and ideas of SMEs as well as big business if it is to significantly increase its user base in the future. Obviously, whatever is decided here will no doubt impact on ISOs environmental management system standards. It is also clear that the work of the JTCG will impact significantly too. It is therefore appropriate to consider it in more detail.
Issues around the quality and credibility of certification continue to arise
Alternatively, a single standard may be proposed that is intended to function at a high level and meet business needs, but to leave the detail to the organization to develop to suit its own style and activities.
SPECIAL REPORT
SPECIAL REPORT
The JTCG developed, at the request of the TMB, a Joint Vision for the technical development of MSS within ISO. This is intended to prevent uncertainty for users and provide a clear framework within which MSS will be developed. Th e c u r r e n t Jo i n t Vi s i o n reads : All ISO MSS will be aligned and will seek to enhance further the current levels of compatibility between any existing MSS, through the promotion of identical : clause titles ; sequence of clause titles ; text ; and definition ; that are permitted to diverge only where necessitated by specific differences in managing their individual fields of application. The use of this approach for future revisions will be targeted at increasing the value of the existing ISO MSS to users. This has been successfully balloted amongst the committees involved in the JTCG, although a large number of comments have been made seeking clarification on the meaning and intent of the statement as well as querying how and by whom these objectives it will be achieved. According to usual ISO practice, the JTCG was to considering all comments received at its next meeting in October 2008 and I believe that it
will keep respondents and the wider community informed as its work and thinking progresses.
if users resist changes being proposed. Speaking from experience of trying to deal with compatibility issues between ISO 9001 and ISO 14001, the time and effort that will be involved in this situation should not be underestimated. Clearly too, the success of the task depends on finding sufficient knowledgeable volunteers experts in MS thinking as well as from the business sectors that need to be involved, as both will be vital to the successful achievement of the Joint Vision ideal. There are also a number of other issues that are relevant to the future success of ISO 14001, which are dealt with in the following section.
ISO 14001 is now implemented in nearly 150 countries
systems auditing. At the same time, the ISO Committee on conformity assessment, ISO/ CASCO, continues to upgrade its suite of standards that provide the framework within which third party audits will be performed. Certification and accreditation bodies themselves are also looking closely at their practices and hopefully the collective effort will enhance the actual, as well as the perceived value of certification so that it really does mean more than just, a certificate on the wall . Hopefully, the changes to ISO 19011 will also enhance understanding of the role of internal auditing in adding value to the implementation and performance of management systems.
The next editions of ISO 14001 and ISO 14004

For the next editions of ISO 14001 and ISO 14004, issues that should be addressed in addition to those already referred to above include the following : the need to determine what, if anything, the market place actually wants/needs beyond what is already contained in the current editions of the standards ; the results from research projects looking into the use and impact of the existing standards ; factual data on existing usage as this could highlight areas of non-use (e.g. in particular sectors or geographical areas) which should be investigated to establish the reasons and then be addressed as part of the revision ;
factual data on the needs of small and medium-sized enterprises, building on the work carried out by several SME groups within TC 207/ SC 1 and elsewhere ; the needs and aspirations of governments and regulators ; the needs and aspirations of nongovernmental organizations whose views are vital to the credibility of the standard in society. At a more technical level, I also believe that the standards writers will need to look, in particular, at the following : the definition of continual improvement is it really credible to continue to debate whether ISO 14001 promotes environmental performance improvement and not just system improvement ?
what is actually meant by legal compliance and how it should be demonstrated ; the adequacy of the clause dealing with communication issues ; the issue of procedures/documented procedures versus processes ; the need for more explicit requirements dealing with environmental performance and how it is determined. (In this context, it is interesting to note that the proposed ISO 14005 specifically refers to environmental performance evaluation in its title and content, something only implicit in ISO 14001 itself.) ; the determination of the effectiveness of the environmental management system (by whom and on what basis?) ;
the demonstration of continual improvement and how it is measured and communicated ; how to reduce opportunities for variable application of the standard so called green washing that can undermine the perception of its worth and value. I am sure that readers will have their own lists of issues and I am certain that the SC 1 secretariat will welcome all views so they can be fed into the process. However, ideas for change or no change should in the first instance be sent to the national standards bodies that make up ISOs membership as this will stimulate national discussion.
Based on my previous involvement with the group, I also anticipate that JTCG will circulate an amended Vision statement and a proposed new structure for management system standards (the requirements documents) that is designed to introduce more of a systems approach to future editions of ISOs MS requirement standards. Clearly, implementing the Joint Vision will impact on future editions of all ISO MSS and will take time to develop and attain consensus. ISO/TC 207/ SC 1 has, at my suggestion, recognised this and by forming its Task Group referred to earlier should be well placed and prepared for the debates to come. It is the case, however, that the JTCG and its constituent TCs and SCs need to agree what the Joint Vision means in practice. This means, for example, by whom, how, and when the identical material is to be developed; by whom and how will it be agreed; the timescale for its incorporation into existing MSS ; how and when will the views of ISO national member bodies and, most importantly, the users of MSS be sought, and what happens
Success factors
Factors in the success of the future ISO 14001 include the sustainability agenda and the need to ensure that ISO 14001 continues to be relevant and seen as an important part of ISOs sustainable development contribution. Although ISO 14001 is not designed solely for (third party) certification indeed, in its Scope it lists four main means of demonstrating conformity issues around the quality and credibility of certification continue to arise and cloud the undoubted improvements that can arise from the use of the standard. Work is underway to revise and extend the ISO 19011: 2002, Guidelines for quality and/or environmental management
State of the art

First launched in 1996, ISO 14001 is now implemented by public and private sector organizations in nearly 150 countries. We owe it to the developers of the original standard and the accompanying tools in the ISO 14000 family, to the early adopters and to those who are still to be convinced, that the next-generation ISO 14001 and supporting standards are state-of-the-art in what they require and in what they deliver.
IMS November-December 2008 9
SPECIAL REPORT
Next-generation ISO 14001

Three questions and 3Cs
by Anne-Marie Warris
The new Chair of ISO technical committee ISO/TC 207, Environmental management, subcommittee SC 1, Environmental management systems, which is responsible for ISO 14001 and ISO 14004, shares her perspectives on future challenges.
The main challenge that faces the management systems community is as Charles Handy, the philosopher and writer on organizational behaviour and management, says not to let our past, however glorious, get in the way of the future. Rereading Handys book, Beyond certainty the changing world of organizations, published in 1995, reminded me just how quickly things have and are changing.
When I was doing my MBA, we looked at organizational structure. It focused on all the different types of structures, i.e. the way organizations operate and, back then, the most common one was bureaucracy. Peoples views of what an organization 1) is have changed since then. The article (see pages 4 to 9) by Oswald Dodds, my predecessor as Chair of ISO/TC 207/SC 1
(see box, Tribute to retiring SC 1 Chair ) recounts the evolution of the group responsible for ISOs standards for environmental management systems and some of the challenges it has and continues to face. Reading it made me think about the importance of not losing organizational experience, learning and memories when dealing with situations of rapid change. Without our
SPECIAL REPORT
records, memories and experience, how do organizations grow and meet new challenges without repeating the same old mistakes and pitfalls something we, the SC 1 community, are aware of as we move forward without Ossie at the helm.
Being able to convincingly answer that most commonly asked question what is a management system and why is it relevant to my organization ?
Organizational challenges
I have already alluded to the change in perception of what is an organization ? and if I look back to the publication of the first edition of ISO 14001 in 1996, this perception has changed substantially. The following is but a short list of some of the new phenomena related to this change : more portfolio organizations ; much leaner organizations ; more service-based organization operating in diverse manners ; faster and more agile organizations ;
What are the challenges ?

As the new Chair of SC 1, I am asking myself a set of questions ones that I feel we need to ask, understand and answer. From my perspective, we in the management system community are facing a number of challenges, the most critical of which are : What do we now mean by an organization ? And does it fully cover what an organization is/could be? How do we ensure management systems meet stakeholders needs ?
Dr. Anne-Marie Warris, CEng, MBA, has been involved in the activities of ISO technical committee ISO/TC 207, Environmental management, since June 2000 as principal United Kingdom delegate to a number of groups, including work related to management systems, greenhouse gas accounting and carbon footprints. Dr. Warris is the new Chair of ISO/TC 207s subcommittee SC 1, which is reponsible for the environmental management system (EMS) standards ISO 14001 and ISO 14004 and which is also developing the new ISO 14005, giving guidelines for a phased implementation
of an EMS, and ISO 14006, giving guidelines on eco-design She joined the LR Group in 1989 to help develop and subsequently manage their environmental consultancy business. In 1996, she moved to LRQA to become global product manager for environmental management systems, subsequently extended to cover climate change. When this article was written, she was due to take up a new role in the LR Group focusing on external relations. E-mail anne-marie.warris@lr.org Web www.lrqa.org Web www.lr.org
cross-functional groups and project groups;

1) Organization as defined in ISO 14001:2004 as organization company, corporation, firm, enterprise, authority or institution, or part or combination thereof, whether incorporated or not, public or private, that has its own functions and administration. 2) A bigger world a special report on globalisation, The Economist, 20 September 2008.
growth from national to global organizations ; the change in global organizations with their headquarters in developed countries to ones based in emerging economies 2) ; the growth of small organizations.
more virtual working ; faster and mainly electronic communications ; more outsourcing, including the growth of the just in time approach to manufacturing, supermarket deliveries etc. ;
SPECIAL REPORT
Now, couple this change in w hat is an organization ? with the on-going complaint of management systems are too bureaucratic, so they do not suit my organization, and I believe this takes us to the next question:
Tribute to retiring SC 1 Chair

Anne-Marie Warris, the new Chair of ISO/TC 207/SC 1, the group responsible for ISO 14001 and ISO 14004, the management system standards in the ISO 14000 family, paid the following tribute to her predecessor, Oswald A. Dodds: Ossies contributions to the developments and success of ISO/TC 207/SC 1 were substantial. His calm leadership ensured solutions were found and issues managed in a pragmatic manner. There were many learning lessons in watching the manner in which items were managed to ensure a smooth transition and how major rocks in the rapids were negotiated without embarrassing anyone, or making them want to withdraw from the process. This included building bridges with other management system committees, while supporting and defending ISO 14001.
So what about stakeholders what are their needs ?

Well, they are many and varied. However, do organizations spot them quickly enough? Can they identify those critical issues that may change or affect the business environment in which the organization and its supply chain operate ? And if organizations do pick up the critical issues relating stakeholders, do they have a management system in place that allows them to process this information and knowledge in a way that benefits them and, ultimately, the stakeholders ? This is all about being sensitive to changing business environments and needs and being able to respond. Some recent examples include the switch to organic food and the demand for climate change friendly goods. So, the critical question is, id D the system get the right information and did the system take the appropriate action given the information ? If not, then stakeholder needs will not be met, nor is the system fit for the organization. This only furthers my view that we have to be able to answer the above commonly
And I do not mean in terms of a sophisticated ISO definition, but in terms of what it means to organizations and their stakeholders, whether they be internal or external. Certainly, from my experience, organizations and stakeholders talk a different language from the one that we in the management system community use : one that does not translate into the jungle of terms and concepts. We have to make our language match that of the organization and the challenges it faces in being able to meet stakeholder needs. So how do we make management systems work and respond to stakeholder needs ?
asked question and it may also explain why the whole issue of management systems is such a struggle for many.
But why are management systems seen as such a struggle ?

There are numerous answers, and I am sure we all have our own. But my simplistic and somewhat confrontational answers are : it is because it is a term or concept that basically is not understood ; it is also perceived as coming with a lot of negative baggage, such as its bureaucratic, of no use and does not deliver what either the user community wants, or the community the users serve want, let alone what external stakeholders need.
Does the following scenario sound familiar ? You are at a party or talking to a new friend and the conversation turns to work. So, what do you do ? In reply, you start explaining what a management system is and, eventually, depending on the politeness of the person you are speaking to, the conversation changes topic. Management systems are almost guaranteed to switch them off the conversation it all sounds just too boring. B u t h o w e x a c t l y d i d y o u explain what a management system is ? I believe our starting point to answering that commonly asked question, What is a management system and why is it relevant to my organization ? is for us to be clearer in describing what a management system is.
What do organizations actually want and need ?

I think organizations need a system which is flexible, multi-functioning and supported by an issues-based tool kit . Clearly, any system needs to fit the needs of the organization, as well as be integrated with the manner in which the business is managed otherwise, it will simply be a bolt-on , without generating significant added value. The characteristics of such a system are as follows : flexible the ability to adapt to the type of organization ; whether it is a small or medium-sized enterprise, or multi-national, in services or manufacturing, governmental or a charity ; multi-functioning capable of tackling the variety of challenges being faced
SPECIAL REPORT
by the organization to ensure it stays in control in todays fast changing business environment ; issue-based tool-kits having access to a number of compatible standards, tools, processes, etc. for managing and responding to stakeholder critical issues (which will be different from organization to organization). Whatever the system of the future looks like, it will have to : be clear about what it is and its benefits ; be designed to support organizations in the widest sense of what an organization is ; have the capacity to link, with little or no fuss, to other relevant systems both within and outside of the organization ; use plain and simple language i.e. words that are in everybodys daily conversations.
2) capability again in abundance in SC 1 to find the pragmatic and flexible solutions needed to help organizations manage their critical issues ; 3) commitment to allocate sufficient time for SC 1 and ISO to develop management systems. This is where I have concerns. The current SC 1 experts are hugely committed, working many hours beyond what is expected. However, when the amount of hours required by the organizations employing the experts increases, where does that leave the time available their ISO work and developing the management system standards that will help organizations of the future?
The management system of the future will have to be clear about what it is and its benefits
If ISO/TC 207/SC 1 has the 3Cs and answers the three questions I have posed in this article, I personally believe that management systems have a bright future. I know it is going to be a challenge, but it is one that I look forward to. In particular, I look forward to working with colleagues from around the world in ensuring that the International Standards we develop meet organizational and stakeholder needs as well as protect our planet.
We in the management system community are facing a number of challenges
My belief is that in order for us to achieve this utopia, ISO/ TC 207/SC 1 needs the following 3Cs: 1) courage and we have that in plenty to challenge perceived wisdom and historical habits ;
ISO INSIDER
vey The ISO Sur cat ion s o f Ce r t i fi
2007
The ISO Survey 2007 shows ISO management systems standards implemented in 175 countries
by Roger Frost
tries and economies. Services again accounted for 32 % of all certificates issued. The increase appears much smaller than in 2006 (+ 16 %) and according to the survey several factors may have combined to produce this result : The 2007 survey data collection methodology was strongly re-focused on obtaining figures from primary sources, the certification bodies that actually issue certificates, to reduce the increased possibility of error inherent in obtaining data from secondary sources (accreditation bodies and databases). This has resulted in the totals for several countries being revised downwards. Certification activity slowed down in anticipation of the forthcoming new edition of ISO 9001, with organizations adopting a wait and see attitude, as many did in the run-up to the 2000 edition. The market for certification is maturing in certain countries where this activity began early on.
9 Dec. 2004 660 132 162 213 154 Dec. 2005 773 867 113 735 161 Dec. 2006 896 929 123 062 170 Dec. 2007 951 486 54 557 175
13.10.2008
12:03:00
2007.ind ISO Survey
d C1
The ISO Survey 2007 reveals certification activity around one or more of ISOs management system standards in 175 countries, up from 170 in 2006 a clear demonstration , according to the survey, that they have become essential tools of the world economy . ISO Secretary-General Alan Bryden comments : he surT vey illustrates in a very concrete manner the extent to which ISO management system standards are meeting the organizations strategic objective of global relevance in other words, adding value for the organizations that use them all over the world. The principal findings of the survey are as follows :
Global picture
ISO 9001
ISO 9001:2000, Quality management systems Requirements with guidance for use
Up to the end of December 2007, at least 951 486 ISO 9001:2000 certi cates had been issued in 175 countries and economies. The 2007 total represents an increase of 54 557 (+ 6 %) over 2006, when the total was 896 929 in 170 countries and economies.
ISO 9001:2000 principal results World results

World total World growth Number of countries/ economies Dec. 2003 497 919 330 795 149
The continuing growth of sector- or activity-specific editions of ISO 9001 reduces the number of certifications to the generic standard. The trend for organizations to replace multiple single-site certificates by one certificate covering all sites continues, although its extent is difficult to quantify, and also reduces the number of certificates.
Worldwide total of ISO 9001:2000 certificates December 2003 to December 2007

1 000 000 900 000 800 000 700 000
Annual growth of ISO 9001:2000 certificates December 2003 to December 2007
Top 10 countries for ISO 9001:2000 certificates China : 210 773
ISO 9001:2000 (quality management)

Up to the end of December 2007, at least 951 486 ISO 9001: 2000 certificates had been issued in 175 countries and economies. The 2007 total represents an increase of 54 557 (+ 6 %) over 2006, when the total was 896 929 in 170 coun-
350 000
Italy : 115 359 Japan : 73 176 Spain : 65 112 India : 46 091 Germany : 45 195 USA : 36 192 United Kingdom : 35 517 France : 22 981
300 000
250 000 600 000 500 000 400 000 300 000 100 000 200 000 100 000 0 Dec. 03 Dec. 04 Dec. 05 Dec. 06 Dec. 07 50 000 200 000
150 000
0 Dec. 03 Dec. 04 Dec. 05 Dec. 06 Dec. 07
Netherlands : 18 922
(left and top of next page) The ISO Survey 2007 is now available in paper and CD versions.
The ISO Survey of Certifications 2007

ISO Survey 2007.indd 9
13.10.2008 12:03:12
ISO INSIDER
ISO 14001
Global picture
ISO 14001:2004, Environmental management systems Requirements with guidance for use
Up to the end of December 2007, at least 154 572 certi cates had been issued in 148 countries and economies. The 2007 total represents an increase of 26 361 (+ 21 %) over 2006, when the combined total was 128 211 in 140 countries and economies.
ISO/IEC 27001:2005 (information security management)

A t t h e e n d o f D e c e m b e r 2007, at least 7 732 ISO/IEC 27001:2005 certificates had been issued in 70 countries and economies. The 2007 total represents an increase of 1 935 (+ 33 %) over 2006 when the total was 5 797 in 64 countries and economies. Service sector organizations accounted for 90 % of the certificates issued. The survey results continue to shed light on the evolution of the global economy, with newly emerging economies such as China, India, Brazil and the Russian Federation appearing among the leading countries for totals of certificates issued, or growth during 2007. Countries other than the established industrialized economies showing intensive certification actitivity include Bulgaria, the Czech Republic, the Republic of Korea, Mexico, Poland, Romania, Thailand and Turkey.
ISO 14001:2004 principal results

10
World results
World total World growth Number of countries/ economies
Total
Dec. 2005 of which ISO 14001:2004 56 593 107
Dec. 2006 128 211 17 049 140
Dec. 2007 154 572 26 361 148
111 162 21 225 138
Stakeholder consensus enables ISO 26000 on social responsibility to move up in development status
by Roger Frost
Worldwide total of ISO 14001:2004 certificates December 2005 to December 2007
Annual growth of ISO 14001:2004 certificates December 2005 to December 2007
Top 10 countries for ISO 14001:2004 certificates
160 000 140 000 120 000 100 000 80 000 60 000 40 000 20 000 0
28 000 26 000 24 000 22 000 20 000 18 000 16 000 14 000 12 000 10 000 8 000 6 000 4 000 2 000 Dec. 05 Dec. 06
Dec. 05 Dec. 06 Dec. 07
China : 30 489 Japan : 27 955 Spain : 13 852 Italy : 12 057 United Kingdom : 7 323 Korea, Republic of : 6 392 USA : 5 462 Germany : 4 877 Sweden : 3 800
Dec. 07
France : 3 476
The ISO Survey of Certifications 2007
The future ISO 26000 standard giving guidance on social responsibility has passed an important stage in its development by moving from the status of a working draft to a committee draft, indicating that a high level of consensus is being built among the multi-stakeholder representation within the ISO Working Group on Social Responsibility (WG SR).
ISO Survey 2007.indd 10
ISO 14001:2004 (environmental management)
Up to the end of December 2007, at least 154 572 certificates had been issued in 148 c ount rie s and econo mi e s. The 2007 total represents an increase of 26 361 (+ 21 %) over 2006, when the total was 128 211 in 140 countries and economies. The service sectors accounted for 29 % of certificates issued, up from 27 % in 2006.
been issued in 81 countries and economies. The 2007 total represents an increase of 7 199 (+ 26 %) over 2006 when the total was 27 999 certificates in 78 countries and economies.
13.10.2008 12:03:12
ISO 13485:2003 (quality management for medical devices)

Up to the end of December 2 0 0 7 , a t l e a s t 12 9 8 5 I S O 13485:2003 certificates had been issued in 84 countries and economies. The 2007 total represents an increase of 4 959 (+ 62 %) over 2006 when the total was 8 026 in 81 countries and economies.
More information
ISO makes available the principal findings of the survey free of charge on the ISO Web site. More information, including industry sector breakdowns, can be found in The ISO Survey of Certifications 2007, which is a combined brochure and CD costing 48 Swiss francs. It is available from ISO national member institutes (listed with contact details on the ISO Web site www.iso.org) and from ISO Central Secretariat (sales@iso.org). The resolution approving the circulation of the document as a committee draft was one of the main outcomes of the 6th plenary meeting of the WG SR, which took place on 1-5 September 2008 in Santiago, Chile. The meeting was one of the largest ISO standards development meetings ever held with 386 experts attending from 76 ISO member countries and 33 liaison organizations.
ISO/TS 16949:2002 (quality management for automotive suppliers)

Up to the end of December 2007, at least 35 198 ISO/TS 16949:2002 certificates had
ISO INSIDER
The decision to move to the CD stage is not only a milestone in the process of developing ISO 26000, says WG Chair, Jorge E.R. Cajazeira. It is also living evidence that the multi-stakeholder approach adopted by ISO for this task is an effective tool for dealing with complex subjects in large and highly diversified groups. WG SR Vice Chair, Staffan Sderberg, comments, What impresses me the most is the way the SR experts were able and willing to find a consensus even on the most difficult topics. This meeting proved to me the strength of a stakeholder dialogue. Representatives of six stakeholder groups participate in the WG SR: industry; government; labour; consumers; nongovernmental organizations; and service, support, research and others. Two experts from each stakeholder category one from a developed country and one from a developing country take part in the Integrated Drafting Task Force (IDTF) which is responsible for reviewing and revising the ISO 26000 drafts. Representatives from the International Labour Organization and the United Nations Global Compact are also participating in the IDTF.
key topics to be addressed at the plenary : 1. International norms of behaviour ; 2. Nature of reference to social responsibility initiatives ; 3. Nature of reference to government ; 4. Sphere of influence (including issues relating to value chain and supply chain) ; 5. Picking and choosing (including issues pertaining to relevance and significance and prioritization).
Sufficient progress and consensus on these issues was achieved at the meeting to enable the upgrade of ISO 26000 to a committee draft, which is expected to be completed and released within three months. Publication of ISO 26000 as an International Standard is currently expected in September 2010.
The 6th plenary meeting of the WG SR hosted by the Chilean National Institute for Standardization (INN) and the opening ceremony included speeches by the Minister of Economy, Hugo Lavado ; the Minister of Labour, Osvaldo Andrade, and Executive Director of INN, Sergio Toro. Summing up the current state of development of ISO 26000, WG Chair Jorge Cajazeira concludes : It is encouraging to see how principles and expectations drawn from high-level international agreements, such as the Universal Declaration of Human Rights, are being incorporated in ISO 26000 a way that can be understood and practically applied by organizations worldwide in both public and private sectors. ISO Deputy Secretary-General Kevin McKinley paid tribute to the work accomplished by the WG SR when he spoke at a reception for the group in Santiago : The WG on Social Responsibility represents an exciting and important development in the ISO family. Since the launch of this project in ISOs work programme, I have seen an exemplary level of dedication, effort, commitment and stakeholder engagement on this extremely broad and challenging subject of social responsibility. Further information on the ISO/WG SR and ISO 26000 is available on its public Web site : www.iso.org/sr Its working documents are publicly accessible at : www. iso.org/wgsr
This meeting proved the strength of a stakeholder dialogue
A historic moment : the resolution to elevate ISO 26000 to committee draft status is approved and greeted enthusiastically at the 6th plenary meeting of the ISO Working Group on Social Responsibility in Santiago, Chile. From left : Sophie Clivio, Technical Programme Manager, ISO Central Secretariat ; Khawla AlMuhannadi, Spokesperson for the Resolutions Committee ; Kristina Sandberg, Secretary of the WG SR ; Staffan Sderberg, Vice Chair of the WG SR ; Jorge E. R. Cajazeira, Chair of the WG SR ; Eduardo Campos de So Thiago, WG Co-Secretary. (Photo: Jens Henriksson.)
Key topics
Prior to the Santiago meeting, the WG SR had received some 5 200 comments on the second edition of the fourth working draft of the standard. On the basis of these comments, the IDTF identified the following
ISO Deputy Secretary-General Kevin McKinley (right) in conversation in Santiago with Lars Flink, CEO of the Swedish Standards Institute (SIS) which provides the twinned leadership of the WG SR with the Brazilian Association of Technical Standards (ABNT).
ISO INSIDER
ISO and IAF announce schedule for implementation of accredited certification to ISO 9001:2008
by Roger Frost
ISO (International Organization for Standardization) and the IAF (International Accreditation Forum) have agreed on an implementation plan to ensure a smooth transition of accredited certification to ISO 9001:2008, the latest version of the worlds most widely used standard for quality management systems (QMS). The details of the plan are given in the joint communiqu by the two organizations (see box). audited and certified by independent certification bodies (also known in some countries as registration bodies) to ISO 9001:2000. ISO 9001 certification is frequently used in both private and public sectors to increase confidence in the products and services provided by certified organizations, between partners in business-to-business relations, in the selection of suppliers in supply chains and in the right to tender for procurement contracts.
Joint IAF-ISO communiqu

Implementation of accredited certification to ISO 9001:2008
ISO and the IAF (International Accreditation Forum) have agreed an implementation plan to ensure a smooth migration of accredited certification to ISO 9001:2008, after consultation with international groupings representing quality system or auditor certification bodies, and industry users of ISO 9001 certification services. ISO 9001:2008 does not contain any new requirements They have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 based on eight years of experience of implementing the standard world wide with about one million certificates issued in 170 countries to date. It also introduces changes intended to improve consistency with ISO14001:2004 The agreed implementation plan in relation to accredited certification is therefore the following : Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO 9001:2008 as an International Standard Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after official publication of ISO 9001:2008 (which should take place before the end of 2008) and after a routine surveillance or recertification audit against ISO 9001:2008. Validity of certifications to ISO 9001:2000 One year after publication of ISO 9001:2008 all accredited certifications issued (new certifications or recertifications) shall be to ISO 9001:2008. Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issued to ISO 9001:2000 shall not be valid.
The QMS of about one million organizations have been certified to ISO 9001:2000
Like all of ISOs more than 17 400 standards, ISO 9001 is periodically reviewed to ensure that it is maintained at the state of the art and a decision taken to confirm, withdraw or revise the document. ISO 9001:2008, which is due to be published before the end of the year, will replace the year 2000 version of the standard which is implemented by both business and public sector organizations in 170 countries. Although certification is not a requirement of the standard, the QMS of about one million organizations have been
ISO is the developer and publisher of ISO 9001, but does not itself carry out auditing and certification. These services are performed independently of ISO by certification
ISO INSIDER
bodies. ISO does not control such bodies, but does develop voluntary International Standards to encourage good practice in their activities on a worldwide basis. For example, ISO/IEC 17021:2006 specifies the requirements for bodies providing auditing and certification of management systems.
Colombias Environment Minister urges TC 207 to continue fighting climate change

by Kevin Boehmer
Further confidence
Certification bodies that wish to provide further confidence in their services may apply to be accredited as competent by an IAF recognized national accreditation body. ISO/IEC 17011:2004 specifies the requirements for carrying out such accreditation. IAF is an international association whose membership includes the national accreditation bodies of 49 economies. ISO technical committee ISO/TC 176, Quality management and quality assurance, which is responsible for the ISO 9000 family of standards, is preparing a number of support documents explaining what the differences are between ISO 9001:2008 and the year 2000 version, why and what they mean for users. Once approved, these documents will be posted on the ISO Web site.
ISO technical committee ISO/ TC 207, Environmental management, held its 15th plenary meeting in Bogot, Colombia, from 21-28 June 2008, hosted by ICONTEC, the ISO member for the country. Mr. Juan Lozano, Colombias Minister of Environment, Housing
Among 26 resolutions passed and work progressed, a decision was taken to set up a new Chairs NGO Contact Group to explore opportunities to enhance the participation of nongovernmental organizations in ISO/TC 207 work at national and international lev-
Mr. Robert Page, new Chair of ISO/ TC 207, has an international reputation for his work on energy and the environment.
els. Dr. Robert Page was confirmed as the new Chair of ISO/TC 207, in succession to Mr. Daniel Gagnier (see box). Following is a summary of the key achievements of the TC subcommittee (SC), working group (WG) and task group (TG) meetings during the week.
and Territorial Development, and Mr. Fabio Tobn, Executive Director of ICONTEC, opened the meeting attended by approximately 200 representatives from 37 ISO member bodies and five liaison organizations. Mr. Lozano encouraged delegates to continue ISO/TC 207s contribution to fighting climate change and to encouraging the dissemination of environmental management and sustainable development.
Mr. Fabio Tobn, Executive Director of ICONTEC, the Colombian nationals standards body, welcomes the ISO/ TC 207 delegates to the Bogot meeting. Mr. Tobn (second from right) at the top table.
Chairmans Advisory Group (CAG) Small-andMedium Enterprise (SME) Task Group

The needs of small and medium-sized enterprise were addressed by the SME TG which agreed to focus short-
ISO INSIDER
term work on: the promotion of ISO 14001 for certification and other forms of recognition; understanding of auditing time guidelines; building capacity within ISO/TC 207 to enable SME experts to participate more effectively; inviting SME experts from the International Council for Small Business and regional affiliates to participate in ISO/TC 207 work; exploring the possible use of sectoral guidance in implementing ISO 14000 standards by SMEs.
climate change applications: to continue support for the translation of documents to Spanish, Arabic, Chinese and other languages.
Ad hoc Group on Desertification

The group recommended development of an ISO standard specifying principles, requirements and performance indicators for combating desertification, and encouraged the national standards bodies of Egypt, China and Spain to consider submitting a new work item proposal on this work.
Spanish Translation Task Force (TF)

The TF approved the Spanish translation of the draft ISO Guide 64, Guide for the inclusion of environmental aspects in product standards, and ISO/FDIS 14050, Environmental management Vocabulary, and will prepare Spanish versions of ISO/CD 14005, Environmental management systems Guidelines for staged implementation of an environmental management system, including the use of environmental performance evaluation.
New Chair of ISO/TC 207

Dr. Robert Page has succeeded Mr. Daniel Gagnier as the new Chair of ISO/TC 207. Dr. Page is currently the TransAlta Professor of Environmental Management and Sustainability, Energy and Environmental Systems Group, Institute for Sustainable Energy, Environment, & Economy, University of Calgary, Canada, where he is also an Adjunct Professor in the Haskayne School of Business. He is also the acting Chair of the Government of Canadas National Round Table on the Environment and the Economy (NRTEE). He is known nationally and internationally for his work on energy and the environment in areas such as climate change, emissions trading, biodiversity and protected spaces, environmental impact assessment, and policy and regulation. Dr. Page has served for the Government of Canada in international negotiations on the Conference of the Parties for the Kyoto Protocol, the North American Free Trade negotiations, and trade and the environment.
Developing Countries Contact Group (DCCG)

The DCCG passed resolutions: to formalize regional co-operation networks for Southern Africa, Northern Africa, Latin America and Asia Pacific; to increase capacity to apply ISO/TC 207 standards with a focus on
The author
SCs and WGs

Key decisions and resolutions passed by the subcommittees and their working groups included :
SC 1, Environmental management systems

Kevin Boehmer is Secretary of ISO/TC 207, Environmental management, and is also Secretary of ISO working groups WG 5, Climate change, and WG 6, Greenhouse gas validation and verification bodies. He works for the Canadian Standards Association (CSA), has a Masters degree in environmental planning and 20 years experience in the environmental sector.
E-mail kevin.boehmer@csa.ca Web www.tc207.org Web www.csa.ca
Reviewed results of the consultant on the second committee draft of ISO 14005, Environmental management systems Guidelines for a staged implementation of an environmental management system, including the use of environmental performance evaluation. It was agreed to issue the document as a Draft International Standard (DIS) established two new subgroups on new technologies and discussion of interpretation queries confirmed Mr. Noer Wardojo as SC 1 Vice-Chair for a new term of office.
Mr. Jacques Salamitou, (third from right) expert from France, states the importance of the standards for environmental performance evaluation for SMEs.
ISO INSIDER
SC 3, Environmental labelling
established a TG to examine alignment and adaptation of the ISO 14020 series of environmental labelling standards ; will prepare an addendum to ISO 14021 to cover additional symbols and selected claims.
ISO launches development of future standard on energy management

by Roger Frost
example, a presentation was given by UNIDO on the preparatory work the organization has carried out to support the ISO process by researching energy management needs in developing countries.
This will ensure maximum compatibility with key standards such as ISO 9001 for quality management and ISO 14001 for environmental management. The project committee is fully committed to an ambitious schedule and aims to have ISO 50001 ready for publication by the end of 2010. ISO Secretary-General Alan Bryden commented : his T first meeting of PC 242 marks the launch of a new global approach to systematically address energy performance in organizations pragmatically addressing energy efficiency and related climate change impacts. It is fully in line with and supportive of the global mobilization on these major challenges, and with the IEAISO 1) position paper on the contribution of International Standards.
Globally relevant
This gave PC 242 an insight into the different policies and situations around the world which need to be taken into account in the development of a globally relevant International Standard for energy management. Excellent progress was made in the technical discussions and a first working draft has already been created. A major point of discussion is the need to ensure compatibility with the existing suite of ISO management system standards. The committee therefore took the key decision to base the draft on the common elements found in all of ISOs management system standards.
SC 4, Environmental performance evaluation

decided to register the review of ISO 14031 as a Stage 0 project ; established a new TG to review ISO 14031 before the next ISO/TC 207 plenary ; encouraged SC 1 to link ISO 14001 with ISO 14031.
The first meeting of ISOs new project committee PC 242 which is to develop an International Standard on energy management standard was held on 8-10 September in Washington, DC, USA. The future ISO 50001 will establish a framework for industrial plants, commercial facilities or entire organizations to manage energy. Targetting broad applicability across national economic sectors, the standard could influence up to 60 % of the worlds energy use. The meeting was attended by delegates from the ISO national member bodies of 25 countries from all regions of the world, as well as representation from the United Nations Industrial Development Organization (UNIDO), which has liaison status with PC 242. All the participating countries have existing activities on energy management and have a strong interest in also developing a harmonized solution at the international level. As part of the proceedings, delegates described their various initiatives in detail. For
SC 5, Environmental life cycle assessment

nominated Mr. M. Finkbeiner as new SC 5 Chair ; established a new WG 7 to develop ISO 14045 on ecoefficiency assessment ; proposed development of a new life cycle costing standard.
1) www.iso.org/iso/iso_iea_paper.pdf
SC 7, Greenhouse gas management and related activities

completed an outline proposal for a carbon footprint of products standard : Part 1, Quantification, and Part 2, Communication.
ISO INSIDER
New ISO standard provides information security guidelines for health sector
by Janet Maillard, Acting Communication Officer, ISO Central Secretariat
The highly sensitive area of personal health information and how best to protect its confidentiality and integrity while assuring its availability for healthcare delivery is the issue addressed by the newly published ISO 27799:2008, Health informatics Information security management in health using ISO/IEC 27002. ISO 27799:2008 applies to health information in all its aspects whatever form the information takes, whatever means are used to store it and whatever means are used to transmit it. The standard specifies a set of detailed controls for managing health information security and provides health information security best practice guidelines. By implementing this International Standard, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their size and circumstances.
Health informatics systems must meet unique demands to remain operational in the face of natural disasters, system failures and denial-ofservice attacks. At the same time, the data they contain is confidential and its integrity must be preserved. Because of these critical requirements, and regardless of their size, location and model of service delivery, all healthcare organizations need to have stringent controls in place to protect the health information entrusted to them. Further, the increasing use of wireless and Internet technologies in healthcare delivery, and the consequent growth of electronic exchange of personal health information between health professionals, not only makes the need for effective IT security management in healthcare all the more urgent, but also implies a clear benefit to adopting a common reference for information security management in healthcare. As indicated by its title, ISO 27799:2008 is a companion to ISO/IEC 27002:2005, Information technology Security techniques Code of practice for information security management. Professionals from the health sector have contributed their expertise to defining guidelines to specifically support the interpretation and implementation of ISO/IEC 27002 in health informatics.
Adaptability
An important consideration was the adaptability of the guidelines, bearing in mind that many health professionals work as solo health providers or in small clinics that lack dedicated IT resources to manage information security. Although all of the security control objectives described in ISO/IEC 27002 are relevant to health informatics, some controls require additional explanations with regard to how they can be used to best protect the confidentiality, integrity and availability of health information. Also, there are some additional requirements that are specific to the health sector. This International Standard therefore provides additional guidance in a format that persons responsible for health information security can readily understand and adopt. ISO 27799 contains a practical action plan for implementing ISO/IEC 27002 in
a health environment. Taken together, these two standards define what is required in terms of information security in healthcare. Three informative annexes are included in the new standard, covering respectively, the general threats to health information; tasks and related documents of the information security management system; and the advantages of support tools as an aid to implementation. ISO 27799:2008, Health informatics Information security management in health using ISO/IEC 27002, was developed by ISO/TC 215, Health informatics. It costs 154 Swiss francs and is available from ISO national member institutes (listed with contact details on the ISO Web site www.iso.org) and from ISO Central Secretariat (sales@ iso.org).
Fast torwarci.
.A. MW
41
A* 4r
't
4 , 0' a "
0-
V
l ow
40,
411111 1 1"0 . 0 .
'P 0
of
-.0 ,0' Pr IV
.
ak
rte 4
National Standard s Bodies in Developing Countries.

A strong national standardization infrastructure can help developing countries and transition economies make rapid progress. It acts as a lever for economic development , trading capacity and a support for consumer, social and environmental protection. Fast forward - N a t i o n a l Standards Bodies in Developing Countries is a user-friendly introduction and practical too[ for people who are tasked with p the est ablishment, upgrading and management of a national standards body in a developing country or transition economy. The book is based on the combined wisdom and experience of ISO and the United Nations Industrial Development Organization (UNIDO). A5 format, 88 pages, colour.
Hard copies are available free of charge (fee for postage and handling) from ISO national member institutes (listed with contact details on the ISO Web site at www.iso.org), and from the ISO Central Secretariat Web store at www.iso.org/isostore or by e-mail to sales@ iso .org. They can also be downloaded as a PDF file from the ISO Web site.
ISBN 978-92-67-10477-5
International Organization for Standardization ISO Central Secretariat 1, ch. de la Voie-Creuse CH-1211 Geneve 20
Case postale 56
=SO
INTERNATIONAL
Port of Houston Authority achieves ISO 28000 certification for security efforts
One of the worlds largest ports, the Port of Houston ranks first in the US for foreign waterborne tonnage and second for total tonnage. In 2002, it became the first US port to attain ISO 14001 certification for its environmental management programme. Six years later, it has become the first port authority in the world to attain ISO 28000:2007 certification for security.
by Wade Battles
Wade Battles was named Managing Director of the Port of Houston Authority in June 1999. He oversees all of the ports administrative and operational departments. A long-time maritime professional who began his career in United States Virgin Islands as a stevedore and vessel agent, Mr. Battles has been an active member of numerous industry associations, including the American Association of Port Authorities (AAPA). He was recently reappointed to the US National Maritime Security Advisory Committee.
Contact : Maggi Stewart E-mail mstewart@poha.com Web www.portofhouston.com
[Photo credits: PHA]
PHA sees its ISO 28000 certification as a validation of its attention to US Coast Guard regulations.
INTERNATIONAL
As the worlds first port authority to earn ISO 28000: 2007 certification, the Port of Houston Authority (PHA) achieved an important distinction in the area of supply chain security management this year.
ISO 28000 and ISO 14001 project managers collaborate to communicate their programmes jointly to port stakeholders. They work closely together in training, implementation of improvements and reaching out to stakeholders.
by highly trained personnel. ISO 28000:2007 specifies those security aspects critical to security assurance of the supply chain. PHA Port Police and the perimeter security systems at Barbours Cut and Bayport terminals were certified to the standard. Four years ago, the Port Police, the Security Management System (SMS) Advisory Group and PHA senior management began to work together to attain the ISO standard. Achieving this landmark recognition was an extensive exercise in self-
New standard
The Port of Houston is one of the busiest in the US. The process of achieving ISO 28000 certification helped PHA to shape a set of policies and procedures geared toward developing a more secure port that is staffed by highly trained personnel.
The process of achieving certification to this new standard for security helped PHA to shape a set of policies and procedures geared toward developing a more secure port that is staffed
A comprehensive, third-party audit of our security management system, confirming through the certification process that it is compliant with the ISO standard, gives us international recognition. It sets us apart from other ports that are not certified and forces us to standardize our policies and procedures. It gives us a framework on which to build toward continual improvement in our security systems and the strengthening of our relationships with our shippers and security partners. This certification validates not only the PHAs attention to US Coast Guard regulations, says PHA Chairman James T. Edmonds, but also that we have gone beyond the requirements, while still
ensuring the efficient movement of commerce. The certification follows an earlier ISO standard achievement. In 2002, the PHA was the first US port to attain environmental ISO 14001 certification for its environmental management system. Although the standards are significantly different, the experience of the PHA Environmental Affairs Department allowed the PHA to implement ISO 28000 more efficiently, using the lessons learned from the implementation of ISO 14001, most notably, in the areas of communication and documentation of the programme.
INTERNATIONAL
examination, critical analysis, uniformity and ambitious goal setting. The ISO standard offered an opportunity to refine the details of the security system at the port to identify weaknesses and implement improved controls for their mitigation, says PHAs Patricia Ramsey, SMS Project Manager. It was a testimony to solid teamwork that much of this work was achieved through work groups. Starting from an operational control perspective, nearly a year was focused on documenting processes and procedures, detailing beat descriptions, specifying work instructions and the standardization of police and security forms a refining of internal documentation and numerous process improvements. The most important resource used for the project was the support and guidance of senior management as well as the SMS Advisory Group and other subject matter experts within the Port of Houston Authority, says Mr. Ramsey. In addition, a technical writer was employed on the project to assist in document control and records management. Work groups were established to develop streamlined processes and procedures and to brainstorm solutions and programmes. For example, an SMS Objectives Work Group, made up of representatives from pertinent departments
(police, fire, security, legal, engineering, management information systems) brainstormed objectives and targets for presentation to the senior management, who selected from the list. The work group then developed programmes and timelines to support these objectives and targets. Responsibilities to meet the targets are shared across interdepartmental lines.
Cut terminals as a component of more detailed programmes. The goal is to improve security while at the same time reducing by 20 to 40 % the processing times through implementation of an electronic visitor and vendor management system.
document the system in the language of the ISO standard and to identify and develop the required improvements. Since the PHA had previously attained ISO 14001 certification for its environmental stewardship, the assistance of the PHA EMS project
Four objectives
Continual improvement is one of the cornerstone goals of the ISO standard, and with that in mind, PHA senior managers targeted four objectives : Emergency response planning A comprehensive emergency response plan, which includes environmental, safety, security and first responders, is being developed to include all current emergency response plans into one document. A consultant is being employed to facilitate the project. Equipment management Framed within six-toeight-month project times, the team is documenting inventory, instructions in the use and protocol associated with radios, vehicles, uniforms, weapons management and qualifications, as well as improvements required. Entry processing times of visitors and vendors Documentation was in place at Bayport and Barbours
Six years after obtaining ISO 14001 certification, PHA has attained ISO 28000 certification for security.
Training of PHA personnel with security duties While Port Police officers have the required training to maintain their State police officer certification, one of the features of the new SMS is the cross-training of emergency responders, support groups and others with security duties. There are additional goals to improve port-specific training for police officers and dispatchers and to improve and enhance maritime domain awareness. When the project began, the PHA already had in place a robust security management system. The challenge was to manager was instrumental in understanding the language of the ISO 28000 standard and translating the generic requirements to the specific context of the PHA.
ISO 28000 gives us a framework for continual improvement

In order for personnel at all levels of the PHA to understand the ISO standard, SMS awareness training was implemented for more than 300 PHA employees, tenants and stakeholders. They included Port Police and security
INTERNATIONAL
guards, as well as the marine department, operations, maintenance and administration at Barbours Cut and Bayport terminals. Training was specifically targeted to identified groups according to their level of security duties and included an explanation of the ISO process, standard and requirements for certification as well as their place in the layered security management system. This training resulted not only in increased awareness, but also greater understanding of individual roles in the interdepartmental responsibilities and improved daily compliance.
Chuck Russo, President of ABS Quality Evaluations, presents PHA Chairman Jim Edmonds and a group of key PHA employees who were involved in PHAs Security Management System effort with the official ISO 28000 certificate on 25 March 2008. From left : Wade Battles, PHA Managing Director; Jerry Simon, Facilities Security Officer, Turning Basin; Gil Thompson, Assistant Chief of Port Police; Patricia Ramsey, SMS Representative/Project Manager and Administrative Manager, Port Police; PHA Chairman Jim Edmonds; Chuck Russo, of ABS; Daniel Foster, Facilities Security Officer, Barbours Cut and Bayport terminals; and H. Thomas Kornegay, PHA Executive Director.
management reviews, PHA was ready for certification in early 2008. The port authority passed the independent audit by ABS Quality Evaluations and received high praise from ABS president Chuck Russo. We were impressed with the robustness of the Port of Houston Authoritys management system and the significant effort the port (authority) has put in to achieve this, said Mr. Russo. Now that the ISO 28000 has been established, maintenance and continual improvement is under way. Meeting the SMS objectives are a priority for the entire port authority. As the ISO 28000 is established and successfully maintained, additional terminals will be added to the certification process. Implementation of ISO 28000 was highly beneficial to the PHA. ISO 28000 encourages a deeper level of commitment to the everyday details of the SMS. Numerous improvements were made during the implementation of the ISO 28000 and continual improvement is now a part of the mindset of Port Police and other security stakeholders.
The initial ISO 28000 certification is a significant first step. Because of the requirement for continual improvement, re-certification will be more difficult because the bar is always being raised. While the port authority welcomes the challenge, it must be careful to coordinate the strengthening and growth of its security programme with PHAs primary operational mission of moving cargo and facilitating commercial growth.
ISO 28000 encourages a deeper level of commitment
ISO 28000 and ISO 14001 project managers collaborate

Comparing the PHA security management system to the ISO standard allowed for exposure of both the strengths and weaknesses in the system. This allowed the opportunity to further document strong programmes and to initiate continual improvements in the security management system during the process In mid-2007, members began work on the core part of the SMS documentation. Basing its SMS on current process and procedures, the team examined and developed ways to improve upon those policies and procedures. Guided by frequent senior
We must find the proper balance between expediting commerce and ensuring security. ISO 28000 certification means that we not only meet the requirements of MTSA (The Maritime Transportation Security Act of 2002), but that we go above and beyond those requirements.
Proper balance
Increased cooperation and understanding between departments has resulted in improved security processes and compliance and improved documentation and training on procedures.
INTERNATIONAL
Singapore company enhances supply chain security with ISO 28000

Leading Singaporean supply chain management company YCH Group, recently certified to ISO 28000:2007, is already seeing benefits in greater security awareness, better alignment to customs processes, and an enhanced
by Tien Yushan
reputation among clients, governments, regulators and other stakeholders.
Tien Yushan is Head of Corporate Communications of the YCH Group.

E-mail yushan.tien@ych.com
A biometric fingerprint identification system operates at the entrance to a YCH bonded warehouse containing high-value goods.
The YCH Group, a leading Singapore-based logistics and supply chain management (SCM) company, recently became what we believe to be the first end-to-end SCM provider to be certified to ISO 28000:2007, Specification for security management systems for the supply chain, to ensure the overall safety of our customers goods. As an SCM provider, accountability to customers cargo and ensuring a safe and secure shipment flow is of utmost importance hence security has always been a YCH priority. However, the company decided to implement ISO 28000:2007 to endorse its commitment to security excellence, and as a logical progression after receiving the Secure Trade Partnership Certification by Singapore Customs, and the Transported Asset Protection Associations (TAPA) certification for freight security.
The terminology is very similar to ISO 14001 and ISO 9001
(Photos: YCH)
INTERNATIONAL
Since ISO 28000:2007 is an internationally recognized security management system (SMS) standard, we knew it would also provide a platform for governmental and customs security initiatives, and facilitate validation for customers requiring compliance to the US Governments C-TPAT (CustomsTrade Partnership against Terrorism) initiative in dealing with the US Customs.
adjustment to bring it into line with the standards requirements. We focused mainly on a thorough review of the documentation, procedures and physical security measures currently in place. Interviews were conducted with senior management of all departments that had an interface with supply chain security.
A pallet of goods being transferred by crane to conveyor belt in the YCH ASRS facility.
The key benefit of the assessment was that it provided a very clear road map of the enhancements required to achieve certification, facilitated a more defined plan for implementation and minimized the risk of project cost over-runs. At the same time, the probability of successful certification increased dramatically.
Independent audit
Following our own site assessment, we appointed international certification body Lloyds Register Quality Assurance to conduct an independent audit which culminated in ISO 28000:2007 certification in May 2008 with the scope of a security management system for the sup-
A YCH employee uses the latest state-of-the-art RFID (Radio Frequency Identification) equipment to scan goods.
Certification stages
YCH adopted a two-stage ISO 28000:2007 implementation and certification process involving : site assessment independent audit.
Security is now everyones business
Site assessment
The purpose of this first stage was to provide evidence that our SMS was in conformity with ISO 28000:2007, and identify any gaps requiring
Corporate headquarters of ISO 28000:2007-certified supply chain management company YCH Group in Singapore.
INTERNATIONAL
From left to right John Stansfeld, Director and President of Lloyds Register Asia and Dr. Robert Yap, Chairman & CEO of the YCH Group, at the ISO 28000:2007 certification award ceremony.
ply chain applicable to provision of warehousing and logistics services .
Implementing at all levels

Security programmes used to be focused mainly on physical security. Now we look at it through a different lens, one that encompasses a more proactive risk based system approach towards security management. And where security was once just a matter for the security department, it is now everyones business. Improvements to supply chain security processes used to be cyclical and based on scheduled reviews, but now it is a continual process requiring commitment from all departments within YCH. More importantly, YCH CEO, Dr Robert Yap took the lead in driving ISO 28000:2007 implementation across all levels at YCH. Where supply chain security was a customer-driven requirement, we now leverage on security excellence as a
YCHs ISO 28000:2007-certified ASRS (Automated Storage Retrieval System) in operation at one of the companys central distribution hubs.
competitive advantage and market differentiator. This was the key driver that underscored the change management process we put in place to manage the transition. enhanced image and credibility through decreased smuggling, theft and damages ; better monitoring of freight flow ; improved supply chain performance ; fast, stable and more predictable border crossing processes ; faster recovery from unforseen disasters ; better customs regulations and process compliance. While it will take time to see tangible evidence of these benefits, we have already achieved greater security awareness throughout the organization, with better alignment to customs processes in the countries in which YCH operates.
Benefits
Although ISO 28000:2007 certification was only recently awarded, we anticipate the following benefits :
INTERNATIONAL
Other concrete benefits experienced to date include enhanced reputation for YCH within the SCM industry, and among its clients, governments, regulators and other stakeholders. In addition, we see greater access to new business opportunities through improved competitiveness.
the company was founded in 1955, and will continue to be a top priority in the YCH way of doing business. We believe that over time ISO 28000:2007 will become the global benchmark and the single most important International Standard for supply chain security. As a prerequisite for vendor selection and tendering processes it will likely become the common language among organizations operating within the supply chain industry.
Interface with other standards

ISO 28000:2007 is the only truly global supply chain security management system. However, while it differs from other system standards because of its SMS specialization, the good news is that the terminology is very similar to ISO 14001 and ISO 9001, and it can be easily cross referenced to both. It also uses the same risk-based approach to identifying security threats and assessing their respective risks as ISO 14001.
About the YCH Group

The control system/sensor board of YCHs ASRS system.
ment. It also ensures that key business decisions are based on a process of proactive and effective risk assessment. Implementing ISO 28000:2007 has enabled YCH to scale up its security management system to manage all of the companys security needs in a realistic, sustainable and cost-effective manner across its network of facilities in Asia-Pacific. While YCH is happy to have received the endorsement for its ongoing efforts to enhance supply chain security, the certification is not an end in itself. Rather, we see it as one of the milestones of our continuous security excellence journey which began when
Founded in 1955, the Singapore-based YCH Group is the leading integrated end-to-end supply chain management and logistics partner to some of the worlds largest companies including Canon, Dell, Moet-Hennessy and Motorola. YCH is recognized for its innovative and seamless approach to integrating supply chain strategy with execution, employing cutting edge Web technologies to streamline the supply chains of clients in the electronics, chemical/healthcare and consumer goods industries. The company employs some 4 000 people and currently operates throughout Asia-Pacific, including Singapore, Malaysia, Thailand, Indonesia, Philippines, Hong Kong, Australia, China, India, Korea, Japan and Vietnam. Last year, YCH handled more than USD 50 billion worth of goods for its customers in the region along the secured supply chain. As a forerunner in worldwide supply chain security, YCH is the first SCM recipient of ISO 28000: 2007, Specification for security management systems for the supply chain. E-mail corporate@ych.com Web www.ych.com
International benchmark
ISO 28000:2007 provides a systematic approach to security management for global supply chains. It has also given the YCH Group a foundation for other international security initiatives, including C-TPAT and the Authorized Economic Operator programmes already adopted by many leading multinationals. The standard offers a pragmatic and business-centred approach to risk management as a critical component of effective security manage-
INTERNATIONAL
Spanish sports club scores with ISO 9001:2000

Spanish professional sports club Portland San Antonio has achieved ISO 9001:2000 certification to enhance the quality management of contracts with players and sponsors, and membership services. Spin-offs include better day-today efficiency, a new computerized equipment storage system, and improved public image.
by Jos Ignacio San Miguel

Jos Ignacio San Miguel is Manager of the Portland San Antonio Club.
E-mail info@portlandsanantonio.com Web www.portlandsanantonio.com
1) This report is based on an article first published in the May 2008 issue of AENORs journal, UNE Spanish Association for Standardization and Certification (AENOR) E-mail aenor@aenor.es Web www.aenor.es
Portland San Antonios handball team enjoyed its greatest successes in 2001 with victories in the European Cup, the Spanish Super Cup and the Kings Cup.
INTERNATIONAL
Let sport be a means of human development was the philosophy on which Andoni Santamara founded the Association of Former Students of the School of San Antonio in Pamplona, Spain, in November 1955. The aim was to create a club in which men and women of different social backgrounds would be free to develop their sporting and cultural interests.
The quality trophy

After more than 50 years of existence, Portland San Antonio began thinking about establishing a quality management system (QMS) based on ISO 9001:2000, the global benchmark. An ISO 9001:2000-conforming QMS can be of great value to organizations that implement the International Standard rigorously, since it promotes continual improvement and can improve public image. Accordingly, the club management decided to seek certification, and chose the Spanish Association for Standardization and Certification (AENOR)1) as the certifying body. Obtaining ISO 9001:2000 was to be our gold medal, the culmination of the quest for quality, and proof for sponsors and patrons of our firm commitment to continual improvement.
ISO 9001:2000 promotes continual improvement and can improve public image
The Portland San Antonio Club began playing roller hockey the following year, the first of its sporting disciplines. The club now plays in the Oviedo first division. Many hockey team members started in roller racing, another club sport. In fact, the San Antonio circuit race is the oldest competition of its kind in Europe and was one of the clubs first successes in this discipline. While the speed skating event enjoyed considerable international participation for 26 years, it was the 28th year that marked a great leap forward with the presence of the best skaters in the world. Handball was introduced at San Antonio in 1956 and its greatest successes to date came in 2001 when the club won the European Cup, the Spanish Super Cup and the Kings Cup.
Certification would offer public authorities a guarantee that grants and subsidies would be properly managed
At the same time, certification would offer public authorities a guarantee that grants and subsidies received by the club would be properly managed. Furthermore, we agreed that establishing a QMS would enable us to reform and update all our internal administrative systems.
All Portland San Antonio Club teams and activities are managed with the support of an ISO 9001:2000-certified quality management system.
tions and of the computer programme used by the club to register members and season-ticket holders a crucial factor in managing gate receipts. Other factors taken into account were the orderly functioning of the organization, the classification of documents, enhancement of facilities to bring them up to standard, control of sports equipment, and strict
The first step

The first step on the road to quality and continual improvement was to determine the scope of certification. For Portland San Antonio, this would cover the administrative management of contracts with players and sponsors, and management of memberships. AENOR inspectors conducted an audit of those func-
INTERNATIONAL
accounting of subsidies received by the club from public bodies and sponsors. The ISO 9001:2000 implementation process involved a total overhaul of the entire organization its offices, administration, documentation, contracts, players, officials, technical staff and, very importantly, its past and present archives, including the systems used to store old and existing material and all team equipment.
ter. We were all on unfamiliar ground outside our normal working environment, i.e. the business of sport. However, once the project was under way, the cooperation of all the members of the Portland San Antonio Club was vital in achieving certification, as it involved all our activities and the daily routine. We were also assisted greatly by Servicios Normativos, the consulting company that guided us along the quality trail.
obtain ISO 9001:2000 certification from AENOR. The certificate was presented in May 2008 to Miguel Galarraga, President of the Portland San Antonio Club, by AENOR Director Emilio Flamarique.
One of the most immediately noticeable improvements has been the computerization of the storage system for sports equipment, past and present. In conclusion, we consider QMS certification to have been a great achievement, resulting in many benefits in our day-to-day business, and an enhanced public image for the club
Many advantages
ISO 9001:2000 certification has brought many advantages to the Portland San Antonio Club. Thanks to the new
It was a demanding but beneficial exercise for the club. Explaining the new project and the changes involved to members of the governing board and club representatives was not a simple mat-
Pioneers
The exercise was a pioneering experience and of great interest to the club. It resulted in our becoming the first professional sports club to
QMS, our offices are now run more efficiently, all routine documents have been updated and new locations have been found for existing archives.
ISO 9001:2000 certification has raised the image of Portland San Antonio Club amongst fans, sponsors and the media.
INTERNATIONAL
Italian survey : Do organizations ensure environmental competence of suppliers?

To what extent do ISO 14001:2004-certified organizations conform to Clause 4.4.2 in ensuring that suppliers performing tasks on their behalf
by Daniele Pernigotti and Orsola Martina Scarpa
are competent to do so? An Italian survey of large certified industrial companies in the Venice area sought answers.
One major difference between ISO 14001:2004 and the original 1996 edition concerns the role of suppliers to organizations implementing the international environmental management system standard (EMS). One aim of the current second edition is to extend the involvement of people beyond the internal employee to those in other entities operating on behalf of the ISO 14001:2004-certified organization. This change in the standard responds to the trend towards externalization
of processes and services in todays markets. While this intention may have been explicit in the 1996 edition, its application was not necessarily taken for granted. ISO 14001:2004 focuses on clarification of the first edition, particularly in requirement 4.4.2, Competence, training and awareness : The organization shall ensure that any person(s) performing tasks for it or on its behalf that have the potential to cause a significant environmental impact(s) identified
Daniele Pernigotti is an environmental consultant and trainer specialising in environmental management systems (EMS), life cycle assessment, environmental product declaration and climate change. He was an Italian delegate to ISO TC/207, environmental management, (SC 1, WG 5 and WG 6) representing the national standardization body UNI, and collaborates with SINCERT, the Italian accreditation body. Daniele also lectures on EMS at the Ca Foscari University in Venice, and recently had a book on climate change published by the Italian national business media group Il Sole 24Ore.
E-mail dpernigotti@aequilibria.com Web www.aequilibria.com
Orsola Martina Scarpa graduated in environmental science at C Foscari University, and was formerly environmental health and safety leader for an environmental service supplier located in Marghera. Orsola now works for an Italian petrochemical company as buyer for soil groundwater remediation contracts.
The Ca Foscari University study into awareness of ISO 14001:2004 requirements by suppliers acting on behalf of certified organizations focused on large industrial companies in Maghera, on the Venice Lagoon.
INTERNATIONAL
by the organization is (are) competent on the basis of appropriate education, training or experience, and shall retain associated records.
Italian study
We carried out a study at the Faculty of Environmental Sciences at the Ca Foscari University in Venice to analyze the extent to which this ISO 14001:2004 requirement is applied by Italian industry, with a focus on the Marghera industrial area situated on the Venice Lagoon. Our research was based on responses to a questionnaire followed by field interviews among three different groups: 1. The largest ISO 14001:2004certified organizations located in Marghera, compared with other important Italian industrial sites such as Brindisi (Puglia), Porto Torres (Sardinia) and Priolo Gargallo (Sicily). 2. Their suppliers, also operating in Marghera, in order to compare responses with those of the certified organizations. 3. The certification bodies involved.
The route to training suppliers in EMS requirements is followed by only 25 % of ISO 14001:2004-certified industrial organizations in Maghera, Italy. Clause 4.4.2 of ISO 14001:2004 specifications requires a certified organization to ensure that any persons performing tasks on its behalf with the potential to cause significant environmental impacts are competent to do so on the basis of appropriate education, training or experience.
more than on the qualification deriving from certification. The suppliers seem to have a similar point of view, declaring that the key reason for ISO 14001:2004 certification is to improve competitiveness, rather than in response to a specific request from their clients. However, the responses to the question about effective communication of the
Findings
Some 75 % of certified organizations in Marghera consider EMS certification of their suppliers as an important, but not fundamental, requirement. This appears to conform to the ISO 14001:2004 focus on the request to ensure competence,
environmental policy to any person(s) performing tasks for it or on its behalf, and distribution of the operating procedures to suppliers, were not so consistent. All certified organizations surveyed said they communicated their environmental policy to suppliers, and 87 % of those operating in Margh-
era also provided appropriate operating procedures. Yet only 43 % of suppliers said they received policy details from clients. It is important to note that there were no exclusive clientsupplier relationships in the sample, therefore it was not possible to draw any definitive conclusions from the different
INTERNATIONAL
answers obtained, but one can certainly have some doubts about the effectiveness of policy distribution. Interestingly, when responding to the questionnaire, all the certified organizations said they distributed environmental operating procedures to their suppliers. However, when asked the same question during field interviews, only 30 % of them confirmed this activity. This difference is probably due to some confusion between the health and safety procedures (always distributed) and environmental procedures, since they overlap in certain areas. The particular attention to health and safety may be also a consequence of the specific characteristic of this industrial area where the majority of the companies carry out activities covered by the European Unions Seveso Directive, which aims to prevent major accidents resulting from industrial activity. Consequently, health and safety is a major preoccupation of management.
ISO 14001:2004 states that such competence should be achieved through one or more of the following options : education ; training ; experience. The certified organizations seemed to prefer the experience option (100 % of Marghera respondents, 60 % of others) and education (75 % Marghera, 100 % others), in preference to training.
The certification bodies confirmed a lack of conformity on this point during certification or surveillance audits, probably caused by difficulties in making the transition from the previous version of the standard. Introduction of a new edition of any standard is likely to present a challenge to the certified organization, particularly when other organizations are involved, as in this case. The lack of records should not be seen as a mere formality, since record keeping should be central to the competence of those who work on its behalf.
be extended beyond its site location ? What should be the minimum acceptable level of records covering those who work on behalf of the organization, particularly for the more complex entities, and how much attention should certification bodies pay to this issue ? Also, is it acceptable to maintain records at supplier level only rather than at personal level ?
Training
In view of those responses, it was interesting to investigate how those organizations decided to apply the training route to people employed in other companies. Only 25 % of the ISO 14001: 2004-certified organizations based in Marghera involve their suppliers in some form of training 50 % by delivering such courses directly to external workers, and the other 50 % by training selected supplier representatives who are then expected to cascade those concepts to colleagues.Although different in approach, both these options meet the requirements of the standard. However, there would appear to be a lack of conformity in meeting the requirement to retain associated records. Over 64 % of the certified organizations studied said they did not keep records of competence for each employee working on its behalf , but only of the supplier as a whole.
Conclusion
The study we carried out at the Ca Foscari University indicates that participating organizations are now more aware of the role of suppliers in their environmental management systems although that involvement is not always in conformity with ISO 14001:2004 requirement 4.4.2. It would be interesting to know if this situation is specific to the small sample analyzed, or is representative of organizations in other countries and sectors. Also, further improvement in the situation highlighted by this study could be achieved if the internal audits carried out within certified organizations included a specific check to ensure that the implications of Clause 4.4.4 were fully understood and the corresponding actions implemented.
Record keeping should be central to the competence of those who work on its behalf
Also, employment of temporary workers introduces the risk of lower levels of competence of those carrying out everyday activities that have potentially critical environmental impacts. To improve the quality of ISO 14001:2004 implementation in this respect, some clarification of the following from accreditation and standardization bodies at national and international level would be helpful: Who should be classified as workers performing tasks on behalf of the organization, and how far should this involvement
On its behalf
Questioning the competence of external people to perform tasks on behalf of the certified organization gave rise to different interpretations from respondents. Some considered this to cover only the service suppliers operating on their site, while others believed the concept extended to many suppliers, including transport companies and chemical laboratories.
INTERNATIONAL
British project on measuring carbon footprint of products

The British Standards Institution (BSI) is leading the development of a Publicly Available Specification (PAS) for a method of measuring the embodied greenhouse gas (GHG) emissions from goods and services at the request of the United Kingdoms Department for Environment, Food and Rural Affairs and The Carbon Trust.
by Katherine Hunter and Maria Varbeva-Daley
Katherine Hunter is Head of Market Development, Sustainability, with BSI British Standards.
E-mail katherine.hunter@bsigroup.com Web www.bsigroup.com
Maria Varbeva-Daley, is a Senior Consultant with BSI British Standards.

E-mail maria.varbeva-daley@ bsigroup.com Web www.bsigroup.com
Climate change has been identified as one of the greatest challenges facing governments, nations, businesses and citizens over the coming years. A major factor in this is the release of CO2 and other greenhouse gases (GHGs)
through human activity such as the burning of fossil fuels and chemical processes. Businesses around the world are facing up to the challenge of climate change. The measurement of greenhouse gas emissions is the first step in estab-
INTERNATIONAL
INTERNATIONAL
lishing responsibility towards the environment. To date, methods for measuring, reporting and verifying the direct GHG emissions from processes are well developed. These include the GHG Protocol a decade-long partnership between the World Resources Institute and the World Business Council for Sustainable Development and ISO 14064 Greenhouse gases Part 1: Specification with guidance at the organization level for quantification and reporting of greenhouse gas emissions and removals. An increasing number of forward-thinking businesses are now looking beyond reducing just the direct operational carbon emissions from their businesses to the indirect emissions from the supply chains of their goods and services (collectively referred to as products ). The life cycle GHG emissions (combined direct and indirect emissions) associated with goods and services reflect the impact of processes, materials and decisions occurring throughout the life cycle of goods and services. A broad community and industry recognition of this fact has ushered in the recently published Publicly Available Specification (PAS) 2050 Specification for the assessment of the life cycle greenhouse gas emissions of goods and services. BSI British Standards has worked with the Department for Environment, Food
and Rural Affairs (Defra) and The Carbon Trust, a government established company aiming to reduce carbon emissions of the United Kingdoms businesses, to deliver PAS 2050. The development has been led by an independent Steering Group chaired by Jim Skea, Director of the United Kingdom Energy Research Centre, with members from businesses, nongovernmental organizations, government and academia.
are being identified implemented.
and
In order to inform the development of PAS 2050, Defra commissioned an independent review of the current methods relevant to measuring life cycle greenhouse gas emissions of products and services. Current Life Cycle Assessment (LCA) techniques enable a detailed, rigorous quantification of climate change and other impacts across the life cycle of products and services and are well developed in the ISO 14000 series of standards, guides and associated tools (ISO 14040-44, ISO 14047, ISO 14048, ISO 14049).
Entire life cycle

PAS 2050 aims to provide a single agreed methodology for measuring the greenhouse gas emissions for good and services across their entire life cycle. It can be applied across a wide range of industry sectors, goods and services, enabling accurate comparisons to be made and offering the potential for international use. In order to be taken up and used effectively, it is necessarily scientifically rigorous whilst also practical and cost-effective for business to use (a requirement tested by rounds of pilot studies by Carbon Trust and Defra). By looking at the life cycle emissions of products those emitted in the process of creating, modifying, transporting, storing, using, providing, disposing of and/or recycling of goods and services significant new opportunities to make improvements and reduce emissions
Businesses are facing up to the challenge of climate change

In its non-abridged form, LCA is highly resource intensive and different results can be obtained depending on how the LCA is scoped or the boundaries set. At the other end of the scale, environmental Input Output analysis can be used to provide a general, top down understanding of where the most significant impacts are. Hybrids of these approaches can be an appropriate option for measuring impacts at a product group level, but comparability can be problematic at product specific level due to method and data limitations.
PAS 2050 builds on these existing LCA methods to further clarify the implementation of these standards in relation to the assessment of greenhouse gas emissions of products. It also establishes additional principles, techniques and requirements that address essential aspects of GHG assessment, including : establishing business-tobusiness and business-toconsumer assessment, and requirements for the use of partial GHG assessment data in full GHG assessments of products ;
scope of greenhouse gases to be included ; criteria for global warming potential factors ; treatment of emissions from land use change, biogenic and fossil carbon sources and carbon capture and storage ; treatment of the impact of carbon storage in products, and offsetting ; allocation rules for GHG emissions arising from specific processes ;
data requirements, and accounting for emissions from renewable energy generation ; claims of conformity.
(a supplier of South African fruit to the United Kingdom), Morphy Richards, Continental Clothing Company Ltd and Kimberley-Clark. PAS 2050 does not include a requirement for communication or standardization of communication techniques, but it does support the assessment of life cycle GHG emissions of products that can be later reported and communicated to stakeholders, including consumers, through a method such as product labelling. The Carbon Trust is currently developing a Carbon Reduc-
tion Label which is based on PAS 2050 and will eventually act as a bridge between the carbon-conscious company and its customers. PAS 2050 is freely available from the BSI Web site at : www.bsigroup.com/PAS 2050 BSI British Standards is currently developing a guidance document, available by the end of 2008, to be used in conjunction with PAS 2050.
Stakeholder consultation
In addition to the wide stakeholder consultation carried out by BSI British Standards, The Carbon Trust ran pilots of PAS 2050 at various stages throughout its drafting, the findings from which have been fed back into the drafting process. Companies taking part in the pilots include Tesco, Colors
4A
lob&
AAAM
t a
ire
LA-
oi
y
l '
. `
Standards for sustainabl e developmert
_. I
Fortunately, ISO has a system for complaints handling.

Even the best organization can't expect all its customers to be satisfied all the time. And complaints can provide benefits. Complaints can give an organization valuable information about how its products and services are performing. Positive treatment of unhappy customers can increase their loyalty. Three ISO standards offer a comprehensive framework for comp laints management - from prevention, through handling to dispute resolution. ISO 10001:2007, Quality management - Customer satisfaction - Guidelines for codes of conduct for organizations ISO 10002 :2004 , Quality management - Customer satisfaction - Guidelines for complaints handling in organizations ISO 10003:2007, Quality management Available from ISO national member institutes (listed with contact details on the ISO Web site at www.iso.org) and from the ISO Central Secretariat Webstore at www.iso.org/isostore or e-mail to sales@iso.org ,
International Organization for Standardization Central Secretariat 1, ch. de la Voie-Creuse

Case postale 56 CH-1211 Geneva 20
Customer satisfaction - Guidelines

for dispute resolution external to organizations
=so
NEXT ISSUE
ISO/IEC 27001 for SMEs

ISO/IEC 27001 is a standard for information security management that can be used by small, medium and large organizations and is applicable to all types of business and business sector. Although the SME market is adopting this standard, individual small and medium-sized enterprises are still slow on the uptake due to the lack of
SPECIAL REPORT
basic advice on how to implement this standard. To help resolve, situation, ISO is developing a book providing the much-needed advice for SMEs. This will provide straightforward, step-by-step advice on what to do to implement this standard in their business making ISO/IEC 27001 accessible to all SMEs in all business sectors. This article provides a preview of this forthcoming ISO book.
VIEWPOINT
New Chair of ISO/TC 207
ISO INSIDER
Future management system standard on energy
Existing ISO standards for quality management systems (ISO 9000 series) and environmental management systems (ISO 14000 series) have successfully stimulated substantial, continual efficiency improvements within organizations around the globe. The future ISO 50001 energy management system standard is expected to similarly achieve major, long-term increases in energy efficiency (20 % or more) in industrial facilities.
INTERNATIONAL
The Big D becomes the Green D Isle of Man Ship Registry anchored to ISO 9001
Certified to ISO 9001 since 1996, it was the arrival of ISO 9001:2000 that really turned the Isle of Man Ship Registry into a fan, explaining: ISO 9001 works because of its common sense approach and its eight core quality principals are clearly obvious steps for any business to pursue whether they are seeking certification or not.
City Hall, Dallas, Texas.
Dr. Robert Page has succeeded Mr. Daniel Gagnier as the new Chair of ISO/TC 207. He is known nationally and internationally for his work on energy and the environment in areas such as climate change, emissions trading, biodiversity and protected spaces, environmental impact assessment, and policy and regulation.
The City of Dallas is largely known across the globe for being bigbig money, big business, and big hair (as in the Dallas TV series)and is appropriately nicknamed, Big D . However, the Big D is now known as Green D as a result of a three-year ISO 14001 implementation and certification programme across all major City Depart- The Isle of ments, a first in any US munic- Man ensign. ipal organization.
Worlds largest nongovernmental school meal programme puts ISO 22000 on menu
tr
AIPW
l _
II
ts
iiI
rmeoc
&
JJ
4'
F
..,
. ,_
. Yin.. haRio to hio
10,11, "07 00% 00 ^.
organized.
. r
T :T4T j ' > iT'
ITJipr
i
00 0
for a sustainable
ISO standards
r-
"
Ago )
, a me.r r. r
world
mar/
The integrated use of management system standards.

Organizations face multiple challenges. Quality and environmental management , information security, food safety, supply chain security and occupational health and safety among others. More and more are turning to management system standards (MSS) to help them meet such challenges efficiently and effectively. The combined book and CD, The integrated use of management system standards , explains I )w to integrate the required lements of different standards w ithin the organization 's overall management system. Based on t h e p r a c t i c a l experience of organizations large and small , the book identifies methodologies , tools and good practice. An investment for only 48 Swiss francs (USD 44 - EUR 30).
Available from ISO national member
institutes (listed with contact details on the ISO Web site at www . iso.org) and from the ISO Central Secretariat Webstore at www.iso.org / isostore or e-mail to sales@iso.org.
ISBN 978-92-67-10473-7
International Organization for Standardization ISO Central Secretariat 1, ch. de Ia Voie-Creuse

Case postale 56 CH-1211 Geneve 20

IMS20081101

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

IMS20081101

Caricato da

Copyright:

Formati disponibili

Vol. 8, No.

When Results Count. ISO Standards.

ISO Management Systems

Next generation ISO 14001

Measuring carbon footprints of products

Port of Houston and ISO 28000

The ISO Pack on Food Safety Management Systems on CD.

stretch across continents and include producers , processors,

just 379 Swiss francs (about USD 340 - EUR

Case postale 56 CH-1211 Geneva 20

ISO Management Systems, www.iso.org/ims

ISO 9001:2008 respite or opportunity?

9001:2008 9001:2008 9001:2008 9001:2008 9001:2008 9001:2000

ISO Management Systems November-December 2008 1

ISO Standard s Collection - ISO 9000 Quality management.

There's another benefit that's

agement system s t a n d a r d s and

ch for 300 Swiss 260 , EUR 180).

francs (about USD

9001:2000 . The ISO Standards

You'll be proud to put it to work.

ISO Management Systems, www.iso.org/ims

SPECIAL REPORT Next-generation ISO 14001

IMS 6-2008 E.indd 1

Three questions and 3Cs

ISO, November-December 2008

ISO Management Systems November-December 2008 3

ISO Management Systems, www.iso.org/ims

ISO Management Systems, www.iso.org/ims

Next-generation ISO 14001

4 ISO Management Systems November-December 2008

ISO Management Systems November-December 2008 5

ISO Management Systems, www.iso.org/ims

ISO Management Systems, www.iso.org/ims

ISO/TC 207s business plan

Where or not to integrate MSS really is a major strategic issue

ISO 14001 and ISO 14004 today

Issues around the quality and credibility of certification continue to arise

6 ISO Management Systems November-December 2008

ISO Management Systems November-December 2008 7

ISO Management Systems, www.iso.org/ims

ISO Management Systems, www.iso.org/ims

ISO 14001 is now implemented in nearly 150 countries

The next editions of ISO 14001 and ISO 14004

State of the art

8 ISO Management Systems November-December 2008

IMS November-December 2008 9

ISO Management Systems, www.iso.org/ims

Next-generation ISO 14001

10 ISO Management Systems November-December 2008

ISO Management Systems, www.iso.org/ims

What are the challenges ?

cross-functional groups and project groups;

ISO Management Systems November-December 2008 11

ISO Management Systems, www.iso.org/ims

Tribute to retiring SC 1 Chair

So what about stakeholders what are their needs ?

But why are management systems seen as such a struggle ?

What do organizations actually want and need ?

12 ISO Management Systems November-December 2008

ISO Management Systems, www.iso.org/ims

We in the management system community are facing a number of challenges

ISO Management Systems November-December 2008 13