The integration of the policy in an integrated management system is the most useful and efficient for an organization. You can integrate the three policies (quality ISO 9001: 2015, environment ISO 14001: 2015 and safety and health ISO 45001: 2018) in a single document. I will answer the following questions: What requirements does each standard set forth with respect to the company’s policy? How should the document be? How do we integrate them?
This document must contain all the requirements set out in each of the regulations that we want to integrate. In our case they will be ISO 9001: 2015 (quality management), ISO 14001: 2015 (environmental management) and ISO 45001: 2018 (health and safety management of SST workers).
If we are able to integrate the three policies into a single document, we will be spared having to control, code and manage two other documents.
We have to ensure that, in the different paragraphs written, collect all the requirements that each of the rules in each section. You can take advantage of the structure of the quality policy based on ISO 9001, and add paragraphs that compile the requirements of the other two standards.
What requirements does each standard set out regarding the company’s policy?
First of all, I will name the different requirements that each standard requires.
According to ISO 9001: 2015
Top management must establish a quality policy that:
a) is appropriate to the purpose and context of the organization and supports its strategic direction;
b) provides a framework for establishing quality objectives;
c) includes a commitment to comply with the applicable requirements, and
d) includes a commitment to continuous improvement of the quality management system.
The quality policy shall:
a) will be available as documented information;
b) be communicated, understood and applied within the organization;
c) be available to interested parties, as appropriate.
NOTE Principles of Quality Management can be used as a basis for quality policy.
According to ISO 14001: 2015
The senior management must establish, implement and maintain the environmental policy that, within the defined scope of its environmental management system:
a) is appropriate to the purpose of the organization’s context, including the nature, magnitude and environmental impacts of its activities, products and services.
b) provide a framework for the establishment of environmental objectives;
c) include a commitment for the protection of the environment, including the prevention of pollution, and other specific commitments relevant to the context of the organization;
Other specific commitments to protect the environment may include the sustainable use of resources, the mitigation and adaptation of climate change and the protection of biodiversity and ecosystems.
d) include a commitment to comply with legal requirements and other requirements;
e) include a commitment to continuous improvement of the environmental management system to improve environmental performance.
The environmental policy must:
– Keep as documented information;
– Communicate within the organization;
– Be available to interested parties.
According to ISO 45001: 2018
The Directorate must establish, implement and maintain a policy regarding worker safety and health, consulted by workers at all levels of the organization.
Top management must commit to:
provide safe and healthy working conditions for the prevention of damage and deterioration of health;
it must be appropriate to the purpose of the organization’s context and the nature of the risks and opportunities in terms of safety and health;
It provides a framework for setting workers’ health and safety objectives;
satisfy applicable legal requirements and other requirements;
control the risks for OSH using the priorities of the controls;
the continuous improvement of the OSH management system to improve the performance of the organization’s OSH;
the participation of workers or representatives of workers in the different processes where the safety and health management system applies.
The health and safety policy:
a) will be available as documented information;
b) be communicated within the organization;
c) be available to interested parties, as appropriate; Y
d) be revised for its continuous adaptation.
Although all commitments are important, some stakeholders have a special interest in the organization’s commitment to meet its applicable legal requirements. This International Standard specifies several requirements related to this commitment. In this aspect, I will make an article explaining in detail the requirement.
These requirements include the need to:
– determine the applicable legal requirements;
– make sure that the operations are carried out
– according to these legal requirements,
– assess compliance with legal requirements,
– correct non-conformities.
How should the document be? The company policy must be a direct and easy to understand document for everyone. If we do it with complicated, dense and repetitive vocabulary, we can find several disadvantages:
– that most people will not end up reading it, and it is important that all the interested parties (workers, clients, suppliers …) know the commitments and values of the organization.
– That the auditors (external audits of certification) do not locate easily and clearly the different requirements of the reference norms, being able to identify some incidence in the document and being reflected as non-conformity.
– the policy of the company does not stop being a letter of presentation of the organization. It is necessary to take care of the image of the company, with what must be a well written document. Of course, the document must be integrated into the company’s management system.
As you already know in the new reference standards, the preparation of a Manual is not required, simply the evidence must be collected in documents called “documented” information. As such, they must be identified, coded and controlled. As I always tell you, the fact that the standard does not require a Quality Manual, does not mean that you do not have it. In particular, it is a document that I maintain, since it structures the documentary system, and I can pick up on it, some of the requirements of the rules, such as the definition of the organization, the scope, exclusions …
You can do it as you want, as long as it is coherent and well structured, and you know how to identify the evidences of the different requirements of the standard, and to maintain a correct identification and traceability of the documents. How do we integrate them? In the following image, we can compare the requirements of each of the rules in terms of the content of the policy of the company in each of the aspects, in this way it will be easier to integrate them into the document, thus avoiding repetitive paragraphs.
Once we have all the clear requirements, we can begin to write, and do so by merging all those points they have in common. For example, if in all cases there is a requirement to improve the management system, with only one time, if specifying each of the three systems is sufficient.
A very frequent question that they ask me, is if in the document, you can list the different requirements of each rule separately, as I have put it at the beginning of the article.
The answer is that you can do it as you wish, but as I have said, this document is a letter of presentation of the company, and by image it is convenient, that you make a minimum wording of the same, so that it looks nice.