MMPC-019 Organization for

Quality

Indira Gandhi
TOTAL QUALITY
National Open University
School of Management Studies
MANAGEMENT

Block

5
SYSTEMS AND STANDRDS

UNIT 11 271
ISO 9000 Quality Management System

UNIT 12 286
ISO 14000 Environmental Management System

UNIT 13 299
Other Standards

UNIT 14 320
Management System for Safety and Health

UNIT 15 331
Quality Auditing and Certification
Organization and
Leadership BLOCK 5 SYSTEMS AND STANDRDS
This is the last block of the course and has the following five units and deals with
Management Systems for TQM. The various provisions of ISO 9000 Quality
Systems, and Environmental Management Systems, and management system for
Safety and Health are described. It also describes the provisions on Auditing and
Certification with respect to the Management System for TQM.

Unit 11 ISO 9000 Quality Management System

Unit 12 ISO 14000 Environmental Management System

Unit 13 Other Standards

Unit 14 Management System for Safety and Health

Unit 15 Quality Auditing and Certification

270
 ISO 9000 Quality
UNIT 11 ISO 9000 QUALITY MANAGEMENT Management System
SYSTEM
Objectives
After reading this unit you should be able to:

• Describe the concept of Quality Management System;

• Explain ISO 9000;

• Understand the benefits of implementing ISO 9000;

• Discuss different ISO 9000 series;

• Understand the documentation procedure of ISO 9000;

• Explain the method of implementing ISO 9000 QMS.

Structure
11.1 Introduction

11.2 Introduction to ISO 9000

11.3 Benefits of Implementing ISO 9000

11.4 Different ISO 9000 Series

11.5 Documentation of ISO 9001 QMS

11.6 Methods for implementing ISO 9001 QMS

11.7 Summary

11.8 Key words

11.9 Further Readings

11.1 INTRODUCTION
Joseph Juran, the world famous Quality Guru has called the twentieth century
the Century of Productivity and the twenty first century, the Century of Quality.
With liberalisation and globalisation of economies world over, the quality of
a product or service has become an essential feature for’ survival in the
competitive market. The importance of quality and standardisation became
evident during the period of the two World Wars i.e. 1914-18 and 1939-45.
During this period, armies, realised the necessity of quality, and armed forces
of different countries laid down their specifications for all their requirements
of arms, ammunitions, guns, tanks, vehicles, equipment and other supplies.
These were called “Defence Specifications (Defspecs) “Military
Specifications” (Milspecs) “Army Specifications” (Armspecs) and so on by
different countries. Once the specifications were finalised, quality control 271
ISO 9000 Quality was exercised through strict inspections. Material equipment that conformed
Management System
to the specifications was accepted and that which did not was rejected and
returned to the vendor. This inspection based method, however, did not
preclude the delivery of a certain percentage of defective or near defective
products to buyers due to variations in human perceptions. In 1924,Walter
Shewhart at Bell Laboratories in USA invented control chart as a tool for
measuring process variationsIn general, these statistical control methods were
limited to “‘ process control and to product inspection, and served to detect
non-quality. However, due to the outbreak of World War II in September 1939
and the hectic preparations for war during the preceding years, inspection
based quality control continued and Shewhart’s statistical control concepts
were utilised only to a limited extent. The end of World War II in 1945
witnessed a totally shattered industry in European countries which went
through one of the worst economic recession in history. Gigantic efforts were
mounted for reconstruction of industry and rehabilitation of economy.
Following a number of international conferences and meetings, the
International Organization for Standardisation based at Geneva was formed
with a membership of 25 countries including India as a formal member. It
was felt that through the use of commonly accepted standards, countries would
be in a better position to use each others’ commodities and manufactured
products and it would facilitate international and inter-country trade and
business. Use of International Standards developed the confidence of suppliers
and customers and hence an era of quality assurance came into being. The
International Organization continued to issue various product and system
standards which were accepted by all member countries. The membership of
this organization also kept growing and today its membership is nearly the
same as that of the United Nations. The concept of quality assurance was
subsequently developed into quality management during the nineteen sixties
when quality due to its importance was made as a function of management.
With growing emphasis on globalisation of economies in the world the eighties
and nineties transformed the concept of quality management into Total Quality
Management (TQM).

This unit discusses concept of ISO 9000 Quality Management System, its
benefits and requirements, the documentation that the system calls for, and
the implementation methodology.

ISO 9000 is a family of international standards for quality management

systems. The standards provide a set of guidelines and requirements for
organizations to ensure that their products and services consistently meet
customer requirements and that quality is continually improved.

11.2 INTRODUCTION TO ISO 9000

Since its inception the International Organization for Standardisation has been
272 issuing product standards as well as system standards. For the first time the
International Organization issued Quality system standard in 1987 under the ISO 9000 Quality
Management System
title: ISO 9000 Series of International Standards on Quality Management
Systems. These standards are revised periodically. In this series a total of 20
standards have been issued till date, out of which only three i.e.
9001,9002,9003 are contractual standards against which any organization is
certified and all other standards are guidelines for some purpose or other.
There is no significance of the figure 9000. When these standards were issued
the International Organization had already issued over 8000 standards and
they wanted to use a new series for the first ever Quality Management System
(QMS) ,hence ISO 9000. ISO 9000 standards are generic standards which are
neither industry specific nor product specific. These standards specify basic
quality system requirements. Quality system requirements are complementary
to product specifications or requirements as laid down in the product standards
or as specified by the customer/market. ISO 9000 Standards have proved to
be most popular of all the standards and have been adopted by majority of
countries worldwide including all developed countries. The reason for their
popularity is that these are very flexible, adaptable and user-friendly in
implementation. These standards lay down basic requirements for quality
system but do not specify how these should be implemented. It is left to the
discretion of the organization concerned as to how they implement keeping
in view their resources, constraints add work environment.

The first standard ISO 9000 is in four parts.

Part 1 is guidelines for selection and use - lay down Principal Concepts,
role of Documentation since it is fully documented system and
describes Quality System situations.

Part 2 consists of generic guidelines for application of ISO 9001, ISO

9002 and ISO 9003.

Part 3 provides guidelines for application in software companies and

Part 4 is for Dependability Programme Management.

ISO 9001, 9002 and 9003 are the contractual standards. These are the only
standards against which any organization is certified depending on its area
and scope of operations as under :

ISO 9001 : Mode1 for quality assurance in design, development, production,

installation and servicing.

ISO 9002 : Model for quality assurance in production, installation and

servicing.

ISO 9003 : Model for quality assurance in final inspection and testing stage.

ISO 9004 : Model for quality assurance to achive sustained success and
continual improvment in an organization performance.
273
ISO 9000 Quality ISO 9000 is a set of international standards for quality management systems
Management System
that provide guidelines for organizations to ensure that their products and
services consistently meet customer requirements and that quality is
continually improved. It is designed to be applicable to any organization,
regardless of its size, type, or location. The ISO 9000 family of standards
consists of several individual standards, including:

ISO 9001 : 2015 - the most widely used standard that provides the
requirements for a quality management system;

ISO 9004 : 2018 - provides guidance on how to continually improve the

performance of an organization;

The main principles of the ISO 9000 series of standards are:

• Customer focus
• Leadership
• Engagement of people
• Process approach
• Improvement
• Evidence-based decision making
• Relationship management

Organizations that meet the requirements of ISO 9001:2015 are certified by a

third-party certification body. This certification is evidence that the
organization has a well-established quality management system in place and
is committed to continuous improvement.

11.3 BENEFITS OF IMPLEMENTING ISO 9000

The benefits of implementing an ISO 9000 quality management system
include:

• Improved customer satisfaction

• Increased efficiency and effectiveness
• Improved communication within the organization
• Better risk management
• Increased competitiveness
• Enhanced reputation and credibility

The implementation of an ISO 9000 quality management system can bring

numerous benefits to an organization.

Improved customer satisfaction: By focusing on meeting customer

requirements and continually improving quality, organizations can increase
274
customer satisfaction and loyalty. ISO 9000 Quality
Management System
Increased efficiency and effectiveness: The use of a process-based approach
and continuous improvement principles can help organizations streamline
processes, reduce waste and errors, and increase efficiency and effectiveness.

Improved communication: ISO 9000 emphasizes the importance of clear

and effective communication within the organization, which can lead to
improved collaboration and teamwork.

Better risk management: The process approach and continuous improvement

principles of ISO 9000 can help organizations identify and mitigate potential
risks, leading to improved decision making and reduced risk of negative
consequences.

Increased competitiveness: ISO 9000 certification can enhance an

organization’s reputation and credibility, making it more attractive to
customers and suppliers, and providing a competitive advantage in the
marketplace.

Enhanced reputation and credibility: ISO 9000 certification is widely

recognized and respected, and can demonstrate to customers, suppliers, and
stakeholders that an organization is committed to quality and continuous
improvement.

Improved employee motivation: The engagement of people principle of ISO

9000 recognizes the importance of involving and empowering employees in
the quality management process. This can lead to increased job satisfaction,
motivation, and engagement.

Overall, the implementation of an ISO 9000 quality management system can

help organizations improve their processes, increase efficiency, and enhance
their reputation and credibility, leading to improved customer satisfaction,
increased competitiveness, and long-term success.

ISO 9000 certification is a journey, not a destination, and organizations must

be committed to maintaining and continually improving their quality
management systems to retain their certification.

Activity 1

In the above section we discussed the benefits an organization could derive

from implementing ISO 9000 QMS. Think of your own organisation,
and list the benefits it would derive from implementing QMS.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................ 275
ISO 9000 Quality
Management System
11.4 DIFFERENT ISO 9000 SERIES
The ISO 9000 series is a family of international standards for quality
management systems. The series provides a set of guidelines and requirements
for organizations to ensure that their products and services consistently meet
customer requirements and that quality is continually improved. The main
principles of the ISO 9000 series are customer focus, leadership, engagement
of people, process approach, improvement, evidence-based decision making,
and relationship management.

The main standards within the ISO 9000 series are:

ISO 9001:2008 is an international standard for quality management systems

(QMS) that provides a framework for organizations to consistently deliver
products and services that meet customer and regulatory requirements. It was
first published in 1987 and has since become widely recognized and adopted
by organizations in various industries around the world.

The standard provides a set of requirements for a QMS, which includes

documentation of processes, responsibilities, and resources; systematic
approach to managing processes and identifying opportunities for
improvement; and objective evidence of the organization’s ability to
consistently meet customer requirements. Organizations that meet the
requirements of ISO 9001:2008 are eligible for certification by a third-party
certification body, which provides independent assurance that the
organization’s QMS is in compliance with the standard.

The benefits of implementing ISO 9001:2008 are numerous and can have a
significant impact on an organization’s success. Some of the key benefits
include:

Improved customer satisfaction: By consistently meeting customer

requirements, organizations can increase customer satisfaction, which can
lead to increased customer loyalty and repeat business.

Enhanced reputation: Organizations that are certified to ISO 9001:2008 can

demonstrate their commitment to quality and customer satisfaction, which
can enhance their reputation and credibility in the marketplace.

Increased efficiency and effectiveness: By systematically managing

processes and identifying opportunities for improvement, organizations can
increase efficiency and effectiveness, which can result in cost savings and
increased competitiveness.

Improved risk management: By establishing a systematic approach to

managing processes, organizations can identify potential risks and take
appropriate corrective and preventive actions, which can reduce the likelihood
of negative outcomes and increase their resilience in the face of adverse events.
276
Improved communication and collaboration: ISO 9001:2008 requires ISO 9000 Quality
Management System
organizations to establish clear lines of communication and collaboration
within the organization, which can lead to increased cooperation and
coordination among employees.

Increased employee engagement: By involving employees in the

implementation and maintenance of the QMS, organizations can increase
employee engagement, which can lead to increased job satisfaction and
motivation.

The standard consists of eight quality management principles, which provide

the foundation for the requirements of the standard. These are:

Customer focus: Organizations must understand and meet customer

requirements and strive to exceed customer expectations.

Leadership: Organizations must establish a leadership style that promotes

the QMS and supports its implementation and continuous improvement.

Involvement of people: Organizations must involve employees in the

implementation and maintenance of the QMS, which can lead to increased
job satisfaction and motivation.

Process approach: Organizations must manage processes systematically and

in a manner that meets customer and regulatory requirements.

System approach to management: Organizations must establish a systematic

approach to managing the QMS, which includes documentation of processes,
responsibilities, and resources.

Continuous improvement: Organizations must continuously evaluate the

QMS and identify opportunities for improvement, which can lead to increased
efficiency and effectiveness.

Factual approach to decision making: Organizations must make decisions

based on objective evidence and relevant data, which can lead to improved
risk management and increased accuracy and consistency.

Mutually beneficial supplier relationships: Organizations must establish

mutually beneficial relationships with suppliers, which can lead to increased
efficiency and effectiveness.

ISO 9001:2008 is an international standard for quality management systems

that provides a framework for organizations to consistently deliver products
and services that meet customer and regulatory requirements.

ISO 9001:2015 - This is the most widely used standard in the ISO 9000 series
and provides the requirements for a quality management system. Organizations
that meet the requirements of ISO 9001:2015 can be certified by a third-party
certification body, demonstrating their commitment to quality and continuous
improvement. 277
ISO 9000 Quality The standard is based on seven quality management principles, including:
Management System
customer focus, leadership, engagement of people, process approach,
improvement, evidence-based decision making, and relationship management.
These principles provide the foundation for the requirements of the standard,
which are organized into five sections:

Context of the organization - This section requires organizations to

understand the internal and external context in which they operate and to
consider the needs and expectations of their stakeholders.

Leadership - This section requires top management to demonstrate leadership

and commitment to the quality management system by establishing policies
and objectives, ensuring that the necessary resources are available, and
communicating the importance of meeting customer and regulatory
requirements.
Planning - This section requires organizations to plan and establish processes
necessary to achieve their quality objectives and to ensure the effective
operation and control of their quality management system.
Support - This section requires organizations to provide the resources and
infrastructure necessary to achieve their quality objectives and to ensure that
the quality management system is effectively implemented and maintained.
Operation - This section requires organizations to implement and control
processes to meet customer requirements and to continually improve their
quality management system.
Performance evaluation - This section requires organizations to monitor,
measure, and evaluate their performance and the effectiveness of their quality
management system, and to take appropriate corrective and preventive actions.
Improvement - This section requires organizations to continually improve
their quality management system, taking into account the results of
performance evaluations and the changes in the internal and external context
of the organization.
The standard also includes a number of annexes that provide additional
information and guidance on the requirements of the standard.
The benefits of implementing an ISO 9001:2015 quality management system
include improved customer satisfaction, increased efficiency and effectiveness,
improved communication within the organization, better risk management,
increased competitiveness, and enhanced reputation and credibility.
Additionally, organizations that are certified to ISO 9001:2015 are recognized
as being committed to quality and continuous improvement, and their
certification can provide a competitive advantage in the marketplace.
However, it is important to note that ISO 9001:2015 certification is not a
one-time event, but rather a continuous journey of improvement. Organizations
278
must be committed to maintaining and continually improving their quality ISO 9000 Quality
Management System
management systems to retain their certification. This requires ongoing review
and evaluation of processes, identification of areas for improvement, and
implementation of corrective and preventive actions to ensure the effectiveness
and continued improvement of the quality management system. ISO 9001:2015
provides a comprehensive framework for organizations to establish and
maintain a quality management system that meets customer requirements and
promotes continuous improvement.
ISO 19011:2018 is a standard within the ISO 9000 series of international
standards for quality management systems. It provides guidance for
organizations on how to continually improve the performance of their quality
management system. The standard is applicable to any organization, regardless
of its size, type, or location, and is designed to complement the requirements
of ISO 9001:2015.

The standard is based on seven quality management principles, including:

customer focus, leadership, engagement of people, process approach,
improvement, evidence-based decision making, and relationship management.
These principles provide the foundation for the requirements of the standard

The standard provides guidance on a number of areas related to quality

management, including customer satisfaction, continuous improvement,
leadership, and the involvement of people. The standard also provides guidance
on the performance measurement and analysis of the quality management
system, including the use of tools and techniques such as benchmarking and
statistical analysis.

One of the key benefits of implementing ISO 9004:2018 is improved customer

satisfaction. By focusing on meeting the needs and expectations of customers,
organizations can increase customer loyalty and reduce customer complaints.
This can lead to increased sales and revenue and can enhance the organization’s
reputation in the marketplace. Another benefit of implementing ISO 9004:2018
is improved efficiency and effectiveness. By establishing and maintaining an
effective quality management system, organizations can reduce waste, improve
processes, and increase productivity. This can lead to improved profitability
and competitiveness.

In addition to these benefits, implementing ISO 9004:2018 can also improve

communication within the organization. By establishing clear policies,
objectives, and processes, organizations can ensure that everyone within the
organization is working towards the same goals and objectives. This can lead
to improved teamwork and collaboration and can enhance the overall
performance of the organization.

Finally, ISO 9004:2018 can also improve risk management. By establishing

processes for identifying, assessing, and managing risks, organizations can
reduce the likelihood of negative outcomes and can increase their resilience 279
ISO 9000 Quality in the face of adverse events. ISO 9004:2018 provides guidance for
Management System
organizations on how to continually improve the performance of their quality
management system.

ISO 19011:2018 is an international standard for auditing management systems.

It provides guidance for conducting internal and external audits of quality,
environmental, health and safety, and other management systems. The standard
is applicable to all organizations that want to ensure the effectiveness of their
management systems and to improve their performance.

The standard is divided into two parts: the first part provides guidance on the
principles of auditing, including the roles and responsibilities of auditors and
audit teams, and the second part provides guidance on the management of an
audit program, including the planning, conducting, reporting, and follow-up
of audits.

One of the key benefits of using ISO 19011:2018 is improved management

system performance. By conducting internal and external audits, organizations
can identify areas for improvement and take appropriate corrective and
preventive actions. This can lead to improved efficiency, effectiveness, and
customer satisfaction. Another benefit of using ISO 19011:2018 is increased
transparency and credibility. By conducting audits in accordance with the
standard, organizations can demonstrate their commitment to continuous
improvement and can provide evidence of their compliance with relevant
regulations and standards. This can enhance the organization’s reputation and
credibility in the marketplace.In addition to these benefits, ISO 19011:2018
can also improve risk management. By identifying potential risks and taking
appropriate corrective and preventive actions, organizations can reduce the
likelihood of negative outcomes and can increase their resilience in the face
of adverse events.

ISO 19011:2018 is an international standard for auditing management systems

that provides guidance for conducting internal and external audits of quality,
environmental, health and safety, and other management systems. The standard
is applicable to all organizations that want to ensure the effectiveness of their
management systems and to improve their performance. By using ISO
19011:2018, organizations can improve their management system
performance, increase transparency and credibility, and improve risk
management. These benefits can lead to improved efficiency, effectiveness,
and customer satisfaction, and can enhance the organization’s reputation and
credibility in the marketplace.

11.5 DOCUMENTATION OF ISO 9001 QMS

ISO 9001 is an internationally recognized standard for quality management
systems that provides a framework for organizations to consistently meet
280 customer requirements and enhance customer satisfaction. One of the key
components of an ISO 9001-compliant quality management system (QMS) is ISO 9000 Quality
Management System
documentation. Proper documentation is essential for organizations to implement
and maintain an effective QMS and demonstrate their commitment to quality.

• Documentation serves several important purposes in an ISO 9001 QMS.

First, it provides a clear and concise representation of an organization’s
processes, responsibilities, and resources. This helps ensure that everyone
involved in the QMS understands their roles and responsibilities and is
able to carry out their work effectively.

• Second, documentation helps organizations to monitor and control their

processes, identify areas for improvement, and track their progress. For
example, an organization may use internal audit records to track the results
of internal audits and the follow-up actions taken to address any non-
conformities identified.

• Third, documentation helps organizations to demonstrate their compliance

with ISO 9001. This is especially important for organizations that want
to obtain certification to ISO 9001, as certification bodies typically require
organizations to provide evidence of their compliance with the standard,
including documentation of their QMS processes.

There are several types of documentation that organizations need to develop

and maintain as part of an ISO 9001-compliant QMS which includes:

Quality manual: The quality manual is a top-level document that provides

an overview of the organization’s QMS and how it complies with the
requirements of ISO 9001. The manual should describe the scope of the QMS,
the processes involved, and the relationships between processes.

Procedures: Procedures describe in detail the steps involved in each process

and the responsibilities of individuals involved in the process.

Work instructions: Work instructions provide detailed step-by-step

instructions for specific tasks or activities, and are used to ensure consistency
and accuracy in the execution of processes.

Forms and records: Forms and records are used to document information,
such as customer requirements, results of internal audits, and corrective and
preventive actions.

Quality policy: The quality policy is a statement that defines the organization’s
commitment to quality and outlines the objectives and targets for the QMS.

Objectives and targets: Objectives and targets define specific goals for the
QMS and provide a framework for continuous improvement.

Training records: Training records document the training received by

employees, which helps to ensure that they have the necessary knowledge
and skills to perform their duties effectively. 281
ISO 9000 Quality Internal audit records: Internal audit records document the results of internal
Management System
audits and the follow-up actions taken to address any non-conformities
identified.

It is important for organizations to ensure that their documentation is

accessible, up-to-date, and well-organized. This helps ensure that everyone
involved in the QMS can easily find the information they need and that the
QMS remains effective over time. Organizations should also periodically
review and update their documentation to ensure that it remains relevant and
effective.

Documentation is a critical component of an ISO 9001-compliant QMS. Proper

documentation provides a clear and concise representation of an organization’s
processes, responsibilities, and resources, helps to monitor and control
processes, demonstrates compliance with ISO 9001, and provides a framework
for continuous improvement. Organizations should develop and maintain a
comprehensive set of documents, including a quality manual, procedures, work
instructions, forms and records, quality policy, objectives and targets, training
records, and internal audit records, and ensure that they are accessible, up-to-
date, and well-organized.

11.6 METHODS FOR IMPLEMENTING ISO 9001

QMS
ISO 9001 is a widely recognized quality management system (QMS) standard
that provides a framework for organizations to consistently meet customer
requirements and enhance customer satisfaction. Implementing an ISO 9001-
compliant QMS can bring numerous benefits to an organization, including
increased efficiency, improved customer satisfaction, and enhanced reputation.
However, the process of implementing an ISO 9001 QMS can be complex
and requires a systematic approach. In this section, we will discuss some of
the key methods for implementing an ISO 9001 QMS.

Conduct a Gap Analysis: The first step in implementing an ISO 9001 QMS
is to conduct a gap analysis. This involves comparing the current processes
and practices of an organization to the requirements of the ISO 9001 standard.
The gap analysis will help the organization to identify areas where
improvements are needed and to prioritize the implementation of the QMS.

Develop an Implementation Plan: Once the gap analysis is complete, the

next step is to develop a detailed implementation plan. The implementation
plan should outline the steps involved in implementing the QMS, including
the development of policies, procedures, and processes, the training of
employees, and the development of forms and records.

Establish a Quality Management Team: The next step is to establish a quality

282
management team, consisting of representatives from all departments within ISO 9000 Quality
Management System
the organization. The quality management team is responsible for ensuring
that the QMS is implemented effectively and for driving continuous
improvement.

Develop Policies and Procedures: The next step is to develop policies and
procedures that are compliant with the ISO 9001 standard. The policies and
procedures should be based on the gap analysis and the implementation plan
and should outline the steps involved in each process and the responsibilities
of individuals involved in the process.

Train Employees: It is essential to train employees on the new policies and

procedures to ensure that they understand their roles and responsibilities and
are able to carry out their work effectively. The training should include both
classroom-style training sessions and on-the-job training.

Implement Processes: The next step is to implement the processes outlined

in the policies and procedures. The implementation of processes should be
monitored and controlled, and any deviations should be recorded and
addressed.

Conduct Internal Audits: Internal audits are an important component of an

ISO 9001 QMS. Internal audits are conducted to assess the effectiveness of
the QMS and to identify areas for improvement. The results of internal audits
should be documented and follow-up actions taken to address any non-
conformities identified.

Monitor and Improve: Once the QMS is implemented, it is important to

monitor and improve the processes on an ongoing basis. This can be achieved
through the use of metrics and continuous improvement programs, such as
kaizen or Six Sigma.

Seek Certification: If an organization wants to demonstrate its compliance

with the ISO 9001 standard, it can seek certification from a certification body.
The certification body will conduct an audit to assess the organization’s
compliance with the standard and will issue a certificate if the organization is
found to be in compliance.

Implementing an ISO 9001 QMS requires a systematic approach. The key

methods for implementing an ISO 9001 QMS include conducting a gap
analysis, developing an implementation plan, establishing a quality
management team, developing policies and procedures, training employees,
implementing processes, conducting internal audits, monitoring and improving
processes, and seeking certification if desired. Organizations that implement
an ISO 9001 QMS effectively can expect to see numerous benefits, including
increased efficiency, improved customer satisfaction, and enhanced reputation.

283
ISO 9000 Quality Activity 2
Management System
Think of your own organization in terms of implementing ISO 9001 QMS.
Prepare a detailed action plan for the organization as a whole.

.........................................................................................................................

.........................................................................................................................

.........................................................................................................................

.........................................................................................................................

11.7 SUMMARY
ISO 9000 Series of International Standards on Quality Management System
are generic standards and can be applied to any organization irrespective of
its size or the complexity of its operations. These lay down the basic
requirements for quality to be implemented but do not specify how can these
be implemented. “ Principal cqncepts are firstly, to prevent things from going
wrong than spending time and money in repair and rework etc to bring it to
specifications and secondly, to have a system of continuous improvement.
Benefits of implementing the ISO 9001QMS have also been described in this
section. The requirements of ISO 9001 provide the framework for
implementing the QMS. ‘Management responsibility’ includes laying down
of quality policy, organization, responsibility and authority of major
functionaries, providing resources for QMS, nomination of Management
Representative (MR), and the methodology of conducting Management
Reviews. The ISO Certificate is valid for three years and during this period
certification agency carries out a surveillance audit every six months. For
very small units surveillance audit may be carried out yearly.

11.8 KEY WORDS

Entity Item : That which can be individually described and considered.
Product : Result of activities or processes.
ISO 9000 : This is the most widely used standard in the ISO 9000 series
and provides the requirements for a quality management
system.

11.9 SELF-ASSESSMENT QUESTIONS

1. What are the Principal Concepts of ISO 9000 QMS?

2. How does ISO 9001 ensure clarity of customer requirements?

3. What is the need for documentation in IS0 9000 QMS? What are its
advantages?
284
4. How will you plan development of IS0 9000 QMS documentation in your ISO 9000 Quality
Management System
organization?

5. What do you understand by stabilisation, when the documented system

has been implemented?

11.10 FURTHER READINGS

• Abuhav, I. (2021). ISO 9001: 2015 - A Complete Guide to Quality Management
Systems. United Kingdom: Taylor & Francis Limited.

• Hoyle, D. (2017). ISO 9000 Quality Systems Handbook: Updated for the ISO
9001 - 2015 Standard - Increasing the Quality of an Organization’s Outputs.

• Stamatis, D. (2018). Understanding ISO 9000 and Implementing the Basics

to Quality. Routledge.
• Total Quality Management - I. (2017). Introduction to ISO 9000 . YouTube.
https://www.youtube.com/watch?v=drE_8lGF2Hs

285
ISO 9000 Quality
Management System
UNIT 12 ISO 14001 ENVIRONMENTAL
MANAGEMENT SYSTEM
Objectives
After reading this unit you should be able to:
• Describe the need for Environmental Management System (EMS);
• discuss the requirements of ISO-14000;
• explain the documentation requirement for implementing ISO-14000
• discuss the steps involved in developing EMP.
Structure
12.1 Introduction
12.2 Concept of EMS
12.3 Core Elements of EMS
12.4 Need for EMS
12.5 ISO 14000
12.6 ISO 14001
12.7 Developing EMS based on ISO 14001 QMS
12.8 Activities of EMS
12.9 Role of Management in EMS
12.10 Summary
12.11 Key Words
12.12 Self-Assessment Questions
12.13 Further Readings

12.1 INTRODUCTION
There is a great amount of concern all over the world about the depletion of
the earth’s resources and pollution of the environment through industrial
activities. Laws have been enacted to contain pollution. But in spite of punitive
measures imposed under the law, the industry continues to violate the
prescribed pollution control norms. On the other hand, the world’s population
is expected to grow to10 billion by the year 2030. This is almost three times
the population as existed in the year 1950. The growing population and the
rapid industrial growth are depleting the earth’s resources at a pace which is
totally unsustainable. During the 1960s, in spite of the widespread realization
regarding finite nature of earth’s resources, the industry continued to have a
relationship of conflict with the environment and looked at environmental
concerns as a nuisance. During the70s and 80s as the legislation grew stronger
286 the industry viewed the environment as antigrowth because legislation forced
industry to go for end-of-the-pipe solutions to contain pollution. The ISO 14001
Environmental
combination of business and environmental aspects started after the 1972 U.N.
Management System
Conference on Human Environment. During this conference “World
Commission on Environment and Development” was created. This commission
popularly known as Brundtland Commission took up the task of reassessing
the environment in the context of development and published its report “Our
Common Future” in the year 1987. The appreciation for a possible sustainable
development dawned in the 1990s when environmental concerns started to
be viewed as serious issues with opportunities and risks. This realization
resulted in a pro-active approach by the industry to manage the environmental
issues. U.N. Conference on Environment and Development (UNCED), the
Earth Summit was held in Rio-deJaneiro in June 1992 to consider how the
world could move towards sustainable development. The outcome of the Earth
Summit was Agenda-21, a worldwide commitment at the highest levels to
move towards sustainable development. Subsequent to this. Since the mid-
eighties industries have started recognizing the need for a proactive approach
and the benefits of such an approach in terms of enhanced corporate image,
increased profits and competitiveness and reduced costs. Britain had taken
the lead in coming out with a British Standard on Environmental Management
System - BS 7750. Pafallely, Eco Management and Audit Scheme (EMAS)
was adopted in European countries. International Organization for
Standardization, popularly known as ISO, where all the countries participate
and develop standards by consensus, came out with ISO-14001 Environmental
Management System Standard in the year 1996. This EMS standard is generic
in nature and may be adopted by any organization for EMS certification on a
voluntary basis. By adopting an EMS, environmental issues can be addressed
in a systematic manner and environmental care can be integrated with the
business plan making it an integral part of daily operations of the organization.
This unit discusses Environmental Management System, its purpose, ISO 1400
EMS and how to develop it.

12.2 CONCEPT OF EMS

EMS stands for Environmental Management System, a framework that helps
organizations to manage their environmental responsibilities in a systematic
and structured manner. It provides a systematic approach to identify and control
the environmental impacts of an organization’s activities, products, or services
and to ensure compliance with environmental regulations and laws.
ISO 14001 is the international standard for Environmental Management
Systems, and it provides organizations with a systematic approach to manage
their environmental impact. It outlines the requirements for an Environmental
Management System and provides guidance on how to implement, maintain
and improve an EMS. The standard covers all aspects of an organization’s
activities that have an impact on the environment, including the use of energy,
water, raw materials, waste management, and transportation.
The implementation of an EMS has several benefits, including:
Legal Compliance: An EMS helps organizations to comply with relevant
287
ISO 9000 Quality environmental laws and regulations. This helps to reduce the risk of legal
Management System penalties and protects the organization’s reputation.
Improved Environmental Performance: An EMS provides a structured
approach to identify and manage environmental impacts, which leads to
improved environmental performance. This helps to reduce waste, conserve
resources and reduce emissions.
Cost Savings: By improving environmental performance, organizations can
reduce their resource use and waste, which can lead to cost savings.
Increased Competitiveness: Companies with a well-established EMS can
demonstrate their commitment to environmental sustainability, which can
increase their competitiveness and improve their reputation.
Improved Relationships with Stakeholders: An EMS helps organizations
to engage with their stakeholders, including customers, suppliers, and
regulators, and to understand their environmental concerns. This helps to
improve relationships and build trust.

12.3 CORE ELEMENTS OF EMS

There are certain core elements which are to be followed to implement the
Environmental Management System. These are as follows:
Environmental Policy: The environmental policy sets out the organization’s
commitment to environmental sustainability and the objectives and targets
that it aims to achieve.
Environmental Aspects and Impacts: This involves identifying the
environmental aspects and impacts of the organization’s activities, products,
or services. This helps to understand the organization’s environmental footprint
and the areas where it can make the greatest impact.
Legal and Other Requirements: This involves identifying the environmental
regulations and laws that apply to the organization and ensuring that it complies
with these requirements.
Objectives, Targets and Programmes: The organization sets objectives and
targets to reduce its environmental impact and implements programmes to
achieve these objectives.
Management Programmes: The EMS includes management programs, such
as waste management, energy management, and transportation management,
to help the organization manage its environmental impact.
Structure and Responsibility: The EMS outlines the roles and responsibilities
of individuals within the organization and the structure of the EMS.
Training and Awareness: The EMS includes training and awareness
programmes to help employees understand their environmental responsibilities
and how they can contribute to the success of the EMS.
Communication: The EMS includes processes for communicating with
288
stakeholders about the organization’s environmental performance and the steps ISO 14001
Environmental
it is taking to reduce its environmental impact.
Management System
Monitoring and Measuring: The EMS includes processes for monitoring
and measuring the organization’s environmental performance, identifying
areas for improvement, and taking corrective action where necessary.

12.4 NEED FOR ADOPTING EMS

The need for adopting an Environmental Management System (EMS) has
become increasingly important in today’s society as organizations are under
increasing pressure to reduce their environmental impact and to comply with
environmental regulations and laws. An EMS provides a structured and
systematic approach to managing an organization’s environmental
responsibilities, which can bring many benefits to organizations, including
improved environmental performance, cost savings, increased
competitiveness, and improved relationships with stakeholders.
The implementation of an EMS requires the commitment of senior
management, who must ensure that the EMS is integrated into the
organization’s operations, and that all employees are aware of their
environmental responsibilities. The implementation of an EMS also requires
investment, which can include the cost of developing and implementing the
EMS, and the cost of training and awareness programs for employees.
Organizations that adopt an EMS can demonstrate their commitment to
environmental sustainability, which can enhance their reputation and increase
their credibility. The ultimate goal of an EMS is to help organizations to
achieve sustainable development by balancing their economic, social and
environmental responsibilities

12.5 ISO 14000

The basics of the ISO 14001 standard is a core component of of ISO 14000,
which lays out the guidelines for implementing an environmental management
system (EMS). ISO 14004, standard provides additional insight and specialized
standards for implementing an EMS.
The key standards which are included in ISO 14000 are as follows:
• ISO 14001: Specification of Environmental Management Systems
• ISO 14004: Guideline Standard
• ISO 14010 – ISO 14015: Environmental Auditing and Related Activities
• ISO 14020 – ISO 14024: Environmental Labeling
• ISO 14031 and ISO 14032: Environmental Performance Evaluation
• ISO 14040 – ISO 14043: Life Cycle Assessment
• ISO 14050: Terms and Definitions
ISO 14000 is an environmental management system which contains 289
ISO 9000 Quality requirements for achieving and maintaining environmentally sound standards
Management System of doing business. In this the complete business process is considered starting
from product manufacturing to product performance and, ultimately, product
disposal. ISO 14001 is often used interchangeably with ISO 14000 and is the
core component of ISO 14000.

12.6 ISO 14001

ISO 14001 is an international environmental management system standard
that provides a framework for organizations to manage their environmental
responsibilities and improve their environmental performance. The standard
was first published in 1996 and is currently in its fourth edition, ISO
14001:2015. The purpose of ISO 14001 is to help organizations systematically
manage their environmental impacts and ensure that they are operating in an
environmentally sustainable manner.
To be certified to ISO 14001, an organization must demonstrate that it has
established and maintained an EMS that meets the requirements of the
standard. The certification process involves a third-party audit by an accredited
certification body to verify that the organization’s EMS is in compliance with
the standard.

12.7 DEVELOPING EMS BASED ON ISO 14001 QMS

The process for developing an Environmental Management System (EMS)
based on ISO 14001 involves several steps, which are as follows:
Establish a Steering Committee: This committee is responsible for providing
guidance and direction to the development and implementation of the EMS.
It should include senior management representatives, key employees, and other
stakeholders who have an interest in the success of the EMS.
Conduct a Baseline Assessment: This involves an analysis of the
organization’s current environmental performance, legal and regulatory
requirements, and stakeholder expectations. The objective of this assessment
is to identify the organization’s environmental aspects, impacts, and risks,
and to determine the initial scope of the EMS.
Develop the Environmental Policy: This policy sets out the organization’s
commitment to environmental protection, its objectives and targets, and the
framework for its EMS. The policy should be communicated to all employees,
stakeholders, and other interested parties.
Identify Legal and Other Requirements: This involves the identification
of all relevant environmental legislation and regulations, as well as any other
environmental requirements that the organization must comply with.
Develop the EMS Documentation: This includes the development of
procedures, processes, and records that describe how the organization will
manage its environmental responsibilities and achieve its environmental
objectives and targets. The documentation should be based on the structure
290 of ISO 14001 and should include a description of the organization’s
environmental policy, environmental aspects, objectives and targets, and the ISO 14001
Environmental
processes for monitoring, measurement, and improvement.
Management System
Implement the EMS: This involves the training of employees, the
development of training programs, the communication of the EMS to
stakeholders, and the establishment of a system for monitoring and measuring
the organization’s environmental performance.
Conduct Internal Audits: This involves the regular assessment of the
organization’s EMS by trained internal auditors. The objective of these audits
is to assess the effectiveness of the EMS, to identify areas for improvement,
and to provide feedback to senior management.
Undergo External Certification Audit: This involves an assessment of the
organization’s EMS by an independent third-party certification body. The
objective of this audit is to determine whether the organization’s EMS meets
the requirements of ISO 14001 and to provide a certificate of conformity if
the organization is found to be in compliance with the standard.
Monitor and Measure Environmental Performance: This involves the
regular measurement and monitoring of the organization’s environmental
performance, and the use of this information to identify areas for improvement
and to refine the EMS.
Review and Continual Improvement: This involves the regular review of
the EMS by senior management, the identification of areas for improvement,
and the implementation of improvement programs to enhance the
organization’s environmental performance.
Let us now understand how EMS can actually be developed.Take a close
look at your Activities, Products and Services (APS) to identify the ones that
interact with the environment.
Representative categories of activities, products and services may be selected
to arrive at workable number of issues. These activities, products, and services
that interact with the environment are known as environmental aspects.
The following areas need to be considered while identifying the aspects:
1. Discharge to water
2. Emissions to air
3. Contamination of land
4. Waste Management
5. Use of natural resources (materials)
6. Local Environmental Regulatory issues
These are the “Aspects” that you have identified. Next step is to analyse how
these aspects are impinging the environment or in other words what is the’’
IMPACT” that these aspects are creating on environment. A (tabular) record
as given in Table 12.1 is desirable:
291
ISO 9000 Quality Table 12.1 : Products, Environmental Aspects and Their Impact
Management System

After the environmental impacts have been identified, these need to be

evaluated. The most commonly adopted method of prioritizing the impacts is
Risk Assessment.
• The following factors are considered:
• Likelihood of occurrence
• Likelihood of detection
• Severity of consequences

Environmental Risk Rating, (ERR) = (A + B) x C

Keeping in view the resources available, you may now choose the impacts
that you would like to address.
Normally, the impacts relating to regulatory requirements, and those having
higher ERR are picked up for, design of EMS. You must limit the number of
impacts to suit your budget.
While prioritizing the impacts, following factors should be considered:
• Overall business plans
• ERR of the impacts
• Technological options available
• Concerns of interested parties
• Regulatory and legal requirements
• Difficulty of changing the impact
• Cost of changing the impact
• Effect of changes on other activities
292
• Effect on public image ISO 14001
Environmental
The basis for designing your EMS is now ready. Based on the identified and Management System
chosen aspects, impacts, define and document your Environment Policy
reflecting broad long term goals with commitment to:
• Meet applicable legislative and regulatory requirements
• Achieve continual improvement
• Minimize or prevent pollution
The policy states your major environmental/concerns and is specific to your
organization.
The next step is to set and document environment objectives and targets
reflecting medium term strategic plans. The factors that must be considered
are:
• Legal and regulatory requirements
• Identified and chosen significant environmental aspects
• Technological options available
• Financial, operational and business requirements
• Views of interested parties
Based on the above, management decides what needs to be done. This results
in setting of objectives. Setting of multiple objectives with varying target
dates is desirable to meet the requirement of continual improvement.
Next step is to establish and maintain Environmental Management
Programs (EMP) which are short term Action Plans for achieving objectives
and targets. This is how we narrow down from broad term goals (the policy)
through objectives and targets (medium term strategic plans) to Environment
Management Programs (short term action plans). The analysis of (Initial
Environment Review) IER is carried out by Senior Management or by
Environmental working Group, who report their results for approval by Senior
Management, the objective setting is done at all relevant functional levels of
the organisztion. For example, a corporate objective to reduce water
consumption may result in different targets for each department depending
on the scope for reduction within each area. The concerned departmental
managers and staff working under them get involved in target setting for each
department. It is desirable to involve the staff during this phase of target setting,
as it would create commitment to achieve the targets.
Environment Management Program is a dynamic short term plan which
identifies the actual actions to be carried out to meet the annual targets in
attaining the set objectives. It spells out
• Specific actions
• Defined schedules
• Allocation of staff and financial resources 293
ISO 9000 Quality • Individual and group responsibilities
Management System
• Development of skills
• Review end reporting system
Environment Management Programme could be summarized as follows:

`
2023

Similar EMPs are spelled out for each Division. with action plans, responsibilities,
budget allocations and time frames.
Finally a system for review and reporting the progress has to be put in place. For
day to day working of the organization, environment procedures have to be
identified. Initial Environment reviews (IER) can be used as the basis for
identification of activities where documented procedures are necessary. Procedures
are likely to be required for the following:
• Day-to-day activities and arrangements, abnormal working and emergency
situations
• Monitoring and control arrangements and activities
• Procurement activities
• Processes and other activities
• Internal and external communication
• EMS Document control
• Monitoring, measurement and record
• Environmental audits
• Corrective and preventive actions
• Management Reviews
Procedures set out the methods and arrangements for carrying out specific jobs to
achieve desired results, whilst restricting environmental impacts to acceptable
limits. The environmental procedures (under ISO14000) need to be merged with
existing procedures of ISO-9000 (if the system exists).
A tailor made system is now ready for implementation. You can launch it to reap
the benefits of reduced wastage, improved utilization of resources, increased
profitability and above all a responsible environmental stewardship.

294
 ISO 14001
Activity 1 Environmental
Management System
Develop an Environmental Management Programme for a manufacturing
organization of your choice.
..................................................................................................................
..................................................................................................................
..................................................................................................................
..................................................................................................................

12.8 ACTIVITIES OF EMS

EMS covers virtually all business and management activities within the
organization:
Marketing: With increased awareness, the consumers have started expecting
a certain environmental performance from the products they purchase.
Products which have potential to damage the environment may be subject to
international regulation or consumer boycotts. Markets can shift very rapidly
once, for example, a government has decided to ban or limit a particular
product, an intermediate input or a waste material because of its pollution
potential. Even if the organization does not sell directly to the public, marketing
managers need to understand bow these issues can affect their relations with
major customers, such as multinationals that do sell to the final customer and
who must meet certain environmental criteria simply to maintain access to
these markets.
Design and Development: Criteria should be considered in product design
to meet customer requirements, regulatory requirements, international
standards, or to ensure that products have minimal environmental effects
throughout their life-cycle, from design and raw material use, through
manufacturing to distribution, product use and final disposal.
Manufacturing: Cleaner production and pollution control are obvious issues
for the EMS. Other issues may include safety, the prevention or mitigation of
accidents, and the prevention of long-term, gradual environmental damage
from the enterprise’s activities or products. Those responsible for man-
fracturing should be able to design the EMS to help control the environmental
aspects related to manufacturing processes, including, for example, the
selection of appropriate technologies, equipment and techniques.
Finance: Finance directions of the organization need to work more closely
with the organization’s planners to determine the overall financing needs of
projects and understand how environmental issues can affect project approvals
and the time necessary for receiving these approvals. Obtaining financing for
projects at favourable rates depends on their ability to demonstrate that their
organization can control risks, including I environmental risks.
Planning and development: Obtaining permission for new projects as well
as for the expansion of existing operations today often requires completing 295
ISO 9000 Quality an environmental impact assessment and making performance guarantees. In
Management System many parts of the world, property transactions can result in the acquisition of
pollution liabilities from previous activities on the site that must be taken
into account and considered as liability of the buyer organization.
Management of distribution (retail and wholesale): Requirements
governing packaging and product materials, recovery and recycling place new
demands on distributors in a number of major markets around the globe. These
aspects must be considered while designing the products and thief packaging.

12.9 ROLE OF MANAGEMENT IN EMS

The role of management in an Environmental Management System (EMS) is
critical to its success and implementation. It is the responsibility of
management to provide leadership, support, and direction to the entire
organization in establishing, implementing, maintaining and continually
improving the EMS. Here are some key roles and responsibilities of
management in EMS:
Leadership: The management must provide leadership and demonstrate a
commitment to environmental protection by setting environmental goals,
policies, and objectives that are consistent with the organization’s
environmental impact and the context in which it operates.
Policy and objectives: The management must develop, implement, and
maintain an environmental policy that establishes the organization’s
commitment to environmental protection. Objectives and targets must be set
that support the policy and are measurable, consistent with the organization’s
environmental impact, and subject to periodic review.
Allocation of resources: The management must allocate adequate resources,
including personnel, time, and funds, to implement and maintain the EMS.
Communication: The management must ensure that relevant information
about the EMS is communicated to all employees and relevant interested
parties, including customers, suppliers, and the public.
Responsibility and authority: The management must assign responsibilities
and authorities for environmental management activities to relevant personnel
and ensure that they have the necessary training, resources, and support to
perform their duties effectively.
Environmental performance evaluation: The management must establish,
implement and maintain processes to evaluate its environmental performance,
including the performance of its EMS, and use the results of this evaluation
to make continuous improvements.
Internal audit: The management must establish, implement, and maintain
processes for conducting internal audits to assess the effectiveness of the EMS.
Management review: The management must regularly review the EMS to
ensure its continued suitability, adequacy, and effectiveness, and take
296 appropriate action to address any deficiencies identified.
 ISO 14001
12.10 SUMMARY Environmental
Management System
The process for developing an EMS based on ISO 14001/14000 is a systematic
and continuous process that involves the engagement of senior management,
employees, stakeholders, and other interested parties. By implementing an
EMS based on ISO 14001, organizations can demonstrate their commitment
to environmental protection, meet their legal and regulatory requirements,
and improve their environmental performance over time.
The activities covered under an EMS are designed to enable an organization
to manage its environmental responsibilities in a systematic and continuous
manner. In conclusion, the management has a crucial role in the successful
implementation and maintenance of an EMS based on ISO 14001. By
providing leadership, support, and direction, the management can ensure that
the organization has a robust and effective EMS in place that meets the needs
of the organization and its stakeholders.

12.11 KEY WORDS

Environmental Management : The part of the overall management system
System that includes organizational structure,
planning activities, responsibilities,
practices, procedures, processes and
resources for developing, implementing,
achieving, viewing and maintaining the
environmental policy.
Environmental management : A systematic and documented verification
system audit process of objectively obtaining and
evaluating evidence to determine whether
an organisztion’s environmental
management system conforms to the
environmental management system audit
criteria set by the organization, and for
communication of the results of this
process to management.
Environmental Objective : Overall environmental goal, arising from
the environmental policy, that an
organization sets itself to achieve, and
which is quantified where practicable.
Environmental Performance : Measurable results of the environmental
management system, related to an
organisztion’s control of its environmental
aspects, based on its environmental policy.
objectives and targets.
Environmental Policy : Statement by the organization of its
intentions and principles in relation to its
overall environmental performance which
297
ISO 9000 Quality provides a framework for action and the
Management System setting of its environmental objectives and
targets.
Environmental Target : Detailed performance- requirement,
quantified where practicable, applicable to
the organization or parts thereof, that
arises from the environmental objectives
and that needs to be set and met in order
to achieve the objectives.

12.12 SELF ASSESSMENT QUESTIONS

1. Define Environmental Management System.
2. Why is it necessary for organizations to have EMS?
3. What are the steps involved in developing Environmental Management
Programme (EMP)? Discuss with the help of examples.
4. What are the basic activities of EMS.

12.13 FURTHER READINGS

• Edwards, A. J. (2004). ISO 14001 Environmental Certification Step by Step
(Revised Edition). Netherlands: Elsevier Science.
• Environmental Quality Monitoring & Analysis - Course. (n.d.). https://
onlinecourses.nptel.ac.in/noc23_ch15

• Morris, A. S. (2004). ISO 14000 Environmental Management Standards:

Engineering and Financial Aspects. John Wiley & Sons.
• Sayre, D. A. (2014). INSIDE ISO 14000: The Competitive Advantage of
Environmental Management. CRC Press.
• Woodside, G., & Aurrichio, P. (2000). ISO 14001 auditing manual. New
York: McGraw Hill.

298
 Management Systems
UNIT 13 MANAGEMENT SYSTEMS FOR for Safety
SAFETY
Objectives
After studying this unit, you will be able to understand:
• The need for Safety and Health Management;
• The Approach towards safety;
• System Approach to Management of safety and health;
• General Occupational Health Problems; and
• Control of Health Risks in Industries.
Structure
13.1 Introduction
13.2 Need for Safety and Health in Industry
13.3 Safety Approaches
13.4 Safety Management
13.5 Assessment and Elimination of risk
13.6 Safety Implementation
13.7 General Occupational Health Problems
13.8 Safety and Health Management System
13.9 Summary
13.10 Key Words
13.11 Self-Assessment Questions
13.12 Further Readings

13.1 INTRODUCTION
The significance of Safety and Health in business can be perceived from the
following statement of Peter Ducker "The first duty of business is to survive
- and the guiding principles of business economics is not the maximization of
profits, it is the avoidance of loss". Any accident can lead to the loss of three
Ps i.e., People, Property and Process, which affect the bottom line of a business.
Safety and Health Management deals with the avoidance of such accidents
and thus prevents occurrence of losses.
A systems approach to management of safety and health is very important for
an organization attempting to imbibe a TQM culture. You are all aware that
the overall success of a business enterprise depends on
• The people
• The process; and
• The customers 299
ISO 9000 Quality People: TQM requires involvement of all the people in the organization. The
Management System business activities are perceived, processed and delivered by the people.
Commitment and contribution of people are achieved through various
proactive measures like empowering them, providing training to enhance their
capabilities; and above all recognising their excellent performance.
Performance of the people can be achieved provided management takes care
of their safety and health at the work place.
Process: The business inputs (raw materials) need to be processed to convert
them into value added products. The conversion process may involve use of
machinery and equipment Safety, health and environment and therefore
essential elements to be considered in order that the processes becomes
effective and efficient the processes directly affects the productivity of the
organization. Suppose the& is an accident in a machine shop, the immediate
effect will be loss of production due to downtime of the machine, operators'
injury and curiosity amongst co-workers.
Some chemical processes generate obnoxious fumes in the plant which are a
health hazard. Unless the hazard is removed the people cannot work in the
plant continuously, productivity and quality will be affected.
Customers: In the present scenario customers are becoming more and more
aware about the safety and health problems regarding the products and services
they buy from the suppliers. This is not only true for western customers but
also for Indian customers as well.
The importance of safety and health in relation to TQM can be better
understood by looking at Malcolm Baldrige Criteria for business excellence.
One of the criteria of the Malcolm Baldrige award scheme is Employee well
being and satisfaction. This requires examining how the organization includes
employees' well being factors such as health and safety into its quality
improvement activities. This requires us to understand how the organization
determines the root causes of employee accidents and work place hazards
and how these hazards are eliminated. We will study more in this unit about
managing safety and health in a systematic way.

13.2 NEED FOR SAFETY AND HEALTH IN INDUSTRY

In the introduction we talked about the significance of safety and health in
Total Quality Management. You may still be intrigued with the question "Why
safety and health are so important?"
The answer is evident from the figure 13.1.

Regulatory Employee
Job Security
Agencies Health

Insurance
costs
Why Safety Media

Quality Production

300 Figure 13.1: Need for Safety

The first and foremost concern for safety is employee health. Good health is Management Systems
for Safety
a pre-requisite for commitment to quality work and growth. We need to earn
our livelihood on a continuous basis which again depends on maintenance of
good health. Job security is influenced by ill-health be it due to occupational
hazards or otherwise. Efforts are required to maintain general health and keep
off occupational hazards so that we do not fall ill and are thus unable to attend
to our jobs.
Poor performance on safety may lead to adverse opinion in the publicity
"Media" which ultimately may affect market share. Accidents sometimes cause
downtime of machinery and loss of available man-days which is turn affect
production and profitability of an organization. Poor working conditions and
unsafe acts are also the contributing factors & 'Poor Quality', 'Frequent
accidents' in an industrial plant lead to more spending on worker compensation.
Insurance organization may tend to increase the premium for such industries.
Accidents/fatalities also call for investigation by "regulatory agencies" like
the police, factories inspector, Pollution Control Board representative etc.
This causes avoidable wastage of man-hours.
The urge to prevent loss of people, property and process leads to the
implementation of Safety and Health Management in industry. The losses
due to accidents can be classified into the following major two major categories
of cost (examples are given):
Direct Cost
• Emergency medical care
• Replacement /Repair of damaged equipment
• Payment of compensation to the victims their families.
Indirect Cost
• Loss of production
• Loss of productivity due to follow-up care
• Loss of productivity after resumption of work
• Fellow workers assisting the injured colleague
• Loss of productivity due to inspection / investigation
• Fellow workers watching events and discussing accident, thus leading to
loss of productivity
• Cost of training the replacement worker
• Supervisor's time spent in investigation &preparation of reports
• Time spent with regulatory authorities
All the above elements of cost influence the bottom line of business. More
particularly accident-prone industries do not enjoy reputation as good
employers and find it difficult to engage people. All these factors make it a
must to go in for proper management of safety and health.
301
ISO 9000 Quality Let us look at the following cases to appreciate the need for safety in industry
Management System
i) Suppose in a building construction activity masons are to work at a height
of loft from the ground. As an employer we should provide them with a
safe place to work This means we should make arrangement for proper
scaffolding and a comfortable platform to work at that height. But these
alone are not sufficient to prevent an accident due to a fall. In addition to
this we have to force the contractor to provide necessary personal
protective equipment (PPE) to the workers, like full body harness and tie
it to a life line (firm support) so that the mason can be protected from a
fall hazard.
ii) Let us consider two welders who are to work inside a confined space
(closed tank) How do we ensure that they do not get harmed due to
suffocation? This can be done by using an oxygen analyzer to establish
the availability of oxygen inside the confined space. While welding is
going on (inside), we should arrange for forced ventilation to ensure supply
of oxygen. One person should be outside the confined space to be able to
rescue the person working inside in case of an emergency. Both the cases
highlight examples of situations warranting safety.
Activity 1
Think of any other organization you are familiar with. Make an assessment
of the present safety and health situation. What further safety steps you
would suggest and why?
.................................................................................................................
.................................................................................................................
.................................................................................................................
.................................................................................................................

13.4 SAFETY APPROACHES

From the standpoint of safety management three distinct management styles
can be observed which are as follows:
SWAMP - Safety without Any Management Process (16 % of all organizations)
NORM - The Naturally Occurring Reactive Management (77% of all
organizations). Also known as Reluctant Compliers.
World class - Leaders amongst industries where most are today (7% of all
organizations).
What differentiates the three types?
During the 70s a study was carried out by the National Institute of Occupational
Safety and Health (NIOSH) of U.S.A to understand what made the difference
in the three types of styles described above. It was found that the conventional
safety practices like establishment of a safety committee, adhering to safety
302
rules, promotion of safety, accident investigation and reporting were present Management Systems
for Safety
in all the organizations of three different styles with little degree of variance
(table 13.1). The factors responsible for improved safety performance were:
• Management commitment and ownership
• Planning, interpersonal relations and people's involvement
Thus the Core Management Group need to define the role of safety
management.
Table 13.1: Characteristics of management styles for safety management

13.5 SAFETY MANAGEMENT

General Concept
Management of safety depends heavily on the root cause analysis.
What causes an accident?
Predominantly, two factors either individually or in combination lead to an
accident. They are:
i) Unsafe act, and
ii) Unsafe condition
Unsafe act is attributable to an individual. This may be due to lack of understanding
of the hazard facing the task being performed or the negligent act. 303
ISO 9000 Quality Unsafe condition like slippery floor, lack of ventilation, inadequate lighting
Management System may be the cause of an accident. Unsafe condition is attributable to
management responsibility
From the above discussion you will appreciate that management of safety
involves a two-pronged approach, viz., prevention of the unsafe act and
providing a safe work place (i.e., elimination of unsafe condition). This is the
fundamental principle of any Safety Management.
As is evident from the above discussion we must endeavour to identify the
hazard/risk associated with the accomplishment of a task and then adopt
suitable measures for corrective and preventive action through systems
approach in the context of safety management. Let us now see how this
principle can be applied to practice.
Risk Assessment through hazard Identification and Job Safe Analysis
In safety parlance very often we come across the term 'hazard' and risk. It is
necessary to clearly understand what these terms actually mean.
'Hazard' is something that has a potential for harm.
'Risk' is the likelihood of the harm happening, and the consequences in case
it happens.
The assessment of risk is carried out through Job Safety Analysis (JSA). Safety
implies freedom from risk, danger and harm. Job Safety Analysis therefore
helps us to:
• Identify the risks hazards
• Protect from danger and
• Eliminate the potential to harm
The JSA approach, involves the following basic steps :
• Identification and selection of task
• Breaking it down into steps
• Identification of potential hazards
• Assessment and elimination of risks
• Recommendation of safe work procedure
Selection of Task
From the safety point of view and for effective management of safety, each
job needs to be analysed prior to its starting. The operators should be briefed
about the risks involved in the performance of a job and the procedures and
precautions to be followed for safe performance of the tasks. While more
than one job needs to be analysed, the priorities can be decided based on the
following criteria:
• High frequency of accidents or fatalities
304
• History of serious accidents or fatalities Management Systems
for Safety
• Potential for serious harm
• New jobs
Breaking Down the Task into Various Steps
A complex task may involve various risks at different steps. A comprehensive
study of the various steps is essential to evaluate the risks associated.
Job Safety Analysis starts with :
• A discussion of how the job is performed. Once the process familiarity is
obtained, the job can be divided into steps;
• Watching out an operator performing the task completely
• Noting down the crucial steps as the job progresses;
Now corresponding to each step we can identify the existing hazards. An
example of steps involved in replacing of a flat tyre are identified in Box 13.1
Box 13.1: Identify Job Step: Replace a Flat Tyre
While proceeding to your work, you discover that your car has a flat tyre.
The car is parked on a level ground and the parking brake is already set.
The bumper jack and the car tyre are both in good condition and kept in
the car's trunk. The steps Involved in replacing the flat tyre are:
1. Remove jack, spare tyre and lug wrench from trunk
2. Loosen lug nuts
3. Raise the jack 1
4. Remove flat tyre
5. Install spare tyre
6. Lower jack
7. Tighten lug nuts
8. Place flat tyre, jack and lug wrench in the trunk
The five major factors listed below will help ascertaining risks associated
with any step:
a) Physical Actions
b) Materials'
c) Equipment
d) Conditions
e) "What if" question

305
ISO 9000 Quality Identification of Hazards
Management System
The basic tool used to identify a hazard is through Inspection. Inspection
provides a reliable way to identify and eliminate conditions that could lead to
an accident, illness or environmental damage. In order to conduct an
inspection, it is important to know what is to be looked for in a specific area.
A checklist of potential hazards is prepared to carry out the inspection.
Creating a checklist involves the following four steps:
i) Write down every potential hazard within the category that exists in
your work area;
ii) Check availability of written resources;
iii) Examine the work area;
iv) Have the employees review the list.
The sources of information to develop a check list are:
• Job hazard analyses or process reviews
• Previous inspection reports
• Maintenance records
• Material safety data sheets (MSDS)
• Accident investigation reports
• Work environment studies
Activity 2
Write a note on safety management in any other organization you are
familiar with describing its salient features/elements, with short
explanations.
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................

13.5 ASSESSMENT AND ELIMINATION OF RISKS

Once the hazards are identified it is an obvious expectation to have the risks
eliminated from the job sites Many times a situation encompasses a number
and variety of risks. The following techniques can be helpful in assessing the
risk factor and in classifying the various hazards according to the seriousness
of impact and priority for remedy
Methodology
306 Complete the Risk Assessment format (as given in table 13.2) and proceed
with the determination of risk factors as follows: Management Systems
for Safety
Job Site: Location :
Date: Supervisor Responsible :
Contractor's Name :
Name of Safety Personnel :
Table 13.2: Risk Assessment Format

Severity level
1. Low = Effect of risk is minimum (not serious)
2. Med = Moderate effect tending to become serious
3. High = Dangerous to life
Likelihood of Occurrence
1. Low = Very less probability
2. Med = May take place often
3. High = Very frequent changes of happening
Population Affected
1. Low = Up to 5 persons
2. Med = 5 to 15 persons
3. High = More than 15 per persons
Risk Factor = Severity Level x Likelihood of Occurrence x Population
Affected.
Based on the assessment of Risk Factors we go on to tabulate the risks in
order of their diminishing severity. This helps in developing a corrective action
plan. The format (table 13.3) can be used for this purpose.
307
ISO 9000 Quality Table 13.3: Prioritization of risks
Management System

Recommendations of Safe Work Procedures

The final phase of job safety Analysis process involved recommending ways
to control the hazards associated with each of the job steps. The following
aspects shall be recognized while making recommendations:
• Recommendations should be developed at the job site whenever possible
• Recommendations shall be in sequence, beginning with the first hazard
(so that not a single hazard is missed)
• Recommendations must be specific
• As many solutions as are possible should be listed.
The preparation of recommendations needs expertise and knowledge on the
part of the JSA team. However, the following documents may be helpful a
great deal in formulating Corrective Action Plans/Safe Work Procedures:
• Utilise organization's Accident Prevention Manual while developing safety
procedures on site ;
• Refer to earlier recommendation validated with successful observations
for a similar problem;
• Statutory regulations prevailing in the work areas.
Safety Task Assignment (STA)
Many a time recommendations indicate instruction / direction for Safety Task
Assignment. This is a very important supervisory tool in implementation of a
safety programmeme.
STA is not as formal as a JSA. The JSA involves:
a) Reviewing the safety issues of any new tasks;
b) Apprising the task performers about the risks involved in carrying out
the task;
c) Procedures to be followed for performing the task;and
d) Personnel Protective Equipment to be used.

308
STA has the following advantages: Management Systems
for Safety
• It raises safety awareness within each crew and is a reminder that hazards
do exist.
• Assigns each member of the team a safety responsibility
• Demonstrates management's commitment to safety
• A typical JSA for changing a flat Tyre is given in Figure 15.4.
JSA - Changing a Flat Type

Date: Job: Change Flat Type

Title of Person performing job Supervisor Analysis by:
Table 13.4: A typical JSA for changing a flat tyre

*Risk assessment is the first step in establishing a safety programmeme to

achieve the goal of safety excellence i.e. " Zero Accident".
Safe Implementation : The System Approach
Safety means freedom from risk, harm and danger. Implementation of a safety
programme helps us avoid unnecessary costs from any accident/ injury and
loss of production. Enlightened management sets a target of "zero" injury to
attain excellence. This is a journey towards continuous performance
improvement, an essential element of Total Quality Management.
Systems approach to safety management rests on:
i) Setting targets /goals to be a
oals to effect corrective action;
iii) providing resources and training for successful implementation of the
programmeme.
The elements of a Safety Programmeme
The basic elements of a safety programmeme include the three E's:
• Engineering 309
ISO 9000 Quality • Education
Management System
• Enforcement
In the Engineering phase attention is on the planning and development of an
effective Safety Programmeme While developing the programme emphasis
is given to the particular type of industry and its associated hazards. Hazard
Identification and Job Safety Analysis (JSA) are important techniques involved
in the development of a suitable safety plan.
Hazard identification involves a basic knowledge about the project activities
and their potential hazards. Past experience, thorough inspection and checklists
can be useful in the process of hazard identification. Job Safety Analysis is a
technique which involves a study of tasks to know their associated hazards
and practical recommendations to provide for corrective actions. JSA involves
the following five essential steps:
(i) Selection of the task;
(ii) Breaking down the task into component steps (sub-tasks);
(iii) Identifying the hazards associated with each of the steps (sub-tasks);
(iv) Assessment of Risk (quantification) for prioritisation of the corrective
action;
(v) Providing recommendations for elimination of the hazards.
With the knowledge of the outcome of Job Safety Analysis a comprehensive
Safety Plan is developed so as to attain the goal of Zero-Injury.
The second phase of an effective Safety Programme is the education of all
the people (contractor's people included) associated with the project execution.
Like any weak unit of a chain the total strength becomes weak, any person at
the job site who is either not aware of the safety rules or does not follow the
same may make the Safety Programme weak and thus may be susceptible to
work related injuries/accidents. Education is therefore a very important aspect
of a Safety Programmeme Education can be imparted through
• Training and orientation programmeme
• Display of posters/banners.
• Use of sign age's (cautionary, preventive, warning)
• Safety Task Assignments (STA)
Having developed a Safety Programme and having provided education to the
employees concerned, the next important activity that brings in success to
the programme is its 'enforcement'. However good a Safety Plan is, or however
excellent the education given to the workers, the ultimate result depends on
enforcement.
Enforcement requires a strong will and determination on the part of
management. Management commitment is expressed through safety
310 promotional measures like:
• Reward for better safety performance Management Systems
for Safety
• Safety competition (slogan, cartoon, essay, etc)
• Operating safety related disciplinary Programmes, i.e., punishment
commensurate with the extent /nature of safety violation.
• Carrying out Accident / Incident investigations for ascertaining corrective
and preventive actions.

13.6 SAFETY IMPLEMENTATION

An effective implementation of a safety programme includes the following
five steps :
i) Pre-project/pre-task planning
ii) Orientation and training
iii) Documented safety programme
iv) Alcohol and substance abuse programme
v) Accident Near - miss accident investigation and reporting
i) Planning For Safety
a) Pre-Project Planning will include
- Defining the Safety Goal
- Identifying the requirement for safety personnel depending upon
the size and complexity of the project. A compatible safety
organization will have to be developed.
- Evaluation of safety personnel prior to their engagement in the
project.
b) Pre-task Planning requires:
- Identification of hazards through Job Safety Analysis
- Training the personnel in safe performing of the task.
Through an initial review of the scope of work, job site location, proximity to
exposures, a set of hazards are identified for evolving a safe work practice
and environment. However, the finding may reveal that certain hazards may
not be fully eliminated. In such a case the proposed plan may include:
• A written down procedure to be followed during execution of the task
• Personal protective equipment to bf: used.
• Any specialised training necessary for the task performer and, if so,
providing for the same.
The planning process improves hazard awareness, ensures better participation
and compliance by the employees and leads to the success of the Safety
Programmeme.
311
ISO 9000 Quality ii) Orientation And Training
Management System
Safety Orientation and Training are two very important faces of a 'Safety
Programmeme' orientation and training hand-in-hand and apply to the supplier/
contractor and client both. Whereas an Orientation Programme is given to all
the persons entering a job site, training is a need-based activity and varies
from person to person depending upon the job they perform.
Elements of Orientation: An orientation programme will give an overview
of the following:
i) Details of the project, the client and contractors involved the roles and
responsibilities with regard to safety function and interfaces.
ii) Safety Phi1osophy"Zero - Injury" - Safety First Priority.
iii) Present status of safety performance
iv) The Safety Incentive Programme
v) Safety is everybody's business; Safety rules apply uniformly to every
body
vi) Detailed Emergency Evacuation Procedures
vii) First Aid facilities
viii) Use of Personal Protective Equipment
ix) Reward for proper following of safety rules
x) Disciplinary action for Safety Violation
Training: Any special job that may possess safety risks should not be started
without giving proper training to the task performer. A typical (need-based)
training may consist of the following element(s) depending upon the job being
performed:
• Material Safety Data Sheet (MSDS)
• Hazard communication
• Scaffolding
• Excavation and trenching
• Rigging and material handling
• Electrical safety
• Work permits
• Confined space entry
• Chemical storage
• Accident/Incident investigation and reporting
iii) Incentives
Incentives (specially financial incentives) have been found to motivate people
312
to adhere to safety norms. It helps implementation of a safety programme Management Systems
for Safety
positively. Depending upon the project type, suitable milestones can be pre-
determined for the purpose of incentives.
Incentives can be in the form of gifts, citations or money. A monetary incentive
has been found to have the effect of opening up communication between
workers and management for implementation of safety.
Such awards are generally based on a Zero" lost workday case records during
the period under consideration. A dear and simple communication about the
incentive programme to workers is essential.
iv) Alcohol and Substance Abuse Programmeme
A regular check on the abuse of drugs and alcohol at work site keeps the
safety hazards under control. This is not necessarily a possible errant in every
job site. Wherever possibility of such an abuse exists, the following provide
a reasonably good solution to the problem:
• Inspections for contraband
• Screening done at random
• Screening for use of alcohol
• Programme administered to all employees
v) Accident/Incident Investigation
Accident/Incident investigations are important from the point of view of
• Management's concern for worker's safety
• Incorporation of preventive measures
• Deriving lessons for future projects
• The process starts with: gathering of facts (checklists can be used);
• Review/analysis of facts in detail to establish root causes;
• Determining the steps necessary to prevent recurrence; and
• emphasizing the timely implementation of the recommendations.
The investigation team should comprise persons from both the client and
contractors having requisite skills, knowledge and experience. All serious
injuries should be investigated immediately. Investigation reports provide an
insight into the root cause of the problem and help management in adopting
steps for corrective and preventive action.

13.7 GENERAL OCCUPATIONAL HEALTH

PROBLEMS
Industry contributes not only to physical hazards to workers like unguarded
machines, poor housekeeping, falling of objects, flying particles which may
313
ISO 9000 Quality cause injury. But certain processes, environment or conditions may affect the
Management System workers' health as well. Let us have a look at what these hazards could be in
relation to public health in general.
Public Health (General)
Some hazards encountered are discussed below:
1. Tobacco: It is widely used by workers. The forms include smoking,
chewing, snuffing. This may cause lung and oral cancer, lung ailments
etc.
2. Drinking water: The main source of water for industry is from river or
from the ground. Leather industries and chemical industries let their
effluent flow into a river or be absorbed in the ground thus polluting the
soil and water (causing water pollution and soil pollution.) The polluted
water may cause lot of health problems like jaundice, liver and kidney
failure, gastro-enteritis.
3. Cancer: Workers in chemical industries are exposed to chemicals like
benzene, asbestos, nitrogen oxides, polyvinyl chlorides etc. These
chemicals classified as carcinogens may cause cancer to the workers.
4. Radiation: Workers engaged in x-ray units and mines which contain
radioactive materials may be affected due to radiation. This may cause
cancer to the public.
5. Drug abuse and alcoholism: Drugs and alcoholism are very common public
health hazards. They impair the sensory organs and due to inadequate
judgment of the workers may cause accident.
6. Unhygienic food: Inadvertently supplied through canteen in the industry
may cause diarrhea, typhoid food poisoning, hepatitis etc to the workers.
Cause of Health Hazards (particular to industry)
The general occupation health hazards may be due to;
i) Heat ii) Cold iii) Light iv) Noise v) Radiation vi) Chemicals vii)
Occupational Diseases.
i) Heat: Most of India is in the equator region and it is hot in summer months.
Unlike western countries the employees get exhausted due to heat. Heat
stroke is a common feature due to exhaustion during summer.
ii) Cold: Due to cold during winter the fingers may lose their sensation which
may cause finger injuries. Loose items like mufflers/scarves may get
entangled into running machines and cause injuries.
iii) Light: Adequate light is to be arranged in the work place. Vision is
disturbed due to inadequate lighting, leading to the possibility of an
accident.
iv) Noise: This creates a stressful situation, causing irritation, loss of hearing,
rise in the blood pressure and increase in the heart beat.
314
v) Radiation: Workers engaged in NDT operation, X-ray laboratories and Management Systems
for Safety
in atomic power industries are vulnerable to radiation which may cause
cancer in the long run.
vi) Chemical: Silica dust can enter the lungs and may cause silicosis. Asbestos
may cause Asbestosis. These are all lung ailments. Dye stuffs are used in
dye industries mixed with water, any person drinking such water may
suffer from liver1 kidney disorders in course of time. Chemicals such as
acids and corrosive alkalis may cause burns if they fall on the skin.
In the construction industry, metal surface finishing work is done by sand
blasting. This in due course of time causes silicosis. Chemicals such as paints,
thinners, binders, fasteners may cause many health hazards to workers.
Control of Health Risk
Health risk may be controlled through the following measures:
i) Engineering measures: By devising good and safe engineering processes
the risk to the health of workers can be reduced.
ii) Legal Measures: Government by notification asks the employers /
industries to modify the process or control the hazard.
iii) Medical Measures: Medical measures include
a) Medical Examinations: All workers in the industry to be screened
for occupational diseases.
b) Periodical Examination: All workers working in highly hazardous
chemicals must be periodically examined.
c) Health Care: Health care to all employees be provided in chemical
industry
d) Health Education: Workers should be educated for good and hygienic
way of living.
e) Records: Records of all medical examination to be kept and
maintained for review and prevention.
Maintaining a Healthy Environment
i) Managing a healthy environment involves the following activities:
ii) he-employment medical examination
iii) Continuous education on health &hygiene
iv) Periodical inspection of the site
v) Provision of proper personal protection equipment provided to employees
vi) A good medical I clinic facility
Substance Abuse Presentation (Screening for Alcohol and Drugs)
Alcohol and drug use by workers may 315
ISO 9000 Quality i) increase the accident rate
Management System
ii) Increase the medical expenses
iii) Increase absenteeism
iv) Cause absenteeism and reduce the income to the family.
As per the Factories Act possession and use of alcohol and narcotics is not
permitted inside the work premises.
Alcoholism and drugs abuse by workers can be dealt with by :
i) Counselling to workers
ii) Strict vigil at workplace
iii) Surprise inspection at work place
iv) Medical test
v) Termination from service (disciplinary action)
Personal Protection
Elimination of unsafe conditions should be the first priority. For additional
protection to individuals, personal Protection Equipment (PPE) should be
provided. Depending on the nature of the job the PPE has to be selected and
given.
Why is the PPE needed?
Statistics on accident investigation reveal that 60% of workers at the site
sustaining head injuries do not wear helmets, and nearly 99% of workers
suffering face injuries do not wear face protection. 77% of workers suffering
from foot injuries do not wear safety shoes, and 60% of workers with eye
injuries do not wear eye protection.
Accident Investigation
AS per organization's Safety manual the investigation was carried out by a
team consisting of
- Safety Manager
- Construction Supervisor and
- Site in-change (Contractors)
The following facts were observed during investigation by the team:
- The accident happened during lunch time.
- The same worker was wearing the safety glasses in the moring but not
during thepost lunch session.
- The supervisor and the safety steward were not present during the accident.

316
- The supervisor and safety steward had gone for lunch when the accident Management Systems
for Safety
took place and were not available at site.
- The worker wanted to finish the work quickly.
- He was chipping the slab during lunch break without wearing the safety
glass.
- There was no safety coverage during lunch time.
Root Cause of the Accident
The worker did the chipping work during the lunch break without wearing
the safety glasses (Non adherence to safety procedure and an unsafe act)
Observations related to Safety Management at site prior to the Accident
- The particular contractor's worker was instructed about the safety
requirements.
- All workers were given safety orientation.
- One trained supervisor was arranged at the work site.
- One safety steward was arranged by the contractor to look after safety
implementation.
- Toolbox talks were conducted regularly.
- All tools and equipment were inspected periodically.
- Safety Incentives were given to the workers to adhere to safety procedures.
Corrective Action taken after the accident
- The contractor was called for a meeting to review the adequacy of the
safety procedure.
- Training classes were organized for all the employees involved in this
job and they were briefed as to future.
- Special training was given to the supervisor and to the safety steward.
- The subject was discussed in the safety committee monthly meeting and
Superintendents' meeting.
Lessons Learned
i) Management and control of work need better attention for safety of
workers
ii) Adherence to basic safety practices is a must.
iii) Creating awareness on the part of workers through proper orientation and
training is very important.
iv) Proper follow up is required for effective implementation of safety culture.

317
ISO 9000 Quality
Management System
13.8 SUMMARY
The Safety & Health Management System ensures avoidance of accidents in
industries. It also improves the bottom line by reducing direct an indirect
costs of accidens. The three distincitive management Styles can be observed
in regard to how safety is managed, viz. Safety Without Any Management
Process, (SWAMP), Naturally occurring Reactive Management (NORM), and
World Class Management (WCM).
Implicit in the Safety Managemetn is the belief that "accidents do not happen,
they are caused". Accidents are caused by unsaf acts attributalbe to people
and unsafe conditions attributable to management. The management of safety
therefore lies in the prevention of unsafe acts and in the provision of safe
working conditions.. This is the fundamental prindiple of safety management.
To identify the risk involved, a powerful tool called Job Hazard Analysis or
Job Safety Analysis (JSA) is used. This helps in unearthing the root causes.
Necessary action can then be taken. The three basic elements are vital parts
of a good safety management. They are (i) good engineering standards. (ii)
education, and (iii) enforcement, Based on these three elements safety is
implemented in five steps.
Industries contribut to physical hazards and health problems. The nature of
such problems depends upon the occupation, duration of work and hazards
involved. The health problems in industries may be caused by the use of
tobacco, carcinogens, heat, cold, light, noise, radiation, chemicals, and
substance abuse. Personal protection is the last act to protect a worker (when
all other control measures connot ensure safety of a person at work). The
right presonal protection and standard equipment is to be selected and provide.
The important questions in safety management relate to finding the root cause
of the safety/health problems, ways of correcting it and how we can save
workers from health/ phusiocal hazards.

13.9 KEY WORDS

Safety : Freedom from risk, harm and danger
Swamp : Safety Without Any Management
Process
Norm : Naturally Occurring Reactive
Management
Job Safety Analysis (JSA) : A tool to assess the various types of
risks associated with a job
Safety Task Assignment (STA) : Instructions related to the hazards
minimisation/elimination involved in
a job, e.g the procedured to be followed
and Personal Protective Equipment
(PPE) to be used to perform the job
318 safety.
 Management Systems
13.10 SELF-ASSESSMENT QUESTIONS for Safety

1. Why is safety and health management needed in industries?

2. Briefly describe the current scenario with respect to safety management?
3. Describe the factors responsible for an accident
4. What are the steps in a Job Safety Analysis?
5. What characteristics influence the risk factor associated with a task?
6. Describe the three elements of a safety programmeme.
7. Narrate the 5 steps in safety implementation.
8. Explain the various elements of orientation and training.
9. What are the health hazards in an industry?
10. How can healthy environment in an industry be maintained?

13.11 FURTHER READINGS

• Charantimath, P. M. (2017). Total Quality Management. Pearson India.
• Dale, B. G., Bamford, D., & Van Der Wiele, T. (2016). Managing Quality: An
Essential Guide and Resource Gateway. John Wiley & Sons.
• Davies, H. . ., Tavakoli, M., Malek, M., & Neilson, A. (2018). Managing
Quality: Strategic Issues in Health Care Management. Routledge.
• Garg, S. P., Gupta, K. K., &Tewari, R. (2021). How to set up a Safety
Management System in 91 days - A Safety Management Handbook for MSMEs
and CGDs. Invincible Publishers.
• Pascal, Dennis.(1997) Quality, Safety and Environement - Synergy in the
21st Century, ASQC Quality Press, Milwaukee, Wisconsin.
• Rao Kolluru, Steven Barteu, Robin Pritblado, Scott, Stricoff (1996). Risk
Assessment and management Handbook for Environmental, Health and
Safety professionals, McGraw Hill.
• Ullrich, G. M., Snyder, P. R. (2019). Practical Safety Management Systems:
A Practical Guide to Transform Your Safety Program Into a Functioning
Safety Management System. United States: Aviation Supplies & Academics,
Incorporated.

319
ISO 9000 Quality
Management System UNIT 14 OTHER STANDARDS
Objectives
After reading this unit you will be able to:
• Develop an understanding about other quality standards;
• Describe ISO 20000;
• Discuss the need for ISO 20000;
• Explain ISO 27000;
Structure
14.1 Introduction
14.2 ISO 20000
14.3 Need for ISO 20000
14.4 Requirements of ISO 20000
14.5 ISO 20000
14.6 Need for ISO 20000
14.7 Requirements of ISO 20000
14.8 Summary
14.9 Key Words
14.10 Self Assessment Questions
14.11 Further Readings

14.1 INTRODUCTION
ISO 20000 and ISO 27000 are two quality standards that are widely used in
the IT industry to ensure that organizations are providing high-quality IT
services and maintaining the security of their information systems.
ISO 20000, also known as the Information Technology Service Management
(ITSM) standard, is a globally recognized standard that outlines the
requirements for IT service management. The standard helps organizations to
establish, implement, maintain, and improve an effective IT service
management system (ITSM), which ensures that their IT services meet the
needs of their customers and stakeholders.
ISO 27000, also known as the Information Security Management System
(ISMS) standard, is a globally recognized standard that outlines the
requirements for information security management. The standard helps
organizations to establish, implement, maintain, and improve an effective
information security management system, which ensures that their information
assets are protected from unauthorized access, disclosure, alteration,
destruction, or disruption.
320
Both ISO 20000 and ISO 27000 are based on the Plan-Do-Check-Act (PDCA) Other Standards
cycle, which is a continuous improvement methodology that helps
organizations to plan, implement, monitor, and improve their processes and
services over time. These standards are designed to be flexible and scalable,
allowing organizations to tailor their implementation to meet their specific
needs and objectives.
Other quality standards that are commonly used in the IT industry include:
ISO 9001: Quality Management System (QMS) standard, which outlines the
requirements for a quality management system that can be applied to any
organization, regardless of its size, type, or product/service offering.
ITIL (Information Technology Infrastructure Library): a framework of
best practices for IT service management that is widely used in the IT industry
to align IT services with business needs and to improve IT service delivery
and support.
COBIT (Control Objectives for Information and Related Technology): a
framework of best practices for IT governance and management that is
designed to help organizations to achieve their business objectives through
effective and efficient use of their information and related technology.
CMMI (Capability Maturity Model Integration): a framework of best
practices for process improvement that is used to help organizations to improve
their performance and achieve their business objectives by optimizing their
processes and practices.

14.2 ISO 20000

ISO 20000 is an international standard for Information Technology Service
Management (ITSM). It defines a set of requirements and best practices for
the effective delivery of IT services to meet the needs of customers and
stakeholders. The standard was first published in 2005 and has since been
updated several times, with the most recent version being ISO 20000-1:2018.
ISO 20000 provides a common framework for IT service providers to deliver
consistent, high-quality IT services that meet the expectations of customers.
The standard covers a wide range of ITSM processes, including service
strategy, design, transition, delivery, and improvement. It also defines the
roles and responsibilities of various stakeholders, such as service providers,
customers, and internal IT teams.
The standard is designed to be compatible with other widely used IT
management standards, such as ISO 9001 (quality management) and ITIL (IT
service management). This compatibility allows organizations to integrate
their ITSM processes with other business processes and systems.
ISO 20000 is based on the following key principles:
Customer focus: The standard requires organizations to understand their
customers’ needs and expectations and to continuously improve their services
to meet those needs. 321
ISO 9000 Quality Process approach: The standard emphasizes the importance of using a
Management System
structured, process-based approach to delivering IT services. This approach
helps organizations to ensure that their processes are efficient, effective, and
consistent.
Continuous improvement: The standard requires organizations to
continuously review and improve their ITSM processes to ensure that they
remain effective and meet the changing needs of customers.
Evidence-based decision making: The standard requires organizations to
gather and use data to make informed decisions about their ITSM processes.
This helps organizations to identify areas for improvement and to make
evidence-based decisions about how to improve their services.
ISO 20000 certification is a recognition that an organization has implemented
and is following the best practices defined in the standard. Certification is
awarded by an accredited third-party organization after a comprehensive audit
of the organization’s ITSM processes.
Benefits
ISO 20000 certification can provide several benefits for organizations,
including:
Increased customer satisfaction: The standard requires organizations to
understand and meet the needs of their customers, which can lead to increased
customer satisfaction.
Increased efficiency: The standard requires organizations to use a process-
based approach to delivering IT services, which can lead to increased
efficiency and cost savings.
Improved risk management: The standard requires organizations to manage
risk and implement controls to prevent incidents and minimize their impact.
This can help organizations to reduce the risk of disruptions to their IT services.
Improved competitiveness: ISO 20000 certification can provide organizations
with a competitive advantage by demonstrating their commitment to delivering
high-quality IT services.
ISO 20000 is a widely recognized international standard for ITSM that
provides organizations with a common framework for delivering high-quality
IT services. Certification provides organizations with recognition for their
commitment to best practices and continuous improvement and can provide
numerous benefits, including improved customer satisfaction, increased
efficiency, improved risk management, and improved competitiveness.

14.3 NEED FOR ISO 20000

The need for ISO 20000 stems from the growing reliance of organizations on
IT services to support their business operations. IT services are critical to
many organizations, as they enable them to achieve their business goals, meet
customer needs, and remain competitive. However, managing IT services can
322
be a complex and challenging task, especially as organizations have increasingly Other Standards
diverse and dispersed IT environments.
ISO 20000 provides organizations with a common framework for managing
IT services, ensuring that they are delivered consistently and effectively. The
standard helps organizations to align their IT services with their business
goals, and to ensure that they meet the needs of their customers and
stakeholders.
The following are some of the key reasons why organizations need ISO 20000:
1. Improved customer satisfaction: ISO 20000 requires organizations to
understand their customers’ needs and to continuously improve their IT
services to meet those needs. This can lead to increased customer
satisfaction, as customers receive high-quality IT services that meet their
expectations.
2. Improved service quality: ISO 20000 requires organizations to
implement a structured, process-based approach to delivering IT
services. This helps to ensure that services are delivered consistently
and effectively, improving their quality and reliability.
3. Improved risk management: ISO 20000 requires organizations to
identify and manage risks that could impact the delivery of IT services.
This helps to ensure that services are delivered securely and with minimal
disruption.
4. Improved cost management: ISO 20000 requires organizations to
manage the costs of delivering IT services effectively. This can help to
reduce costs and improve the efficiency of IT service delivery.
5. Improved competitiveness: ISO 20000 certification provides
organizations with recognition for their commitment to delivering high-
quality IT services. This can provide a competitive advantage and help
organizations to differentiate themselves in a crowded market.
6. Improved supplier management: ISO 20000 requires organizations
to manage their suppliers effectively and to ensure that their IT services
are delivered consistently and in accordance with the standards defined
in the standard.
7. Improved governance: ISO 20000 requires organizations to implement
effective governance processes to ensure that their IT services are
delivered in accordance with their business goals and customer needs.
8. Improved compliance: ISO 20000 requires organizations to comply
with relevant legal and regulatory requirements related to the delivery
of IT services. This helps organizations to avoid potential legal and
regulatory consequences.
ISO 20000 is a critical standard for organizations that rely on IT services to
support their business operations. The standard provides a common framework
for managing IT services, ensuring that they are delivered consistently and
effectively. Organizations that adopt ISO 20000 can expect to see improved 323
ISO 9000 Quality customer satisfaction, improved service quality, improved risk management,
Management System
improved cost management, improved competitiveness, improved supplier
management, improved governance, and improved compliance.
Activity 1
Give examples of ISO 27000.
................................................................................................................
................................................................................................................
................................................................................................................
................................................................................................................

14.4 REQUIREMENTS OF ISO 20000

ISO 20000 is a set of international standards that provide organizations with
a framework for managing IT services. The standard specifies requirements
for the design, transition, delivery, and improvement of IT services.
The requirements of ISO 20000 are divided into two parts:
Part 1: Specifies the requirements for a management system for IT service
management. This includes requirements for planning, implementing,
maintaining, and improving the management system.
Part 2: Specifies the requirements for IT service management processes. This
includes requirements for service strategy, service design, service transition,
service operation, and continual service improvement.
The following are some of the key requirements of ISO 20000:
IT service management system: Organizations must establish, implement,
maintain, and continually improve an IT service management system that meets
the requirements of ISO 20000.
Service strategy: Organizations must define a service strategy that aligns
with their business goals and customer needs. This includes the development
of a service portfolio, the definition of service offerings, and the identification
of customer segments.
Service design: Organizations must design IT services that meet their customer
needs and requirements. This includes the development of service level
agreements (SLAs), operational level agreements (OLAs), and underpinning
contracts.
Service transition: Organizations must ensure that IT services are transitioned
from design to operation smoothly and effectively. This includes requirements
for change management, release and deployment management, and service
validation and testing.
Service operation: Organizations must operate IT services effectively and
efficiently. This includes requirements for incident management, problem
324 management, event management, and request fulfillment.
Continual service improvement: Organizations must continually improve Other Standards
their IT services to meet changing customer needs and to ensure that they are
delivered effectively and efficiently. This includes requirements for
performance reporting, service review, and service improvement plans.
Resource management: Organizations must ensure that the resources required
to deliver IT services are managed effectively. This includes requirements
for human resources, infrastructure, and technology.
Relationships management: Organizations must manage their relationships
with suppliers, customers, and other stakeholders effectively. This includes
requirements for supplier management, customer management, and
stakeholder management.
Configuration management: Organizations must manage the configuration
of their IT services and infrastructure effectively. This includes requirements
for configuration management processes, configuration management
databases, and configuration items.
Measurement and reporting: Organizations must measure and report on the
performance of their IT services. This includes requirements for performance
measurement, service reporting, and service measurement and reporting
processes.
ISO 20000 provides organizations with a comprehensive framework for
managing IT services. The standard specifies requirements for the design,
transition, delivery, and improvement of IT services, ensuring that they are
delivered consistently and effectively. Organizations that adopt ISO 20000
can expect to see improved customer satisfaction, improved service quality,
improved risk management, improved cost management, improved
competitiveness, improved supplier management, improved governance, and
improved compliance

14.5 ISO 27000

ISO 27000 is a set of international standards for information security
management. It provides a comprehensive framework for managing and
protecting sensitive information, such as customer data, financial information,
and intellectual property. The standard is designed to help organizations of
all sizes and industries to protect their information assets and maintain their
confidentiality, integrity, and availability.
ISO 27000 consists of a series of standards and guidelines that provide a
systematic approach to information security management. The standard covers
a wide range of topics, including risk management, access control, network
security, and incident management.
The key components of ISO 27000 are:
Information security management system (ISMS): Organizations must
establish, implement, maintain, and continually improve an information
security management system that meets the requirements of ISO 27000. The
325
ISO 9000 Quality ISMS provides a framework for managing and controlling information security
Management System
risks.
Risk management: Organizations must identify and assess the risks to their
information assets and implement controls to manage those risks. This includes
risk assessment, risk treatment, and risk monitoring.
Access control: Organizations must control access to their information assets
to prevent unauthorized access, use, disclosure, and disruption. This includes
user authentication, authorization, and access control mechanisms.
Network security: Organizations must secure their networks to prevent
unauthorized access and to ensure the confidentiality, integrity, and availability
of their information. This includes network security design, network security
controls, and network security monitoring.
Incident management: Organizations must have a plan in place to respond
to security incidents and to minimize the impact of those incidents on their
information assets. This includes incident response planning, incident response
procedures, and incident reporting and analysis.
Business continuity management: Organizations must have a plan in place
to ensure the continuity of their business operations in the event of a security
incident or disaster. This includes business continuity planning, business
continuity testing, and business continuity management processes.
Compliance: Organizations must comply with relevant laws, regulations, and
standards for information security. This includes data protection laws, privacy
laws, and information security standards such as ISO 27001.
ISO 27000 is designed to be flexible and can be adapted to the specific needs
of each organization. Organizations can choose which parts of the standard
to implement, based on their information security requirements. The standard
also provides guidance on how to integrate information security into the overall
business process, ensuring that information security is not seen as a separate
and isolated activity, but as an integral part of the business.
ISO 27000 is an important standard for organizations that need to protect
their information assets. The standard provides a comprehensive framework
for information security management, covering a wide range of topics,
including risk management, access control, network security, and incident
management. Organizations that adopt ISO 27000 can expect to see improved
information security, improved risk management, improved business
continuity, improved compliance, and improved customer confidence

14.6 NEED FOR ISO 27000

The need for ISO 27000 arises from the increasing importance of information
in today’s digital world. Information is a valuable asset for organizations, and
its security is crucial for their success. Information can be sensitive, confidential,
or personal, and its compromise can have significant consequences, such as
financial loss, reputational damage, loss of competitive advantage, and legal
326 liability.
In response to these risks, organizations have a need to implement robust Other Standards
information security management systems that protect their information assets
and ensure their confidentiality, integrity, and availability. ISO 27000 provides
a comprehensive framework for information security management that
organizations can use to meet these needs.
The following are some of the key reasons why organizations need ISO 27000:
Protect information assets: Organizations need to protect their information
assets from unauthorized access, use, disclosure, and disruption. ISO 27000
provides a systematic approach to information security management that helps
organizations to identify and manage information security risks and to
implement controls to protect their information assets.
Manage information security risks: Organizations need to manage the risks
to their information assets, including the risks from cyber threats, data
breaches, and natural disasters. ISO 27000 provides a structured approach to
risk management that helps organizations to identify and assess the risks to
their information assets and to implement controls to manage those risks.
Improve information security: Organizations need to improve their
information security to meet the changing security needs of their business.
ISO 27000 provides a comprehensive framework for information security
management that organizations can use to improve their information security
over time.
Meet regulatory requirements: Organizations need to comply with relevant
laws and regulations for information security, such as data protection laws,
privacy laws, and information security standards. ISO 27000 provides guidance
on how to comply with these regulations and standards.
Enhance customer confidence: Organizations need to enhance the confidence
of their customers and other stakeholders in the security of their information.
ISO 27000 provides a recognized standard for information security
management that demonstrates to customers and other stakeholders that the
organization takes the security of its information assets seriously.
Improve business continuity: Organizations need to have a plan in place to
ensure the continuity of their business operations in the event of a security
incident or disaster. ISO 27000 provides a framework for business continuity
management that helps organizations to plan for and respond to security
incidents and disasters.
Increase efficiency and cost savings: Organizations need to implement
information security in an efficient and cost-effective manner. ISO 27000
provides a systematic approach to information security management that helps
organizations to improve their information security in a cost-effective manner,
by avoiding duplication of effort, reducing the risk of security breaches, and
minimizing the impact of security incidents.
ISO 27000 is an important standard for organizations that need to protect
their information assets and manage information security risks. The standard
provides a comprehensive framework for information security management 327
ISO 9000 Quality that helps organizations to meet their information security needs and to
Management System
improve their information security over time. Organizations that adopt ISO
27000 can expect to see improved information security, improved risk
management, improved business continuity, improved compliance, and
improved customer confidence

14.7 REQUIREMENTS OF ISO 27000

ISO 27000 is a globally recognized standard for information security
management systems (ISMS). The standard provides a comprehensive
framework for organizations to manage information security risks and to protect
their information assets. ISO 27000 sets out the requirements for ISMS, including
the policies, procedures, and controls that organizations need to implement to
ensure the confidentiality, integrity, and availability of their information.
The following are the key requirements of ISO 27000:
Management commitment: Organizations need to demonstrate their
commitment to information security by implementing an ISMS and integrating
it into their overall business operations. The management team should
communicate the importance of information security to all employees and
should allocate the necessary resources to support the ISMS.
Policy: Organizations need to develop and implement an information security
policy that sets out the organization’s objectives, principles, and guidelines
for information security. The policy should be reviewed regularly and updated
as necessary to reflect changes in the organization’s information security risks.
Risk assessment: Organizations need to identify and assess the risks to their
information assets, including the risks from cyber threats, data breaches, and
natural disasters. The risk assessment should be conducted on a regular basis,
and the results should be used to inform the organization’s information security
strategy.
Risk treatment: Organizations need to implement controls to manage the
risks to their information assets. The controls should be selected based on the
results of the risk assessment and should be reviewed regularly to ensure that
they remain effective.
Implementation: Organizations need to implement the controls selected in
the risk treatment process and should ensure that they are integrated into their
overall business operations. The controls should be tested regularly to ensure
that they are working as intended.
Monitoring and review: Organizations need to monitor the effectiveness of
their ISMS and to review it regularly to ensure that it remains relevant and
effective. The results of the monitoring and review process should be used to
inform improvements to the ISMS.
Documentation: Organizations need to document their ISMS, including the
policies, procedures, and controls that they have implemented. The documentation
should be kept up-to-date and should be accessible to all employees.
328
Communication: Organizations need to communicate the importance of Other Standards
information security to all employees and should provide training and
awareness to help employees understand their role in protecting the
organization’s information assets.
Incident management: Organizations need to have a process in place to
respond to security incidents and to minimize the impact of security breaches.
The incident management process should include procedures for reporting
incidents, conducting investigations, and taking corrective action.
Continuity management: Organizations need to have a plan in place to ensure
the continuity of their business operations in the event of a security incident
or disaster. The continuity management plan should include procedures for
responding to security incidents and disasters, and for restoring business
operations as quickly as possible.
The requirements of ISO 27000 provide a comprehensive framework for
organizations to manage information security risks and to protect their
information assets. Organizations that adopt ISO 27000 can expect to see
improved information security, improved risk management, improved business
continuity, improved compliance, and improved customer confidence. The
standard helps organizations to protect their information assets and to manage
information security risks in a systematic and cost-effective manner
Activity 2
What kind of organizations go for ISO 27000. Give examples.
................................................................................................................
................................................................................................................
................................................................................................................
................................................................................................................

14.8 SUMMARY
Organizations can manage IT services using the full framework offered by
ISO 20000. The requirement-specific standard ensures that IT services are
provided consistently and successfully by defining the requirements for their
design, transition, delivery, and improvement. Improvements in customer
satisfaction, service quality, risk management, cost management,
competitiveness, supplier management, governance, and compliance are to
be expected in organizations that embrace ISO 20000.
For companies that must safeguard their information assets, ISO 27000 is a
crucial standard. In addition to risk management, access control, network
security, and incident management, the standard offers a thorough framework
for information security management. Businesses that embrace ISO 27000
should anticipate improvements in information security, risk management,
business continuity, compliance, and client confidence.

329
ISO 9000 Quality
Management System 14.9 KEY WORDS
ISO 20000 : is an international standard for Information Technology
Service Management (ITSM).
ISO 27000 : is a set of international standards for information security
management.

14.10 SELF ASSESSMENT QUESTIONS

1. What is ISO 20000?
2. Why do we need IS 20000?
3. What are the requirements for getting ISO 20000?
4. Describe ISO 27000.
5. What are the requirements necessary for ISO 27000.

14.11 FURTHER READINGS

• Blokdyk, G. (2019). ISO 27000 Series a Complete Guide, (2020 Edition).
Emereo Pty Limited.
• Charantimath, P. M. (2017). Total Quality Management. Pearson India.
• Humphreys, E. (2016). Implementing the ISO/Iec 27001: 2013 Isms Standard.
United Kingdom: Artech House.
• ISO - ISO/IEC 27001 and related standards — Information security
management. (2023, February 2). ISO. https://www.iso.org/isoiec-27001-
information-security.html

330
 Quality Auditing and
UNIT 15 QUALITY AUDITING AND Certification
CERTIFICATION
Objectives
After reading this unit you should be able to:
• Explain the concept of Quality system audit;
• Explain the process of certification;
• Understand the concept of excellence in TQM;
• Describe different types of national and international quality awards.
Structure
15.1 Introduction
15.2 Quality System Audit
15.3 Types of Audit
15.4 Audit Planning
15.5 Audit Preparation
15.6 Role of audit in TQM
15.7 Certification in TQM
15.8 Excellence in TQM
15.9 Quality Awards
15.10 Summary
15.11 Key words
15.12 Self assessment Questions
15.13 Further Readings

15.1 INTRODUCTION
Quality System Audit is one of the key management tools for achieving the
objectives set out in the organization’s quality policy. Quality policy is the
statement of the management’s commitment towards quality of its products
and services. Audits should be carried out in order to verify whether a quality
management system conforming to a selected model of ISO 9001 is effective
and is suitable in achieving stated quality objectives. The quality audit also
provides objective evidence concerning the need for the reduction, elimination
and, most importantly, prevention of nonconformities. A Non conformity is
the non fulfillmentof specified requirements. The results of these audits can
be used by management for improving the performance of the organisztion.
Certification is a verification that systems and procedures designed to conform
to the relevant model of IS0 9001 for the operation of the organisztion’s 331
ISO 9000 Quality functions are implemented and are effective. This is an assurance to the users
Management System
of goods and services of the organisztion that norms of quality are implemented
and quality of goods and services meet the desired specification.
In this unit we discuss the elements of the quality system audit, types of audit
planning execution report, and certification process.

15.2 QUALITY SYSTEM AUDIT

A quality system audit is a comprehensive review of an organization’s quality
management system (QMS) to ensure it meets established standards and
regulations. The goal of a quality system audit is to evaluate the effectiveness
of an organization’s QMS and identify opportunities for improvement.
The audit process typically involves a team of auditors who are knowledgeable
in the organization’s industry and regulatory requirements. They conduct a
thorough review of the QMS documentation, procedures, and records to assess
compliance with applicable regulations and industry standards.
The audit process is typically broken down into several stages, starting with
planning and preparation. The audit team reviews the organization’s QMS
documentation and identifies key areas for evaluation. They then develop a
detailed audit plan and schedule, including the scope of the audit, the audit
objectives, and the audit criteria.
Next, the audit team conducts the on-site audit, which typically involves
interviewing key personnel, reviewing documentation and records, and
observing processes in action. The audit team may also perform tests and
inspections to verify compliance with applicable regulations and standards.
Once the on-site audit is complete, the audit team prepares a detailed report
of their findings. This report typically includes a summary of the audit
objectives, a description of the audit scope, and a detailed assessment of the
organization’s QMS. The report may also include recommendations for
improving the QMS and achieving better compliance with applicable
regulations and standards.
Finally, the organization’s management reviews the audit report and develops
a corrective action plan to address any deficiencies identified during the audit.
This corrective action plan typically includes specific steps to address each
deficiency, as well as timelines for completion and responsible parties.
In summary, a quality system audit is a critical tool for ensuring that an
organization’s QMS meets applicable regulations and industry standards. By
conducting a thorough review of the QMS and identifying opportunities for
improvement, organizations can improve their quality management processes
and achieve better compliance with regulatory requirements.
Quality management system (QMS) audit
A Quality Management System (QMS) audit is a systematic review of an
organization’s quality management system to ensure that it conforms to the
332
relevant standards and requirements. The QMS audit evaluates the
effectiveness and efficiency of an organization’s QMS and identifies any areas Quality Auditing and
Certification
of improvement that could lead to better customer satisfaction and business
performance.
A QMS audit typically involves the following stages:
1. Planning and preparation: The audit team identifies the scope and
objectives of the audit and establishes a plan for conducting the audit.
This includes identifying the audit criteria, selecting the audit team, and
preparing the audit checklist.
2. Document review: The audit team reviews the QMS documentation to
assess its compliance with the relevant standards and regulations. This
includes reviewing policies, procedures, manuals, and other relevant
documents.
3. Onsite audit: The audit team visits the organization’s premises to observe
the QMS in action and verify its compliance with the relevant standards
and regulations. This includes interviewing key personnel, observing
processes, and reviewing records and data.
4. Reporting: The audit team prepares a report of their findings and provides
feedback to the organization on areas for improvement. The report
typically includes an executive summary, a description of the audit scope,
the audit findings, and recommendations for improvement.
5. Follow-up: The organization takes corrective action to address any non-
conformities identified during the audit. The audit team may conduct a
follow-up audit to verify that the corrective action has been implemented
effectively.
Benefits of QMS
1. Improved customer satisfaction: A well-functioning QMS ensures that
customer needs and expectations are met, which leads to increased
customer satisfaction and loyalty.
2. Better performance: An effective QMS helps organizations to improve
their processes, reduce waste, and increase efficiency, leading to better
business performance.
3. Compliance with regulations: A QMS audit ensures that an organization
is compliant with relevant regulations and standards, reducing the risk
of fines, penalties, and legal action.
4. Continuous improvement: A QMS audit identifies areas for
improvement, which enables organizations to continuously improve their
processes and achieve better outcomes.
A QMS audit is a critical tool for ensuring that an organization’s QMS is
effective, efficient, and compliant with relevant standards and regulations.
By conducting regular audits, organizations can continuously improve
their processes, meet customer needs, and achieve better business
performance.
333
ISO 9000 Quality
Management System 15.3 TYPES OF AUDIT
There are many different types of audits, each with a specific focus and
objective. Some of the most common types of audits include:
1. Financial audit: This type of audit examines an organization’s financial
statements to ensure that they are accurate and comply with generally
accepted accounting principles (GAAP).
For example an independent auditor may conduct a financial audit of a
company’s financial statements to ensure compliance with accounting
standards, and to provide assurance to shareholders and stakeholders on
the accuracy of the financial information presented.
2. Internal audit: An internal audit is conducted by an organization’s
internal audit department or a third-party provider to evaluate the
effectiveness of internal controls and identify areas for improvement.
3. Information technology (IT) audit: An IT audit focuses on an
organization’s information systems, networks, and infrastructure to ensure
that they are secure, reliable, and compliant with regulations and industry
standards. For example An IT auditor may conduct an IT audit of a
company’s computer network to ensure that security controls are in place
to protect confidential information from unauthorized access.
4. Compliance audit: A compliance audit examines an organization’s
compliance with laws, regulations, and industry standards, such as health
and safety regulations or environmental laws. For example a regulatory
agency may conduct a compliance audit of a manufacturing plant to ensure
that it is following environmental regulations, such as managing
hazardous waste and reducing air pollution
5. Operational audit: An operational audit focuses on an organization’s
operational processes to evaluate efficiency, effectiveness, and identify
areas for improvement. For example A consulting firm may conduct an
operational audit of a hospital’s emergency department to evaluate the
efficiency of processes, such as patient triage, and identify opportunities
for improvement.
6. Performance audit: A performance audit examines an organization’s
performance against established goals and objectives, such as cost
reduction or increased revenue. For example a government audit agency
may conduct a performance audit of a transportation department to assess
the efficiency and effectiveness of its road maintenance activities.
7. Forensic audit: A forensic audit investigates financial or operational
irregularities, such as fraud or embezzlement, and provides evidence that
can be used in legal proceedings. For example a forensic accountant may
conduct a forensic audit of a company’s accounting records to investigate
suspected fraud, such as embezzlement of company funds.
8. Social audit: A social audit assesses an organization’s social and
334 environmental impact and its efforts to address sustainability and
 corporate social responsibility. For example a non-profit organization Quality Auditing and
Certification
may conduct a social audit to assess its impact on the local community
and environment, and identify opportunities to improve its sustainability
and social responsibility practices.

15.4 AUDIT PLANNING

Audit planning is the process of preparing for an audit by defining the scope,
objectives, and approach of the audit. Proper planning is critical to the success
of an audit and ensures that the audit is conducted effectively and efficiently.
Here are the key steps in the audit planning process:
1. Establish the audit objectives and scope: The first step in audit planning
is to define the audit objectives and scope. This involves determining
what the audit is meant to achieve and what areas of the organization
will be audited.
2. Identify the audit criteria: Once the audit objectives and scope are
established, the next step is to identify the criteria against which the audit
will be conducted. The criteria could include industry standards,
regulations, policies and procedures, or best practices.
3. Define the audit team: The audit team should be selected based on their
skills, knowledge, and experience in the areas being audited. The team
should include auditors who are independent and free from conflicts of
interest.
4. Develop the audit plan: The audit plan outlines the approach to be taken
in the audit, including the audit methodology, procedures, and timeline.
The plan should be developed in consultation with key stakeholders and
approved by senior management.
5. Conduct a risk assessment: A risk assessment should be conducted to
identify the areas of the organization that are most vulnerable to risks
and prioritize the audit focus accordingly.
6. Gather information: The audit team should gather relevant information
about the organization, such as policies, procedures, and documentation,
to prepare for the audit.
7. Schedule the audit: The audit should be scheduled at a time that is
convenient for the organization and allows sufficient time for the audit
team to complete their work.
8. Communicate the audit plan: The audit plan should be communicated
to key stakeholders, including the auditor, management, and the audit
committee.
Effective audit planning ensures that the audit is conducted efficiently,
provides value to the organization, and achieves its objectives. It also
helps to establish a clear understanding between the audit team and the
auditor, and promotes transparency and accountability in the audit process.
335
ISO 9000 Quality
Management System 15.5 AUDIT PREPARATION
Audit preparation is the process of getting ready for an upcoming audit. It
involves gathering information, reviewing documents and procedures, and
ensuring that the organization is ready to be audited. Proper preparation can
help to ensure that the audit goes smoothly and can increase the chances of a
successful outcome. Here are some key steps in the audit preparation process:
1. Identify the audit requirements: The first step in audit preparation is
to identify the requirements of the audit. This involves understanding
the purpose and scope of the audit, as well as any relevant standards or
regulations.
2. Review past audits: It can be helpful to review past audits to identify
areas of weakness or improvement, and to ensure that any previous audit
findings have been addressed.
3. Assign responsibilities: It is important to assign responsibilities for the
audit preparation process, including identifying the individuals who will
be responsible for gathering and reviewing documentation, and ensuring
that all necessary parties are informed and involved.
4. Gather documentation: The audit team will likely require access to a
variety of documentation, including policies and procedures, contracts,
financial records, and other relevant materials. It is important to gather
all necessary documentation in advance of the audit.
5. Review procedures: It is important to review the organization’s
procedures and processes to ensure that they are in line with the
requirements of the audit, and to identify any potential areas of weakness
or non-compliance.
6. Conduct a mock audit: A mock audit can help to identify areas of
weakness or non-compliance and provide an opportunity to address them
prior to the actual audit.
7. Prepare the audit team: It is important to provide the audit team with
any necessary information or access, and to ensure that they are familiar
with the organization’s procedures and processes.
8. Schedule the audit: Once the organization is prepared for the audit, it is
important to schedule the audit at a time that is convenient for all parties
involved.
Effective audit preparation can help to ensure a successful audit and can
reduce the likelihood of surprises or unexpected findings during the audit
process. It also helps to promote transparency and accountability in the
audit process.

15.6 ROLE OF AUDIT IN TQM

Total Quality Management (TQM) is a management philosophy that aims to
336 continuously improve the quality of products and services by involving all
employees in the organization. Audits play a crucial role in TQM by providing Quality Auditing and
Certification
a systematic, objective, and independent evaluation of the organization’s
processes and systems, which helps to identify areas for improvement and
opportunities for enhancing quality.
Here are some of the key benefits of audits in TQM:
1. Ensuring compliance with standards and regulations: Audits help to
ensure that the organization is complying with relevant standards and
regulations, such as ISO 9001, which is a widely recognized standard for
quality management. This helps to ensure that the organization is
providing products and services that meet customer requirements and
are consistent with industry best practices.
2. Identifying areas for improvement: Audits help to identify areas where
the organization can improve its processes and systems. By identifying
these areas, the organization can implement corrective actions and
improve its overall quality, leading to increased customer satisfaction
and loyalty.
3. Promoting accountability: Audits help to promote accountability within
the organization by providing an objective evaluation of the organization’s
processes and systems. This helps to ensure that employees are aware of
their responsibilities and are held accountable for their actions, which
can increase employee motivation and engagement.
4. Providing feedback: Audits provide feedback to the organization on its
performance, which can help to guide decision-making and planning for
future improvements. This feedback can also be used to communicate
the organization’s performance to stakeholders, including customers,
suppliers, and investors.
5. Enhancing transparency: Audits promote transparency within the
organization by providing an independent evaluation of the organization’s
processes and systems. This can help to build trust with stakeholders and
demonstrate the organization’s commitment to quality.
Audits play a critical role in TQM by providing a systematic, objective,
and independent evaluation of the organization’s processes and systems.
Audits help to identify areas for improvement, promote accountability,
provide feedback, and enhance transparency, all of which contribute to
the organization’s overall quality and success.
Here are some specific examples of the importance of audits in Total Quality
Management (TQM):
1. Quality control: Audits play a key role in quality control by evaluating
the effectiveness of an organization’s quality management system. For
example, an audit may examine how the organization collects and analyzes
customer feedback, how it trains employees in quality control procedures,
and how it monitors and analyzes product defects. By identifying areas
for improvement, the audit helps the organization to implement changes
that enhance quality and improve customer satisfaction. 337
ISO 9000 Quality 2. Process improvement: Audits are also important in identifying
Management System
opportunities for process improvement. For example, an audit may
identify a process that is inefficient or that causes errors. By identifying
these issues, the organization can implement changes to streamline the
process and reduce errors, leading to improved quality and productivity.
3. Compliance: Audits can help an organization to ensure compliance with
regulatory requirements and industry standards. For example, an audit
may evaluate an organization’s compliance with ISO 9001, which is an
international standard for quality management. By ensuring compliance
with such standards, the organization demonstrates its commitment to
quality and can enhance its reputation with customers and stakeholders.
4. Risk management: Audits can also help an organization to manage risk.
For example, an audit may evaluate an organization’s supply chain and
identify areas where there may be a risk of disruption or delay. By
identifying these risks, the organization can develop contingency plans
to mitigate them, reducing the potential impact on quality and customer
satisfaction.
5. Continuous improvement: Finally, audits are essential to the continuous
improvement process that is central to TQM. Audits provide feedback
on the effectiveness of an organization’s quality management system,
identifying areas for improvement and opportunities for innovation. By
continuously monitoring and improving its quality management system,
the organization can enhance its competitiveness and position itself for
long-term success.

15.7 CERTIFICATION IN TQM

Certification refers to the process of evaluating an individual’s or
organization’s skills, knowledge, and competency in a particular field. It
involves meeting specific requirements, passing tests or assessments, and
receiving a certificate or license that verifies the individual’s or organization’s
proficiency in a given area. Certification can be voluntary or mandatory,
depending on the industry and the regulatory environment. In many cases,
certification is required by law or government regulations to ensure that
individuals or organizations have met certain standards and can safely and
effectively perform specific tasks.
Certification can provide many benefits to individuals and organizations, such
as increased credibility and trustworthiness, improved job prospects, and a
competitive advantage in the marketplace. It also serves as a way for
professionals to demonstrate their commitment to ongoing learning and
development in their field. The certification process typically involves
completing specific training or educational requirements, gaining relevant work
experience, and passing one or more exams. Some certifications may require
ongoing education or renewal to maintain the certification’s validity and
relevance.
Overall, certification plays a vital role in ensuring that individuals and
338 organizations have the necessary skills and knowledge to perform their roles
effectively and safely, and it serves as a valuable tool for advancing careers Quality Auditing and
Certification
and improving industry standards.Top of FormBottom of Form
Process of Certification
The process of certification in Total Quality Management (TQM) typically
involves the following steps:
1. Establishing a quality management system: Before seeking certification,
an organization must first establish a quality management system (QMS)
that meets the requirements of relevant standards or regulations, such as
ISO 9001. This involves defining processes, procedures, and policies for
quality control, as well as developing documentation and training programmes
to support these processes.
2. Pre-assessment: Prior to certification, the organization may undergo a
pre-assessment, also known as a readiness review or gap analysis. This
involves an independent evaluation of the organization’s QMS to identify
any areas where it may not meet the requirements of the relevant standard.
The pre-assessment helps the organization to identify and address any
deficiencies before the formal certification audit.
3. Certification audit: Once the QMS is established and any deficiencies
are addressed, the organization can schedule a certification audit. This
audit is conducted by an accredited third-party certification body and
typically involves a review of the organization’s processes, procedures,
and documentation to ensure that they meet the requirements of the
relevant standard. The audit may also include interviews with employees
to assess their understanding and implementation of the QMS.
4. Corrective actions: If any non-conformities are identified during the
audit, the organization must develop and implement corrective actions
to address them. The certification body will typically provide a deadline
for completing the corrective actions, after which a follow-up audit may
be conducted to verify that the actions were effective.
5. Certification: If the organization successfully completes the certification
audit and addresses any non-conformities, it is issued a certificate of
compliance with the relevant standard. The certification is typically valid
for a set period, such as three years, after which the organization must
undergo a recertification audit to maintain its certification.
The process of certification in TQM involves establishing a quality management
system that meets the requirements of relevant standards or regulations, undergoing
a pre-assessment to identify and address any deficiencies, scheduling and
completing a certification audit, addressing any non-conformities identified during
the audit, and finally, receiving a certificate of compliance. The certification
process helps to ensure that the organization is providing products and services
that meet customer requirements and are consistent with industry best practices.
Role of Certification
The role of certification in Total Quality Management (TQM) is to provide
339
ISO 9000 Quality independent verification that an organization has implemented a robust quality
Management System
management system (QMS) that meets the requirements of relevant standards
or regulations. Certification serves as a means of demonstrating the
organization’s commitment to quality and continuous improvement, as well
as enhancing its reputation with customers, suppliers, and other stakeholders.
Certification provides several benefits for organizations that adopt TQM
principles. These are as follows:
• Demonstrating commitment to quality: Certification provides evidence
that the organization is committed to meeting customer requirements and
industry standards for quality management. This helps to build trust with
customers, suppliers, and other stakeholders.
• Improving competitiveness: Certification can help to differentiate the
organization from competitors by demonstrating its commitment to quality
and its ability to consistently provide products and services that meet
customer requirements.
• Enhancing efficiency: By implementing a QMS that meets the
requirements of relevant standards, the organization can improve its
processes and procedures, leading to greater efficiency and reduced waste.
• Mitigating risk: Certification can help the organization to identify and
mitigate risks related to quality, compliance, and other areas of the
business. This can help to protect the organization from legal and
reputational risks.
• Supporting continuous improvement: Certification requires the
organization to continuously monitor and improve its QMS, leading to
ongoing improvements in quality and efficiency.
Overall, certification plays a crucial role in TQM by providing independent
verification that an organization has implemented a robust QMS that meets
the requirements of relevant standards or regulations. This helps to build trust
with customers and other stakeholders, enhance competitiveness, improve
efficiency, mitigate risk, and support continuous improvement.
Disadvantages of certification in TQM
While certification in Total Quality Management (TQM) offers many benefits,
there are also some potential disadvantages that organizations should be aware
of these include:
• Cost: Certification can be expensive, particularly for small or medium-
sized organizations. Costs may include training, consulting, auditing, and
certification fees. The cost of maintaining certification can also be
significant.
• Time: The certification process can be time-consuming, particularly for
organizations that are new to TQM. It may take several months or even
years to develop and implement a robust QMS, undergo a pre-assessment,
and complete the certification audit.
340
• Focus on compliance rather than improvement: Some organizations Quality Auditing and
Certification
may become too focused on meeting the requirements of the relevant
standard and maintaining certification, rather than on continuous
improvement. This can lead to a “check the box” mentality, where the
organization is more concerned with passing the audit than with making
meaningful improvements to its processes and procedures.
• Lack of flexibility: The requirements of the relevant standard may not
be well-suited to the organization’s unique needs or business model. This
can lead to a rigid, inflexible QMS that does not allow for innovation or
adaptation.
• Limited scope: Certification typically only covers a specific scope, such
as a particular product line or business unit. This can limit the
organization’s ability to apply TQM principles across the entire
organization.
• False sense of security: Certification does not guarantee that the
organization is providing high-quality products or services. It only verifies
that the QMS meets the requirements of the relevant standard.
Organizations may become complacent and assume that certification alone
is sufficient to ensure quality, rather than continuing to focus on
continuous improvement.
Overall, while certification in TQM can provide many benefits, organizations
should also be aware of the potential disadvantages and carefully consider
whether certification is the right choice for their unique needs and
circumstances.

15.8 EXCELLENCE IN TQM

Total Quality Management (TQM) is a management approach that aims to
achieve excellence in all aspects of an organization by focusing on continuous
improvement, customer satisfaction, and employee involvement. The
fundamental concepts of excellence in TQM include the following:
• Customer Focus: TQM places a strong emphasis on understanding and
meeting customer needs and expectations. By focusing on customer
satisfaction, organizations can improve product and service quality,
increase customer loyalty, and gain a competitive advantage.
• Continuous Improvement: TQM is a continuous process of improvement
that involves identifying opportunities for improvement, implementing
changes, and monitoring results. This approach allows organizations to
continually enhance their products, services, and processes, leading to
greater efficiency and effectiveness.
• Employee Involvement: TQM emphasizes the importance of involving
employees in all aspects of the organization. By empowering employees
to make decisions and providing them with the necessary training and
resources, organizations can improve employee satisfaction, motivation,
and performance.
341
ISO 9000 Quality • Leadership: Leadership is a critical component of TQM. Effective leaders
Management System
provide a clear vision, establish a culture of excellence, and create an
environment that supports continuous improvement and employee
involvement.
• Process-Oriented Approach: TQM emphasizes a process-oriented
approach to management, where all activities are viewed as part of a
larger system. By focusing on processes rather than individual tasks,
organizations can identify opportunities for improvement and optimize
their overall performance.
• Data-Driven Decision Making: TQM emphasizes the use of data and
facts to inform decision making. By collecting and analyzing data on
key performance indicators, organizations can identify areas for
improvement, make informed decisions, and measure the impact of their
actions.
• Partnerships and Collaboration: TQM emphasizes the importance of
building partnerships and collaborating with suppliers, customers, and
other stakeholders. By working together, organizations can improve
quality, reduce costs, and enhance overall performance.
The fundamental concepts of excellence in TQM are customer focus,
continuous improvement, employee involvement, leadership, process
orientation, data-driven decision making, and partnerships and collaboration.
These concepts are essential to achieving excellence in all aspects of an
organization and creating long-term success.
Drawbacks of excellence
While striving for excellence can have many benefits for organizations, there
are also some potential drawbacks to consider. These include:
• Perfectionism: An excessive focus on excellence can lead to a culture
of perfectionism, where employees feel pressure to constantly achieve
unrealistic standards. This can lead to burnout, stress, and a negative
work environment.
• Tunnel vision: An overemphasis on excellence in one area can lead to a
narrow focus on that area, while neglecting other important aspects of
the organization. This can lead to blind spots and missed opportunities
for improvement.
• Cost: Pursuing excellence can be expensive, particularly if it involves
significant investments in training, technology, or other resources. This
can strain an organization’s finances and limit its ability to invest in other
areas.
• Unrealistic expectations: Pursuing excellence can set unrealistic
expectations for the organization and its employees. If expectations are
not met, it can lead to disappointment, disillusionment, and a loss of
motivation.

342
• Overemphasis on competition: An emphasis on excellence can lead to Quality Auditing and
Certification
a hypercompetitive environment, where employees and organizations are
constantly comparing themselves to others. This can lead to a focus on
outperforming others rather than meeting the needs of customers and
stakeholders.
• Lack of balance: An excessive focus on excellence can lead to a lack of
balance in an organization, where other important aspects of
organizational life such as work-life balance, employee well-being, or
social responsibility are neglected.
While excellence is an important goal for organizations, it is important to
strike a balance between excellence and other important aspects of
organizational life. Organizations should carefully consider the potential
drawbacks of pursuing excellence and work to mitigate these risks.
Advantages of excellence
Pursuing excellence in all aspects of an organization can have many
advantages. Some of the key benefits include:
• Improved quality: Pursuing excellence can lead to improvements in
product and service quality, as organizations strive to meet or exceed
customer expectations. This can lead to increased customer satisfaction,
loyalty, and retention.
• Increased efficiency: A focus on excellence can lead to improvements
in processes and procedures, resulting in greater efficiency and
productivity. This can help organizations to reduce costs, improve
profitability, and gain a competitive advantage.
• Innovation: Pursuing excellence can encourage innovation, as
organizations seek new and better ways to meet customer needs and
improve performance. This can lead to the development of new products,
services, and processes, as well as new opportunities for growth and
expansion.
• Employee engagement: A focus on excellence can help to engage
employees, as they are encouraged to participate in decision-making, take
ownership of their work, and contribute to the overall success of the
organization. This can lead to greater job satisfaction, motivation, and
retention.
• Reputation: Pursuing excellence can enhance an organization’s
reputation, as it demonstrates a commitment to quality, innovation, and
continuous improvement. This can help to attract new customers, partners,
and employees, and can lead to greater trust and loyalty from existing
stakeholders.
• Strategic alignment: A focus on excellence can help to align an
organization’s activities and goals with its overall mission and values.
This can lead to greater clarity and direction, as well as improved decision-
making and resource allocation.
343
ISO 9000 Quality Pursuing excellence can have many advantages for organizations, including
Management System
improved quality, increased efficiency, innovation, employee engagement,
reputation, and strategic alignment. These benefits can help organizations to
achieve long-term success and create value for all stakeholders.

15.9 QUALITY AWARDS

Quality awards are recognition programmes that are designed to acknowledge
and promote excellence in quality management practices. These awards are
typically sponsored by government agencies, professional associations, or
private organizations, and are open to businesses, organizations, and
individuals who demonstrate exceptional performance in quality management.
There are several quality awards that are recognized internationally, including:
1. Deming Prize: This award is named after Dr. W. Edwards Deming, who
is considered one of the fathers of modern quality management. The
Deming Prize is awarded annually to companies that demonstrate
excellence in quality management practices, including a focus on customer
needs, continuous improvement, and employee involvement.
2. Malcolm Baldrige National Quality Award: This award is presented
by the U.S. government to businesses that demonstrate outstanding
performance in seven key areas: leadership, strategic planning, customer
focus, measurement, analysis and knowledge management, workforce
focus, operations focus, and results.
3. European Quality Award: This award is presented by the European
Foundation for Quality Management to organizations that demonstrate
excellence in quality management practices, including a focus on customer
needs, employee involvement, and continuous improvement.
4. Australian Business Excellence Awards: This award is presented by
the Australian government to businesses that demonstrate excellence in
seven key areas: leadership, strategy and planning, customer focus,
measurement and knowledge management, workforce focus, operations,
and results.
5. Canadian Awards for Excellence: This award is presented by Excellence Canada
to organizations that demonstrate excellence in four key areas: leadership,
customer focus, people engagement, and process improvement.
These quality awards are prestigious recognitions that organizations can strive
for to demonstrate their commitment to excellence in quality management
practices. They can also provide valuable feedback and insights for
organizations to improve their processes, operations, and results.
Indian Quality Awards
India has two major quality awards that are recognized nationally and
internationally. These awards are the Rajiv Gandhi National Quality Award
(RGNQA) and the Quality Council of India-DL Shah National Quality Award
(QCI-DL Shah Award).
344
The Rajiv Gandhi National Quality Award (RGNQA) was instituted in 1991 Quality Auditing and
Certification
by the Bureau of Indian Standards (BIS) in honor of former Indian Prime
Minister, Rajiv Gandhi. The RGNQA recognizes Indian organizations that
have demonstrated excellence in their quality management practices. The
criteria for the award are based on the Malcolm Baldrige National Quality
Award and are focused on seven categories: leadership, strategic planning,
customer focus, measurement, analysis and knowledge management,
workforce focus, process management, and results.
The Quality Council of India-DL Shah National Quality Award (QCI-DL Shah
Award) was instituted in 2007 by the Quality Council of India (QCI) and the
DL Shah Trust. The QCI-DL Shah Award recognizes Indian organizations
that have demonstrated excellence in their quality management practices. The
criteria for the award are based on the European Foundation for Quality
Management (EFQM) Excellence Model and are focused on nine categories:
leadership, strategy, people, partnerships and resources, processes, products
and services, customer results, people results, and society results.
Both the RGNQA and the QCI-DL Shah Award are prestigious awards that
can provide valuable feedback and recognition for organizations that
demonstrate excellence in quality management practices. The awards are open
to organizations in all sectors and industries, including manufacturing, service,
healthcare, education, and non-profit organizations. The award process
includes a comprehensive evaluation of an organization’s quality management
practices, including site visits, interviews, and assessments by a panel of
experts.
Winning these awards can provide significant benefits to organizations,
including enhanced brand recognition, improved customer confidence,
increased employee morale, and a competitive advantage in the marketplace.
Advantages of quality awards
There are several advantages of quality awards for organizations that choose
to participate in these programmes:
• Recognition and prestige: Quality awards provide recognition and
prestige for organizations that demonstrate excellence in quality
management practices. Winning a quality award can enhance an
organization’s reputation, increase brand recognition, and help attract
customers and stakeholders.
• Competitive advantage: Winning a quality award can provide a
competitive advantage for organizations in their respective industries. It
can differentiate them from competitors and demonstrate a commitment
to excellence in quality management practices.
• Feedback and benchmarking: The evaluation process for quality awards
provides valuable feedback to organizations on their quality management
practices. This feedback can help identify areas for improvement and
provide benchmarks for comparison with other organizations.

345
ISO 9000 Quality • Continuous improvement: Participating in quality awards can motivate
Management System
organizations to continuously improve their quality management
practices. The evaluation process can identify areas for improvement,
and winning an award can serve as a benchmark for further improvement.
• Employee motivation: Winning a quality award can boost employee
morale and motivation. Employees are often proud to be associated with
an organization that has won a quality award, and it can increase their
sense of ownership and commitment to the organization’s goals and
objectives.
• Increased customer confidence: Winning a quality award can increase
customer confidence in an organization’s products or services. Customers
are often more likely to trust organizations that have demonstrated
excellence in quality management practices.
Quality awards can provide significant benefits for organizations that choose
to participate in these programmes. They can enhance an organization’s
reputation, provide a competitive advantage, motivate employees, and drive
continuous improvement in quality management practices.
Disadvantages of quality awards
While quality awards can provide significant benefits for organizations, there
are also some potential disadvantages to consider:
• Cost: Participating in quality awards can be expensive for organizations.
There are often fees associated with applying for the award, and the
evaluation process may require significant time and resources.
• Focus on compliance: Organizations may become too focused on meeting
the criteria for the quality award, rather than focusing on their own unique
quality management practices and processes.
• Limited scope: The evaluation process for quality awards may only focus
on certain aspects of an organization’s quality management practices,
and may not capture the full picture of an organization’s strengths and
weaknesses.
• Benchmarking limitations: While benchmarking against other
organizations can be valuable, organizations may become too focused
on comparing themselves to others, rather than focusing on their own
unique strengths and weaknesses.
• Overemphasis on winning: Organizations may become too focused on
winning the quality award, rather than focusing on continuous
improvement and striving for excellence.
• Risk of complacency: Winning a quality award may lead to complacency
within an organization, with employees becoming less motivated to
continuously improve their quality management practices.
It is important for organizations to carefully consider the potential advantages
and disadvantages of quality awards before deciding to participate in these
346
programmes. While quality awards can provide valuable feedback and Quality Auditing and
Certification
recognition, organizations should also ensure that they remain focused on
their own unique quality management practices and goals, and not become
overly focused on winning the award.
It is not necessary for an organization to have quality awards to achieve success
in quality management. Quality awards are voluntary programmes that
organizations can choose to participate in, and they are not a requirement for
achieving excellence in quality management practices. However, quality
awards can provide valuable recognition and feedback for organizations that
choose to participate in these programmes. Winning a quality award can
enhance an organization’s reputation, provide a competitive advantage, and
motivate employees to continue striving for excellence.
Furthermore, participating in a quality award programme can help an
organization benchmark its quality management practices against other
organizations in the same industry or sector. This benchmarking can provide
valuable insights into areas where an organization can improve and can help
drive continuous improvement. While quality awards are not necessary for
an organization to achieve success in quality management, they can provide
valuable benefits for those organizations that choose to participate in these
programmes. Organizations should carefully consider the potential advantages
and disadvantages of quality awards before deciding to participate in these
programmes.
Quality awards play an important role in Total Quality Management (TQM)
by providing a framework for evaluating an organization’s performance in
quality management practices. Quality awards can provide a benchmark for
an organization’s quality management practices, and they can provide valuable
feedback to help identify areas for improvement.
Winning a quality award can also enhance an organization’s reputation, provide
a competitive advantage, and motivate employees to continue striving for
excellence in quality management practices. It can help an organization stand
out in its industry or sector and demonstrate a commitment to continuous
improvement.
Furthermore, participating in quality award programmes can help organizations
benchmark their quality management practices against other organizations in
the same industry or sector. This benchmarking can provide valuable insights
into areas where an organization can improve and can help drive continuous
improvement.
Quality awards can also provide a framework for recognizing and sharing
best practices in quality management. Organizations that participate in quality
awards can learn from each other and share best practices in quality
management practices, which can lead to continuous improvement and
innovation. Quality awards play an important role in TQM by providing a
framework for evaluating an organization’s performance in quality
management practices, benchmarking against other organizations, recognizing
best practices, and motivating employees to continue striving for excellence.
347
ISO 9000 Quality Here are some examples of popular national and international quality awards:
Management System
• Malcolm Baldrige National Quality Award (USA) - This is the highest
level of national recognition for performance excellence in the United States.
The award is presented annually by the President of the United States.
• European Foundation for Quality Management (EFQM) Excellence
Award (Europe) - This is one of the most prestigious quality awards in
Europe, and it recognizes organizations that have demonstrated excellence
in quality management practices.
• Deming Prize (Japan) - This is a highly regarded award for quality
management in Japan, named after W. Edwards Deming, who is credited
with helping to revitalize Japan’s post-war economy.
• Australian Business Excellence Awards (Australia) - These awards
recognize Australian organizations that have achieved outstanding results
through a commitment to excellence in quality management practices.
• Dubai Quality Award (United Arab Emirates) - This award is presented
to organizations in Dubai that have demonstrated excellence in quality
management practices.
• Singapore Quality Award (Singapore) - This award recognizes Singapore
organizations that have achieved excellence in quality management practices.
• Canadian Awards for Excellence (Canada) - These awards recognize
Canadian organizations that have achieved outstanding results through a
commitment to excellence in quality management practices.
• South African Quality Institute (SAQI) Awards (South Africa) - These
awards recognize South African organizations that have achieved excellence
in quality management practices.
• Mexican National Quality Award (Mexico) - This award recognizes
Mexican organizations that have demonstrated excellence in quality
management practices.
• India Quality Award (India) - This award recognizes Indian organizations
that have achieved excellence in quality management practices.

15.10 SUMMARY
Quality auditing and certification are important components of Total Quality
Management (TQM). A quality audit is a systematic, independent, and documented
process that evaluates an organization’s quality management system (QMS) to
ensure it meets the requirements of relevant quality standards. Quality certification,
on the other hand, is the process of verifying and documenting that an
organization’s QMS meets the requirements of a specific quality standard, such
as ISO 9001.
Auditing is an essential tool for identifying areas for improvement in an
organization’s QMS. By conducting regular audits, an organization can identify
opportunities to improve processes and procedures, reduce waste and
348 inefficiencies, and improve overall quality. Audits also provide a valuable
opportunity to monitor compliance with regulatory requirements, industry Quality Auditing and
Certification
standards, and best practices in quality management.
The audit process typically involves four phases: planning, preparation, execution,
and reporting. During the planning phase, the audit team defines the scope and
objectives of the audit, identifies the audit criteria, and selects the audit team
members. During the preparation phase, the audit team reviews documentation,
prepares checklists, and schedules interviews with relevant personnel. During
the execution phase, the audit team conducts interviews, observes processes, and
collects data. Finally, during the reporting phase, the audit team analyzes the data
collected, prepares a report of findings and recommendations, and presents the
report to management for review.
Certification is a process that verifies and documents that an organization’s QMS
meets the requirements of a specific quality standard, such as ISO 9001.
Certification is typically conducted by a third-party certification body that is
accredited by a recognized accreditation body. The certification process involves
an initial assessment of the organization’s QMS, followed by ongoing surveillance
audits to ensure that the QMS continues to meet the requirements of the standard.
Certification provides several benefits to an organization. It demonstrates a
commitment to quality and provides a competitive advantage in the marketplace.
Certification can also provide access to new markets, as many customers require
their suppliers to be certified to specific quality standards. Certification also helps
to ensure that an organization’s QMS is robust and effective, leading to improved
performance and customer satisfaction.
However, there are also some disadvantages to certification. Certification can be
costly, both in terms of time and money. Some organizations may focus solely on
meeting the requirements of the standard, rather than on improving overall quality.
Certification may also create a false sense of security, leading to complacency
and a lack of ongoing improvement.
In conclusion, quality auditing and certification are important components of
TQM. Auditing provides a valuable opportunity for organizations to identify areas
for improvement in their QMS, while certification demonstrates a commitment
to quality and can provide a competitive advantage in the marketplace. However,
organizations should be aware of the potential drawbacks of certification and
ensure that their focus remains on continuous improvement and overall quality,
rather than just meeting the requirements of the standard.

15.11 KEY WORDS

Quality audit : is a systematic, independent, and documented process that
evaluates an organization’s quality management system
(QMS) to ensure it meets the requirements of relevant quality
standards.
Certification : is a process that verifies and documents that an organization’s
QMS meets the requirements of a specific quality standard,
such as ISO 9001.
349
ISO 9000 Quality
Management System 15.12 SELF ASSESSMENT QUESTIONS
1. What is quality audit and what is its purpose?
2. What are different types of audit? Explain.
3. Who is the quality system audit
4. What are the main aspects of quality system audit planning?
5. What is certification?
6. What are the main steps involved in quality management system
certification?
7. What are the essential aspects that should be included in the audit report?
8. What is accreditation system

15.13 FURTHER READINGS

• Besterfield, D. H., Besterfield, C., Besterfield, G. H., Besterfield, M.,
Urdhwareshe, H., &Urdhwareshe, R. (2011). Total Quality Management
(TQM) 5e (5ed ed.). Pearson Education India.
• Charantimath, P. M. (2017). Total Quality Management. Pearson India.
• Dale, B. G., Bamford, D., & Van Der Wiele, T. (2016). Managing Quality:
An Essential Guide and Resource Gateway. John Wiley & Sons.
• Hoyle, D. (2017). ISO 9000 Quality Systems Handbook: Updated for the
ISO 9001 - 2015 Standard - Increasing the Quality of an Organization’s
Outputs
• Sreenivasan, N. S. (2007). Managing Quality: Concepts and Tasks. India:
New Age International (P) Limited.

350