To be 14001 certified you must have a documented system (procedures) in place and you must adopt environmental activities that promote improvement in environmental issues.  You are NOT required to change the way your business operates nor adopt any activity that will be detrimental to the organization.  Typically organizations focus on simple and easy activities that actually provide financial benefit to the organization.

The main procedures and activities cover (usually new) processes in your organization to formally identify and record what environments aspects exist within the organization and what impacts they have.  Procedures then require identification of the most important and the establishing of programs and objectives to improve “some” environmental issues.  As mentioned, these are expected to have a positive financial impact on the organization like the reduction of energy usage or the reduction of waste.

The organization must also  formalize the control over those impacts that it has identified (e.g. if you have equipment that expels dust or affect the air, then you have to have equipment or procedures that describes how you control that equipment to make sure it performs as expected).

The processes for identifying environmental aspects and impacts and setting programs and objectives, needs to be repeated at least annually.  A few other processes are also necessary – Emergency response plans, knowledge of environmental legal requirements and control over communication regarding environmental issues.

Finally you must control (with procedures) the supporting activities which will ensure that the environmental system described so far, continues to exist.  This includes document control, record control, training, calibration, internal auditing, management review, non-conformance management and corrective and preventive action control.

All of these processes and procedures operate in a coherent management system that is internally audited to ensure everything continues to work effectively, provides demonstrable improvements in environmental impacts (not necessarily anything “big”) and assures protection where impacts actually occur.

Finally ISO 14001 certificates are issued by accredited certification bodies in the established way.  You must subject yourself to audit to prove your system meets the requirements of the standard.

To do this successfully you will need some expertize in ISO 14001, resources to define processes, write procedures and implement activities, and commitment of management to support the program.

Cavendish Scott consults, trains and audits in ISO 14001.  ISO 14001 is actually quite straightforward and can be designed and implemented very quickly without much internal effort.  Cavendish Scott will also help maintain your system so you don’t have to worry about it.

Yes — but obviously this is controversial.

The most common issue or mistake with ISO systems is the structure of the documentation.  One approach is to structure documentation around the ISO standard.  One document is written for each requirement of the standard until all of the requirements are “explained” in a document.  This approach is very effective at meeting the requirements of the standard and is easy to “boilerplate” – which is why some consultants are comfortable with this approach.  The resulting documents don’t provide much additional value as they really only describe the standard and thus aren’t much use for improvement or even straightforward management.  Because the documentation and the processes it described doesn’t have much meaning to the organization, the documents are often ignored and thus as things change in the organization, documentation doesn’t get updated and problems occur with certification.  This approach usually requires constant and deliberate management to keep ISO registered.

An alternative approach is the “process approach” which is advocated by ISO itself.  In this approach, documented procedures are written that describe the activities in the organization.  These documents are actually quite useful as they clarify the right way of doing things and can be used for review and improvement.   The documents become a tool through which the business is organized and operated.  Maintenance is not a chore but a natural part of what is done.

These two extremes are easy to understand and one is described above as clearly better than the other.  However, it is very difficult to achieve a process based system.  What should I include in the procedure?  What level of detail?  How and where do I get the requirements?  Should the requirements from one section be in one procedure?  What if requirements seem inapplicable?  It is also true that in smaller organizations the benefits to be obtained from any ISO system are less substantial than they are in a larger organization.  Consequently the ease of implementation and simple acknowledgment of the expected maintenance effort are easy to accept as a price for certification.

If you are using a consultant you should demand a process based system.  Before contracting get them to describe and commit to that approach.  If you attempting ISO alone and you are a small organization (very small 1-5 people and not real expectation of growth) then you have more options.

AS9100C (the latest version) was issued in January of 2009.  However it is not currently possible to be registered/certified to it.  The IAQG (International Aerospace Quality Group) has published a timeline that explains how and when organizations can become certified but this is currently awaiting two activities to be completed.

First, a companion standard AS9101 must be re-published to the D revision.  This standard contains instructions on how AS9100 should be audited and in the C version included a full standard checklist (which is now to be optional).  The substantial changes mean that AS9100C cannot be audited until this standard is published.  Currently this standard is being issued as a draft.  The draft will then need to be reviewed and voted upon.  That process will take many months that will mean it will not be available for final issue until about the end of the first quarter 2010.

Secondly, mandatory training is currently being designed.  This training has been identified by the IAQG as necessary to ensure better and more consistent auditing of AS9100.  A single source designer is about to be identified and when training materials are completed and approved by the IAQG, they will be made available to other training providers to deliver.  At this point, the single training designer has not been identified, materials have not yet been approved or made available for presentation.  It is currently expected that training will be “available” during the first quarter of 2010

If both of these tasks are completed on time then certifications to AS9100C should be possible shortly after.  It is recommended that you don’t plan on until mid to late summer 2010.  Cavendish Scott Intends to provide general training for AS9100C, the mandated AS9100C training and other AS training once these events are more defined.  We also intend to provide AS9100C upgrade materials and tools.

AS9100 is the Aerospace Industry version of ISO 9001. It takes the whole ISO 9001 standard and adds Aerospace specific requirements.  The additional requirements include such things as a requirement for defined processes for configuration control, project management and risk management – as well as many minor clarifications, extensions etc.

AS9100 is controlled by the IAQG (International Aerospace Quality Group) with the aim of strengthening the Aerospace supplier industry.  Their control over the auditing and certification process is such that the auditors tend to be very tough (no soft grading and recording ALL findings).  AS9100 is just as straightforward as ISDO 9001 but just more intense.  If you want to attempt AS9100 be prepared to implement a “tight” system without cutting corners.

Good Question.

Conventional wisdom is that step one is to determine your current situation.  In larger and more complex organizations this is more valid than in simpler and smaller organizations.

A formal gap audit will be conducted very much like an ISO assessment audit.  Each process will be examined, details will be checked and a comprehensive report will be generated.  Perhaps it doesn’t need to be as long as a formal ISO audit but gap audits are still often quite lengthy.

In many cases it is easy to determine the current situation.  “We don’t do internal audits, we haven’t got a formal calibration program, we don’t have a management review meeting”.  Many of the supporting ISO requirements are not implemented in organizations and you don’t need a formal gap analysis to tell you that.

The primary processes in an organization – those that you do for a living, tend to be in good shape.  ISO is such a good standard that if you are successful then you are probably meeting ISO 80-90%.  Consequently it will take a really detailed gap audit to identify these issues and that may simply not be worth it.  Accept that some “tweaking” will be necessary during the project…..but not much.

In most instances, with  a project plan in place,  the gap analysis has a very short life as any gaps are fixed within a few week.

When we perform consulting projects we skip the formal gap analysis in favor of a project planning exercise.  We look at each process, ask some telling questions and focus on planning the solution.  Documenting findings which we are going to fix in a few weeks is just  “busy work”.  We do a basic review of the current situation, produce a project plan identifying the ISO processes and cross referencing to the requirements we expect (at this stage) to address.  During the project, we get into each process in detail and make sure that everything is adequately addressed.  Thus any gaps that might have been around at the start of the project are not very relevant.  Of course we also course this a gap analysis!!