Commmon ISO 14001 Nonconformances Written By Third Party Auditors

This chart shows the distribution of common nonconformances by percentage across 5 standards – ISO 9001, ISO 14001, ISO 45001, AS9100 and IATF 16949

In Part 2 of our series on common nonconformances, we take a closer look at those findings that are specific to ISO 14001 and Environmental Management Systems (EMS). The ISO 14001:2015 standard provides a framework to manage the immediate and long-tern environmental impacts of an organizations’ products, services and processes. 

Certification Body, SAI Global recently shared their analysis of nonconformities written by their third-party auditors over the last several years. These are what they identified as the most frequently occurring nonconformities in the ISO 14001 standard by clause.

8.1  Operational Planning and Control

• Operating criteria are not adequately defined for processes, activities, and services with significant aspects
• Change control process does not include review/approval from individuals with environmental competency
• Organization does not follow the hierarchy of controls
• Outsourced processes are not considered as part of the scope of the EMS
• No objective evidence of consideration of the application of life cycle to the processes, products or services provided by or on behalf of the organization
• Environmental requirements are not communicated to external providers
• Contractors performing on-site work are not made aware of environmental requirements

8.2  Emergency Preparedness and Response

• No emergency plan for situations identified during environmental aspect evaluation as emergency situations
• No evidence of drills to test the emergency plans for each identified potential emergency
• Lack or no evidence of evaluation of adequacy of emergency plans after a drill or actual incident
• Information in the emergency response plan is not current

7.2  Competence

• Incomplete or no records of training of contract personnel/temporary personnel performing work on environmental requirements of their work activities
• No training of personnel on environmental aspects of assigned work and the EMS in general
• Lack of understanding of how an individual’s work activities impact the environmental performance of the organization
• Documented information of competency determinations are not retained or complete

9.3  Management Review

• Lack of evidence to demonstrate all required topics were discussed (review of significant aspects, environmental performance, etc.) to determine suitability, adequacy and effectiveness of the EMS
• Incomplete or no evidence of follow-up on action items from previous meetings
• No evidence of assessment of effectiveness of actions taken to address identified environmental risks
• Focus on compliance with regulatory requirements and not the EMS

9.1.2  Evaluation of Compliance

• Compliance evaluation not completed in the scheduled timeframe
• Compliance evaluation report only identified areas of noncompliance, but no information to determine if the entire EMS was evaluated
• Insufficient evidence to demonstrate the entire regulatory list was evaluated for compliance
• Records of interim evaluations/inspections of compliance obligations were incomplete or not performed
• No evidence of noncompliance items entered into the corrective action system
• Not sharing the complete audit report with the auditors

6.1.2  Environmental Aspects

• Aspects are considered at a very high level from a generic perspective
• Aspect evaluation process is not consistently applied throughout the organization
• New, temporary, transient or alternative activities are not considered for aspect evaluation
• Aspect list is not reviewed when a change is made or on any set frequency
• Abnormal and emergency situations are not evaluated
• Aspect list is not validated against actual environmental performance of the organization
• Confusion on aspects (cause) and impacts (effects)
• Not identifying positive or beneficial aspects of an organization’s operations

6.1.3  Compliance Obligations

• Regulatory register/list of applicable compliance obligations was not created or is not maintained
• Regulatory register/list is not complete/missing regulatory, or other interested party or corporate requirements
• No access to the applicable regulatory requirements
• No process to keep updated on new or revised regulatory requirements which have potential to impact operations
• No process to ensure suppliers meet customer requirements

9.1  Monitoring, Measurement, Analysis and Evaluation

• Monitoring and measurement of process controls containing significant aspects are not being consistently performed
• Criteria to determine environmental performance has not been defined
• Monitoring and measurement equipment used for environmental measurements are not calibrated or records of calibrations are not complete
• Defined measurements are not adequate or insufficient to demonstrate improvements in environmental performance over time

7.5  Documented Information

• Documented information is not available at the point of use or to personnel needing to use it
• Forms/checklists are used which are not under document control
• External documents (environmental permits) are not in the document control system

When a nonconformity occurs, the organization must take action to control and correct it and mitigate adverse environmental impacts.  It is also important to eliminate the causes of the nonconformity so that it does not recur or happen elsewhere.  Implement corrective action if needed and review its effectiveness, making changes to the EMS if necessary.  Note that corrective actions shall be appropriate to the significance of the effects of the nonconformities, including the environmental impacts.

While there are overlapping requirements between different management system standards, findings like these, whether written as majors or minors, are common.  ISO 9001, which was covered in Part 1 of our nonconformance series, applies the framework developed by ISO to improve alignment among the other international standards for management systems.   In our next segments, IATF 16949, AS9100 and ISO 45001, each with their own unique requirements, will be examined in more detail.

SimpleQuE is a leader in AS, IATF and ISO consulting, auditing and training.  Contact us for a consult and see the difference that our experts can bring to your quality management process.

If you’re not sure your system is up-to-speed, simpleQuE offers certification readiness audits that are performed prior to a surveillance or initial Certification Body (CB) audit to be sure that your quality management system and team are ready. In addition, 2nd party internal audits can be conducted by our experts to be sure your system is maintained to these standards.  Contact us for information about our services and on-site customized training classes for Root Cause Analysis and Problem Solving, Process Ownership, Internal Auditor and more.