INTEGRATED MANAGEMENT SYSTEM (IMS) MANUALsiscol.in/static/dist/pdf/siscol-ims-manual.pdfRev. No....
Transcript of INTEGRATED MANAGEMENT SYSTEM (IMS) MANUALsiscol.in/static/dist/pdf/siscol-ims-manual.pdfRev. No....
Integrated Management System Page 1 of xx EFF. DT. : 1stJune, 2011
REV NO: 00 DOC NO: LNTP/IMS
MANAGEMENT SYSTEM
PREPARED BY
REVIEWED BY APPROVED BY
Head Office: 806, Kailash Building, 26 K G Marg, New Delhi - 110 001, INDIA Manufacturing Setup: Bhilai, Chattisgarh, INDIA and Design Office: Bangalore, INDIA
INTEGRATED MANAGEMENT SYSTEM (IMS) MANUAL
(QMS, EMS & OHSAS and ISMS)
QMS
Vinod Srinivasa V K Bansal V K Bansal EMS & OHSAS
ISMS 31.01.2018 03.02.2018 05.02.2018
Ravi Uppal
Chairman & Managing Director 06.02.2018
AUTHORISED BY
Doc. No.: SISCOL-IMS-MANUAL Rev. No.: 00
Eff. Dt.: 6th February, 2018
IMS MANUAL AMENDMENT HISTORY
Page 2 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.2 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
AMENDMENT HISTORY
Rev. No. Date Remarks A 31.01.2018 Issued for Review/Comments 00 06.02.2018 Issued for Implementation
IMS MANUAL TABLE OF CONTENTS
Page 3 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.3 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Chapter
No. Content Page
No 0.1 Cover Page 01
0.2 Amendment History 02
0.3 Table of Contents 03
0.4 Manual Authorization 04
0.5 Abbreviations 05 – 06
0.6 Mapping of Clauses 07 - 10
1 Introduction 11 – 13
2 Administration of Manual 14 – 15
3 IMS Policy 16
4 Context of the Organization 17 – 20
5 Leadership 21 – 25
6 Planning 26 – 32
7 Support 33 – 41
8 Operation 42 – 60
9 Performance Evaluation 61 – 68
10 Improvement 69 – 72
Annexure A List of Documented Information 73 - 74
Annexure B
Common Processes
B.1. Control of Documented Information (LNTP-CP-01) 75 – 79 B.2. Risk and Opportunity Identification, Assessment,
Implementation and Reviewing effectiveness (LNTP-CP-02) 80 – 84
B.3. Internal Audit (LNTP-CP-03) 85 – 89
B.4. Non-Conformance & Corrective Action (LNTP-CP-04) 90 – 95
B.5. Competence Development (LNTP-CP-05) 96 – 99
B.6. Management Review Meeting (LNTP-CP-06) 100 – 104
B.7. Objective Setting (LNTP-CP-07) 105 – 108
Annexure C Terms & Definitions 109 - 118
IMS MANUAL AUTHORIZATION
Page 4 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.4 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
IMS Manual Authorization SISCOL is engaged in the design, engineering, manufacturing, logistics, erection and project management of structural steel based solutions for varied infrastructural sectors. To meet the customer’s requirements and ensure systematic working, guidelines have been described in this manual. This Integrated Management System (IMS) Manual bears the authorization of the undersigned. This IMS Manual describes the Quality, Environment, Occupational, Health & Safety and Information Security Management Systems’ requirements adopted by SISCOL and has been formulated as per the requirements of ISO 9001:2015, ISO 14001:2015, OHSAS 18001:2007 and ISO 27001:2013. All Directors and Functional Heads are responsible for ensuring compliance with the requirements mentioned in this manual. They have the authority to form an appropriate organization for discharging their functions, responsibilities and resolving non-conformities within their departments. Chairman & Managing Director designates Head – Quality, EHS & Training as Management Representative (MR) for IMS. The MR has the organizational freedom and responsibility to:
Implement and maintain this manual with the objective of continual improvement and to prevent non-conformities
Assess the compliance through internal audits and identify non-conformities, to initiate necessary corrective action with the involvement and support of all the relevant functions, monitor and verify the same; for ensuring improvement in organizational processes
Provide feedback to the Management about the performance of the Integrated Management System
The Management Representative has the authority to stop any work which is not in accordance with this manual and/or the specified requirements. New Delhi Date: 06.02.2018
Ravi Uppal Chairman & Managing Director
IMS MANUAL ABBREVATIONS
Page 5 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.5 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
ABBREVATIONS
4S Systems, Spirit, Simplicity &
Speed MRM Management Review Meeting
ALARP As Low As Reasonably Practicable MS Management Systems
BD&M Business Development &
Marketing MSDS Material Safety Data Sheet
BOM Bill of Materials NC Non Conformity CA Corrective Action NCR Non Conformity ReportCFT Cross Functional Team OCP Operating Control Procedure CMD Chairman & Managing Director ODC Over Dimensional Cargo CP Common Process OEM Original Equipment Manufacturer
CTQ Critical to Quality OFI Opportunity for Improvement D&D Design & Development OH&S Occupational Health and Safety
D&E Design & Engineering OHSAS Occupational Health and Safety
Assessment Series
DCP Department Control Procedure OHSMS Occupational Health & Safety
Management SystemDI Documented Information PDCA Plan-Do-Check-Act
DRM Department Review Meeting PMG Project Management GroupEAI Environmental Assessment Impact PO Purchase Order EHS Environment, Health & Safety PR Purchase Requisition
EMS Environmental Management
System PRM Project Review Meeting
Ext. External QA Quality AssuranceFH Functional Head QAP Quality Assurance Plan
FQAP Field Quality Assurance Plan QC Quality Control FTR Field Trouble Report QHSE Quality Health Safety Environment GRN Goods Receipt Note QMS Quality Management System
H&S Health & Safety RASCI Responsible-Accountable-Support-
Consult-Inform
HIRA Hazard Identification and Risk
Assessment RCA Root Cause Analysis
HLS High Level Structure Rev. No.
Revision Number
HOD Head of Department ROAM Risk & Opportunity Assessment Model HR Human Resource SCM Supply Chain Management IMS Integrated Management System SDR Site Deviation Report Incl. Including SIPOC Supplier-Input-Process-Output-CustomerInt. Internal SISCOL Steel Infra Solutions Pvt. Ltd.
IMS MANUAL ABBREVATIONS
Page 6 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.5 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
IS Information Security SoA Statement of Applicability
ISMS Information Security Management
System SOP Standard Operating Procedure
ISO International Organization for
Standardization SPoC Single Point of Contact
IT Information Technology TM Top ManagementITP Inspection & Test Procedure TPIA Third Party Inspection AgencyJD Job Description TSA Technical Service Agreement
KMS Knowledge Management System UoM Unit of Measurement KPI Key Performance Indicator VoC Voice of Customer MDL Master Document List w.r.t with respect to MoM Minutes of Meeting WI Work Instruction MR Management Representative
IMS MANUAL MAPPING OF CLAUSES
Page 7 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
MAPPING OF CLAUSES
Clause Description ISO
9001:2015 ISO
14001:2015 OHSAS
18001:2007 ISMS
27001:2013 Understanding the
organization and its context
4.1 4.1 4.1 4.1
Understanding the needs and expectations of interested parties
4.2 4.2 4.1 4.2
Determining the scope of the integrated
management system 4.3 4.3 4.1 4.3
Integrated management system and its processes
4.4 4.4 4.1 4.4
Leadership and commitment
5.1 5.1 - 5.1
Leadership and commitment (General)
5.1.1 5.1.1 4.1 5.1
Leadership and commitment (Customer
focus) 5.1.2 5.1.2 4.3.2 5.1
IMS Policy 5.2 5.2 4.2 5.2
Establishing the IMS Policy 5.2.1 5.2.1 4.2 A.5 Communicating the IMS
Policy 5.2.2 5.2.2 4.2 A.5
Organizational roles, responsibilities and
authorities 5.3 5.3 4.4.1 5.3
Actions to address risks and opportunities
6.1 6.1 4.3.1 6.1
Environmental Assessment Impact (EAI)
and HIRA - 6.1.2, 6.1.4 4.3.1 -
Legal and other requirements
- 6.1.3 4.3.2 -
Information Security Risk Assessment - - - 6.1.2/8.2
Information security risk treatment - - - 6.1.3/8.3
Objectives, targets and 6.2 6.2 4.3.3 6.2
IMS MANUAL MAPPING OF CLAUSES
Page 8 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
programs (planning to achieve them)
Planning of changes 6.3 6.3 4.3.3 -
Resources (General, People, Infrastructure,
Environment for the operation of processes)
7.1 7.1 4.4.1 7.1
Monitoring and measuring resources 7.1.5 - - -
General 7.1.5.1 7.1 4.4.1 -
Measurement traceability 7.1.5.2 7.1 4.4.1 -
Organizational knowledge 7.1.6 - - -
Competence 7.2 7.2 4.4.2 7.2
Awareness 7.3 7.3 4.4.2 7.3
Communication (General, Internal, External,
Reporting etc.) 7.4 7.4 4.4.3 7.4
Documented information 7.5 7.5 4.4 7.5
General 7.5.1 7.5.1 4.4.4 7.5.1
Creating and updating 7.5.2 7.5.2 4.4.5 /4.5.4 7.5.2
Control of documented information 7.5.3 7.5.3 4.4.5 7.5.3
Operational planning and control
8.1 8.1 4.4.6 8.1
Requirements for products and services
8.2 4.4.6 4.4.6 -
Customer communication 8.2.1 7.4 4.4.3 -Determining the
requirements related to products and services
8.2.2 8.1 4.4.6 -
Review of requirements related to products and
services 8.2.3 8.1 4.4.6 -
Changes to requirements for products and services 8.2.4 8.1 4.4.6 -
Design and development 8.3 8.1 4.4 8.1
IMS MANUAL MAPPING OF CLAUSES
Page 9 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
of products and services
General 8.3.1 8.1 4.1 8.1
Design and development planning 8.3.2 8.1 4.4.6 8.1
Design and development inputs 8.3.3 8.1 4.4.6 8.1
Design and development controls 8.3.4 8.1 4.4.6 8.1
Design and development outputs 8.3.5 8.1 4.4.6 8.1
Design and development changes 8.3.6 8.1 4.4.6 8.1
Control of externally provided processes,
products and services 8.4 8.1 4.4 8.1
General 8.4.1 8.1 4.4.6 8.1
Type and extent of control (Purchasing Process and
controls) 8.4.2 8.1 4.4.6 8.1
Information for external providers
8.4.3 8.1 4.4.6 8.1
Production and service provision
8.5 8.1 4.4.6 8.1
Control of production and service provision 8.5.1 8.1 4.4 8.1
Identification and traceability 8.5.2 - - -
Property belonging to customers or external
providers 8.5.3 - - -
Preservation 8.5.4 8.1 4.4.6 -
Post-delivery activities 8.5.5 8.1 4.4.6 -
Control of changes 8.5.6 8.1 4.4.6 7.5.3
Release of products and services
8.6 8.1 4.4.6 / 4.5.1 -
Control of nonconforming outputs
8.7 8.1/10.1 4.4.7 / 4.5.3 10.1
Emergency Preparedness - 8.2 4.4.7 -
IMS MANUAL MAPPING OF CLAUSES
Page 10 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 0.6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
& Response Monitoring,
measurement, analysis and evaluation
9.1 9.1 4.5 9.1
Internal Audit 9.2 9.2 4.5.5 9.2
Management Review 9.3 9.3 4.2 / 4.3.3 /
4.5.3/4.6 9.3
Improvement (General) 10.1 10.1 4.2 / 4.3.3 /
4.6 10
Nonconformity and corrective action
10.2 10.2 4.5.3 10.1
Incident investigation - - 4.5.3.1 -
Continual improvement 10.3 10.3 4.2 / 4.3.3 / 4.6
10.2
IMS MANUAL AUTHORIZATION
Page 11 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 1 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
1.1 PURPOSE This manual has been developed keeping in view the requirements of International Standards: ISO 9001:2015, ISO 14001:2015, OHSAS 18001:2007 and ISO 27001:2013 management systems. This is an Integrated Management System Manual. The objective of this manual is to map the requirements of these International Standards vis-à-vis SISCOL’s business processes. The requirements specified in this manual are primarily focusing on the following: Achieving customer satisfaction by providing all the deliverables as per their
requirements Ensuring process approach for establishing, implementing, maintaining and
continually improving above management standards Continually improving SISCOL’s business processes Endeavouring to achieve business excellence through process standardization
& innovation, benchmarking and continual improvement of our people, products and services
Establishing a systematic approach to risk management Designing of environmental friendly products and solutions to minimize the
impact of the product/solution/service on the environment throughout their life cycle and to meet new environmental challenges through conservation of natural resources, technological innovation and continual improvement
Complying with all the applicable legal, regulatory and other provisions related to environment, health & safety and information security
Ensuring confidentiality, integrity and availability of business information and information processing assets
Committed to the prevention of injury and ill health of our employees by ensuring compliance with the safe working practices and procedures established by the organization
1.2 OVERVIEW OF COMPANY Steel Infra Solutions Pvt. Ltd. (SISCOL) is a unique firm with comprehensive capability for providing end-to-end structural steel based solutions covering complete value chain of activities ranging from design, engineering, fabrication, installation at site and project management for the diverse infrastructural projects across the globe. SISCOL visions to be India’s largest supplier of steel based infrastructure solutions. More on: http://www.siscol.in SISCOL pioneered by a group of visionary & experienced veterans of India’s Steel and Construction industry has entered into a Technical Service Agreement (TSA) with Yongnam of Singapore to provide state-of-art and complete end-to-end solutions as a part of value proposition. A strong customer-focused approach
IMS MANUAL AUTHORIZATION
Page 12 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 1 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
and constant quest for top-class quality enables SISCOL to remain competitive and sustain leadership position.
SISCOL has integrated following as its strengths from Design to Delivery:
- Architectural & structural design - Design & detailed engineering - Manufacturing & logistics management - Erection & projects management,
to offer single point responsibility under stringent delivery schedules and is committed to demonstrate the best project management practices, environmental friendly technologies and ensuring health & safety of all people.
To carry out the above functions in the most efficient manner, following organization structure and overall process will be deployed:
SISCOL Organization Structure
IMS MANUAL AUTHORIZATION
Page 13 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 1 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Ris
k M
gm
t.E
ng
ine
erin
g
En
ablin
g
Fu
nct
ion
s/S
up
po
rt
Pro
cess
es
(HR
, F
&A
, Ad
min
, IT
)
SC
MQ
M &
EH
S
Co
ns
tru
ctio
n
Pla
nn
ing
&
R
eso
urc
e
allo
catio
n
Pro
cure
men
t S
ou
rce
&R
ec
eip
t in
spec
tion
Pro
du
ct/
S
ervi
ce/
Pro
ject
R
ealiz
atio
n
De
live
ry to
cu
sto
me
rs
and
Aft
er
Sa
les
S
erv
ice
Customer Feedback
Co
rre
ctiv
e a
nd
Pre
ven
tiv
e a
ctio
ns
Co
nti
nu
al I
mp
rove
me
nt
Pre
pa
ratio
n o
f off
er
Le
tter
of
Aw
ard
/Le
tte
r o
f In
ten
t
Co
ntr
act
Re
vie
w/
Sig
nin
g
Iden
tifi
catio
n o
f b
us
ine
ss
op
prt
un
ity
or
Rec
eip
t of
Te
nd
er/
En
qu
iry
/Bu
sin
ess
Info
rma
tion
/Req
ues
t fo
r o
ffe
r b
y
FE
M/M
&P
Ins
talla
tio
n &
C
om
issi
on
ing
Co
mm
issi
on
ing
DO
C N
O:
LNTP
-IMS
-FC
-000
; R
ev.
No.
00;
Eff.
Dat
e: 3
0.06
.201
1
Cusomer Requirements
Re
vie
w b
y M
arke
tin
g
& P
rop
osa
l
In-p
roc
ess
in
spe
ctio
nF
ina
l in
spec
tionP
erf
orm
ance
m
on
ito
rin
g/
inte
rna
l au
dits
/ d
ata
an
aly
sis
D&
D P
lan
nin
g,
Re
vie
w,V
&V
Ma
rket
C
om
me
nts
/D
evia
tion
fro
m
rela
ted
fns
(ex
.QM
, E
HS
,LT
SL
,JV
s e
tc)
Co
mm
n. t
o I
nd
ust
ry b
y C
orp
. Co
mm
n D
ept
Overall Processflow
IMS MANUAL ADMINISTRATION
Page 14 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 2 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
2.1 INTRODUCTION
This IMS Manual describes the Quality, Environment, Occupational Health & Safety (OH&S) and Information Security Management Systems requirements adopted by SISCOL. This manual lists down the procedures and measures stipulated for ensuring the quality of products and services through use of safe and environmental friendly work practices. This manual includes policies, processes, broad risk assessment methodology and controls for ensuring information security. The Integrated Management System has been formulated on the basis of ISO 9001, ISO 14001, OHSAS 18001 and ISMS 27001. This section titled “IMS Manual Administration” explains the Structure, Issue, Updating and Approval of the Integrated Management Systems Manual. This manual and the information incorporated herein are the property of SISCOL. It must not be reproduced in whole or in part or otherwise, disclosed without prior consent in writing from SISCOL.
2.2 STRUCTURE OF THE MANUAL
All the chapters are arranged sequentially as per the High Level Structure (HLS) of ISO. The respective requirements of QMS, EMS, OHSMS and ISMS are embedded into these clauses at relevant locations. This manual is available in English language only.
2.3 MANUAL ISSUE PROCEDURE
Head – Quality, EHS & Training has been designated as Management Representative for IMS (QMS, EMS, OHSAS and ISMS) and is authorized by the Chairman & MD to carry out the activities related to preparation, issue, deployment, maintenance and updating of this Manual.
This Manual is available as PDF/ XPS file at all the relevant locations. No hard copy of the manual is being distributed unless otherwise required, as this manual becomes uncontrolled document if printed. Note: If this manual is revised or updated, then the older version gets superseded
IMS MANUAL ADMINISTRATION
Page 15 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 2 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
2.4 MANUAL REVISION, UPDATION & AMENDMENT PROCEDURE
The IMS Manual is reviewed when management systems standards get revised/updated or as-and-when the organization needs a change to its management systems by the Management Representative in consultation with Leadership Team; and authorization by Chairman & MD of SISCOL. No revision is implemented unless it has been approved and formally issued. When revisions take place, the revisions are indicated by the revision number in the document and recorded in the Amendment History (Chapter 0.2) of this manual. As suitable, the manual may be re-issued when sufficient no. of amendments have been made in it or on account of major changes to the requirements of the standards in Quality, Environment, OH & S and ISMS Management Systems.
2.5 APPROVAL OF MANUAL
This manual is approved by the CMD designated MR of SISCOL. No part of this manual shall be reproduced in any form without the prior approval from the concerned MR.
IMS MANUAL IMS POLICY
Page 16 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 3 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL CONTEXT OF THE ORGANIZATION
Page 17 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 4 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
4.1 PURPOSE
To describe a system for understanding the organizations and its context along with needs and expectations of interested parties and identification of internal & external issues, that can impact on the planning of the quality management system & operations.
4.2 SCOPE
Covers all activities under the scopes of the following Management Systems: a) Quality Management System (QMS) b) Environment Management System (EMS) c) Occupational Health and Safety Assessment Series (OHSAS) d) Information Security Management System (ISMS)
4.3 OVERALL RESPONSIBILITY Top Management Management Representative Concerned Head of the Departments (HODs)
4.4 Context of the organization
4.4.1 Understanding the organization and its context ISO 9001 (4.1), ISO 14001 (4.1), OHSAS 18001 (4.1) & ISO27001 (4.1)
SISCOL shall determine, monitor and review external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s)/outcome(s) of Integrated Management System (IMS) through:
‐ Annual General Body Meetings (AGMs) ‐ Board Meetings ‐ Strategic Meetings ‐ Objective Setting Workshops ‐ Periodic Reports issued by Marketing & Business Development ‐ Management Review Meetings ‐ Project Review Meets ‐ Sustainability/CSR Review Meets ‐ Investors Meet
IMS MANUAL CONTEXT OF THE ORGANIZATION
Page 18 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 4 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
‐ Statutory and Regulatory Bodies ‐ Customer meetings ‐ Employee engagement platforms & initiatives ‐ Business Associates meetings and feedback ‐ Customer Survey etc.
The issues arising from (but not limited to): ‐ External: legal, technological, competitive, market, cultural, social and
economic environments, whether international, national, regional or local and
‐ Internal: values, culture, people, knowledge and performance of the organization; constitute our approach.
4.4.2 Understanding the needs and expectations of interested parties
ISO 9001 (4.2), ISO 14001 (4.2), OHSAS 18001 (4.1/4.4.4) & ISO27001 (4.2)
SISCOL continuously identifies interested parties that effects or have potential effects on ability to consistently provide products and services that meet SISCOLs legal, regulatory and customer’s requirements, which are:
‐ Customers (Internal/External) ‐ Shareholders/Investors ‐ Corporate Functions ‐ Lenders ‐ Statutory and Regulatory body ‐ Business Associates (incl. Suppliers, Contractors, Service Providers) ‐ Employees ‐ NGOs ‐ Society at large etc.
The requirement related to these interested parties are being determined, monitored and reviewed during various meeting as mentioned in 4.4.1 of this manual. 4.4.3 Determining the scope of the integrated management system
ISO 9001 (4.3), ISO 14001 (4.4.4), OHSAS 18001(4.1/4.4.4), ISO 27001 (4.3)
This manual describes the core elements of Management Systems & their interaction and provides directions to the execution of various processes. The manual includes: a) Scope, boundaries and exclusions including justifications for the same
IMS MANUAL CONTEXT OF THE ORGANIZATION
Page 19 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 4 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
b) Reference to documented common processes established for the Quality, Environment, Occupational Health & Safety and Information Security Management Systems, including the interaction between the processes (List of DACPs as per Annexure-A and Common Processes as per Annexure-B and overall flow chart as per Chapter-1)
While determining the scope & boundary of Integrated Management System in SISCOL, the organization considers the external and internal issues (referred in 4.4.1 of this manual), the requirements of relevant interested parties (referred in 4.4.2 of this manual), for the products and services of SISCOL.
4.5 Integrated Management System and its processes
(SYSTEM DESCRIPTION)
4.5.1 General Requirements ISO 9001 (4.4), ISO 14001 (4.4), OHSAS 18001 (4.1/4.4.4) & ISO27001 (4.4) 4.5.1.1 All the applicable major processes under the ambit of SISCOL have been identified and their interaction is depicted in the overall flow chart (Chapter - 1). 4.5.1.2 SISCOL determines the inputs required and the outputs expected, assigning
of responsibilities and authorities, addressing the risks and opportunities for each of the processes (by defining SIPOC, RASCI, ROAM etc. as one of the methods) in its DCP and allied documents
4.5.1.3 Criteria for operation & control of these processes are defined in various
DACPs, Flow Charts, Operation Control Procedures, Work Instructions, Control Objectives, SOPs as applicable at relevant stages of the processes
4.5.1.4 During the complete life cycle of the manufacturing and project
management/execution, relevant information and adequate resources are ensured, so that these processes are carried out & monitored in a controlled manner
4.5.1.5 To ensure that all the identified processes continue to remain effective,
these are monitored through regular process/project/product/system audits & reviews as per the responsibilities defined in IMS manual, DCPs, Procedures, SOPs etc.
IMS MANUAL CONTEXT OF THE ORGANIZATION
Page 20 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 4 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
4.5.1.6 As per the organizational mandate and business requirements, time bound key performance indicators (KPIs) are identified and monitored for their realization.
4.4.2 Documented Information ISO 9001 (4.4.2), ISO14001 (7.5), OHSAS 18001:2007 (4.4.4), ISO 27001 (7.5)
3-tier documented information structure in SISCOL
4.4.2.1 Integrated Management System documentation includes:
a) IMS Policy, Objectives and Deployment Programmes b) IMS Manual c) DCPs, SOPs, Work Instructions, Quality Plans, OCPs, KPIs, MSDS,
Directives, Forms & Guidelines, Control Objectives, Risk identification, analysis and mitigation plans, on site emergency Preparedness plan, Statement of Applicability etc.
d) Common processes and Standard Operating Procedures (SOP) applicable throughout the organization are referred in the Manual
e) Documented information required demonstrates the evidence of operation and control of processes and as per requirements of these standards.
IMS Manual
(Level-1)
Department Control Procedures - DCPs
(Level - 2)
SOPs, WIs, OCPs, Checklists, Formats (Level-3)
IMS MANUAL LEADERSHIP
Page 21 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 5 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
5.1 PURPOSE To describe the Leadership engagement, accountability & commitment for establishing, implementing, sustaining, creating awareness & continually improving the Quality, EHS and Information Security Management Systems and integrating the requirements of the management system into core business to achieve its intended outcomes.
5.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and Information Security Management Systems covering various activities as per scope given in Chapter 1 of this document.
5.3 OVERALL RESPONSIBILITY
Top Management Leadership Team Concerned Head of the Departments (HODs)
5.4 SYSTEM DESCRIPTION
5.4.1 Leadership & Commitment 5.4.1.1 General ISO 9001 (5.1.1), ISO 14001 (4.1), OHSAS 18001 (4.1) & ISO27001 (5.1)
Top Management of SISCOL is committed and accountable for the development, implementation, involvement and continual improvement of the integrated management system by: a) Involvement in preparation, review, approval and authorization of IMS
Manual by Chairman & MD b) Involvement in review and approval of IMS Policy in reference to the
context and strategic direction of the organization c) Various management committees comprising of functional heads/HODs and
other senior management have been constituted to review the status of various management systems
d) Ensuring the integration of Management Systems’ requirements into the organization’s processes
e) Communicating all the employees the importance of meeting customer requirements, project requirements, EHS requirements, information security related requirements and applicable statutory & regulatory
IMS MANUAL LEADERSHIP
Page 22 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 5 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
requirements through regular training programmes, emails, display of documents, in-house magazines, web sites, in-house circulars and meetings
f) Encourage and ensure that all the persons in the workplace adhere to the management systems requirements and have process & risk based approach at their work place
g) Communicating documented IMS/Corporate policy to all the stakeholders and ensuring compliance at all relevant functional levels
h) Ensuring that IMS objectives (KPIs) are established, reviewed and achieved at organizational and functional levels, relevant to delivering the process/product/services to achieve customer satisfaction
i) Ensuring the availability of resources (people, finance, infrastructure, IT, communication, transportation, canteen, etc.) to establish, implement, operate, monitor, review, maintain and continually improve IMS
j) Defining roles, allocating responsibilities & accountabilities and delegating authorities to demonstrate leadership and facilitate effective implementation of IMS in the organization
k) Deciding the criteria for accepting risks and the acceptable levels of risk & review of identified risk and its mitigation plan and ensure the risk-based approach at all levels
l) Ensure timely conduct of IMS/Management System specific internal audits and management reviews
m) Appointment of HoDs and people from senior management team as IMS representatives whose additional responsibility will be to establish, implement and maintain IMS in accordance with various International Standards requirements.
n) Ensures the implementation of Voice of Customer (VoC), customer feedback process & address the customer issues
o) The top management and leadership team is committed to encourage and release their team members for development of processes, taking improvement initiatives in day to day activities, to conduct audits (which bring forth gaps for improvement) and giving employees space and time to develop and improve existing processes. TM has ensured PDCA approach is engrained in each of the processes mapped in DCPs/SOPs.
IMS MANUAL LEADERSHIP
Page 23 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 5 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
5.4.1.2 Customer Focus ISO 9001 (5.1.2), ISO14001 (5.1.2), OHSAS 18001:2007 (4.3.2), ISO 27001 (5.1) SISCOL’s Top Management is committed to customer focus and ensures that all the requirements of the customers & other interested parties are determined, understood & consistently met with respect to Quality, EHS and Information Security MS, including all the applicable legal & other requirements and these requirements are fulfilled with the aim of enhancing their satisfaction. While reviewing the requirements, the implied needs and expectations of the customer and interested parties are also identified. The same are communicated to the respective functions in the organization for ensuring their compliance and to determine how these requirements apply to system
Marketing/Business Development/Sales/Proposal team at the time of bidding identifies all the requirements related to the project/product/ services. These requirements may relate to the following: a) Scope of the work including technical parameters b) Delivery requirements including logistics c) Applicable statutory and legal requirements d) Quality control and assurance related requirements e) Installation and commissioning requirements f) Procurement or supplier requirements g) EHS related requirements h) Information security related requirements i) Performance, warranty and post warranty requirements j) Risk & opportunities which may reflect the conformity of products &
services etc. Operations/project management/execution team ensures that above identified requirements are met while execution of the projects, and same is reviewed during project review meets / department review meet etc. by Top Management; team conducts VoC (at least once a year) and surveys to determine the customer satisfaction level; develop action plans on the areas that need improvement in order to focus on enhancing customer satisfaction.
5.4.2 Policy ISO 9001 (5.2), ISO 14001 (5.2), OHSAS 18001 (4.2), ISO27001 (5.2)
5.4.2.1 Developing-Establishing the IMS Policy ISO 9001 (5.2.1), ISO 14001 (5.2.1), OHSAS 18001 (4.2), ISO27001 (A.5)
IMS MANUAL LEADERSHIP
Page 24 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 5 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Chairman & MD of SISCOL has established, implemented & maintained the Integrated Management System Policy (Chapter 3 of this manual), and ensures that this Policy: a) Is appropriate to the purpose, context, strategic goals of the organization,
nature & scale of OH & S risks, environmental impacts, information security risks of the company and its activities, products or services
b) Provides the top management’s vision on Quality, EHS and ISMS for the organization
c) Includes objectives or provides the framework for setting IMS objectives d) Includes a commitment to comply with requirements and continually
improve the Effectiveness and performance of the Quality, Environment, Health & Safety and Information Security Management Systems
e) Includes a commitment to prevention of pollution, prevention of injury and ill health
f) Considers legal or statutory requirements related to product; EHS and contractual security obligations
g) Provides commitment for designing products considering the Environmental aspects
h) Provides a frame work for establishing and reviewing IMS objectives and targets
i) Is periodically reviewed for continuing suitability and appropriateness to the Organization during Management Review Meetings 5.4.2.2 Communicating the IMS Policy: ISO 9001 (5.2.2), ISO 14001 (5.2.2), OHSAS 18001 (4.2), ISO27001 (A.5)
Top Management ensures that IMS Policy is made available as documented information and communicated to concerns by following practices: a) Is made available to the public & other interested parties b) The IMS policy has been displayed at the strategic locations and being
shared/ communicated with all the stakeholders c) Is communicated to all the persons working under the control of the
organization & understood at all levels of the company through posters/intranet/awareness/training programmes/awareness campaigns
IMS MANUAL LEADERSHIP
Page 25 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 5 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
5.4.3 Organizational roles, responsibilities & authorities ISO 9001 (5.3), ISO 14001 (5.3), OHSAS 18001 (4.4.1), ISO27001 (5.3)
To execute various management systems effectively, Top Management along with HR as defined roles, responsibilities, accountabilities and authorities and same has been referred as documented information in the respective DCP/ SOP and being communicated. The Organization chart of SISCOL is depicted in Chapter 1 of this manual. The management of the company has defined RASCI matrices of those personnel within the Quality, Environmental, Health & Safety and IS Management Systems whose work affects the Quality, Environment, Occupational Health & Safety and Information Security. The ultimate responsibility for Quality & EHS rests with Head-Quality, EHS & Training and for Information Security responsibility lies with IT along with all the concerned HODs.
Concerned functionaries with management responsibility demonstrate their commitment to the continual improvement, ensure conformity with management system, reporting on the performance of IMS. The roles & responsibilities and authorities of key personnel in relation to IMS have been documented. These are readily available in the respective departments as well with the HR. However specific RASCI are defined in the applicable SOPs/DCPs which is prepared by respective departments under the leadership of HoDs; the DCPs & SOPs covers the necessary risk & opportunities for improvement. The team for conducting internal audit are identified by Top Management along with MR who conducts periodic audit of IMS and further the audit observations are reviewed by top management in project / department / management review meeting to ensure that conformity and integrity of the IMS are maintained as planned. The issues related customer are prioritized and tracked by top management for early resolution. If required necessary changes are made in the system and communicated for implementation. A review mechanism is put in place to have an effective management system approach.
IMS MANUAL PLANNING FOR IMS
Page 26 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
6.1 PURPOSE
To describe the approach of organization to plan, implement the actions, to address risk & opportunities and establishment of IMS objectives and planning to achieve it. To define a system for planning and implement the changes in IMS.
6.2 SCOPE Applicable to the implemented Quality, Environment, Health & Safety and Information Security Management Systems covering various activities as per scope given in Chapter 1
6.3 OVERALL RESPONSIBILITY Leadership Team Concerned Head of the Departments (HODs)
6.4 SYSTEM DESCRIPTION
6.4.1 Actions to address risks & opportunities ISO 9001 (6.1), ISO 14001 (6.1), OHSAS 18001 (4.3.1) & ISO 27001 (6.1, 6.1.1)
SISCOL’s Top management is committed to implement and promote a culture of risk based thinking throughout the organization, to determine and address the risks and opportunities associated with providing assurance that the IMS can achieve its intended result(s); provide conforming products and services, enhance customer satisfaction; promote desirable effects and continual improvement; and prevent, or mitigate, undesired effects. The risk management information is also used making strategic decisions and continual improvement. SISCOL has identified the risk and opportunity pertaining to all the process and mentioned as documented information in DCPs, which may be revised based on necessary changes proposed or derived while executing the process. The DCP of Operations/Project Management constitutes the detail plan and approach to identify & address the risk. However, while identifying and addressing the risks & opportunity, following approach (as applicable) is considered:
IMS MANUAL PLANNING FOR IMS
Page 27 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Identification of each potential risk Description of potential outcome of the risk Identification of potential cause(s) of risk outcome Rating the consequence or severity of the outcome Rating the likelihood of the cause occurring Rating the probability of early detection of the outcome Establishment of risk tolerance criteria Categorization of each risk into critical, high, medium or low based on
using a combination of severity, occurrence, detection ratings and other relevant factors to establish an overall risk score to all risks listed
Use the risk score to establish priority in addressing identified risks Identification and determination of the adequacy of any existing control to
address the identified risk Determination of appropriate controls to respond to each identified risk
(process control plans) Various tools such as cross-functional teams, flow charts, checklists, risk
analysis diagrams are used to brainstorm and facilitate risk identification, analysis and evaluation
SISCOL has integrated the actions to address these risks and opportunities into its IMS processes using the PDCA cycle (SISCOL-CP-02). Based on risks identified, SISCOL is committed to address following:
Avoiding the risk, where the only option is not to go forward with an activity or to withdraw from it
Taking risk, where risks have desirable potential consequences Altering risk, to optimize potential opportunities and minimize threats Transferring risk by measures including insurance, contractual
arrangements, partnerships and joint ventures Retain risk, where no worthwhile controls actions are feasible and the risk
is within the organization’s risk tolerance Removing the source of the risk by using alternate or new methods /
technologies
6.4.2 Environmental Assessment Impact (EAI) and HIRA ISO 14001 (6.1.2, 6.1.4), OHSAS 18001 (4.3.1)
The planning is done for identification of environmental aspects, OH&S risks and IS risks applicable to the company’s activities, products, projects or services that can have significant impact on Environment or H&S or Information Security performance
IMS MANUAL PLANNING FOR IMS
Page 28 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Procedure for Hazard Identification and Risk Assessment (HIRA) & Environment Aspect & Impact (EAI) has been developed by EHS and considers: routine & non-routine activities including activities of all personnel having access to the work place, facilities at the work place (whether provided by the company or others), human behaviour, capabilities, infrastructure, equipment and material at work place, changes or proposed changes in the organization, its activities or materials, modifications in OHSMS including temporary changes and their impacts on operation, processes and activities and the design of work areas, processes, installations, machinery, equipment’s and operating procedures Suitably EAI, OH&S and IS risk assessment is carried out for implementation of necessary control measures. The results of these assessments identified significant impacts & risks and controls are considered in setting its IMS objectives. The information on the assessments is documented and kept updated through on-going processes of impact/risk assessment. The company’s methodology for identification of hazard & environmental aspects:
Is defined with respect to its scope, nature and timing to ensure it is pro-active rather than reactive
Risk assessment methodology is commensurate with OH&S hazards Environment aspects, business information security and applicable legal & statutory requirements.
Criteria for accepting the risks and acceptable level of the risk has been established in the SOPs
Provides for classification of risks and identification of those that are to be eliminated or controlled based on significance
Is consistent with operating experience & the capabilities of risk control measures employed
Provides input in determining facility requirements, identification of training needs and /or development of operational controls.
6.4.3 Legal and other requirements ISO 14001 (6.1.3), OHSAS 18001 (4.3.2) All the applicable legal and other requirements related to EHS have been identified at relevant areas by Head EHS. Legal register has been prepared by Head EHS based on these identified requirements. Legal register is a comprehensive document containing brief description of the requirements
IMS MANUAL PLANNING FOR IMS
Page 29 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
SISCOL subscribes, required parameters, current status, responsibility and compliance evaluation frequency and outputs.
6.4.4 Information security risk assessment: ISO 27001 (6.1.2/8.2)
Establish the risk acceptance criteria Identify the risks associated with the loss of confidentiality, integrity
and availability for information and assets within the scope of the ISMS and the owner of these assets
Identify the risk owner Describe the threats of an asset & determine its values Describe the vulnerability for each threats of an asset and determine
its values Arriving the impact value based on the Impact Analysis Matrix Determine the likelihood of occurrence for each threats Evaluating the risk value Developing and establishing the appropriate risk control Verifying the controls Evaluating the residual risk level
When determining controls after risk assessment, consideration is given to reducing the risks according to the following hierarchy:
Risk Elimination Risk Substitution Engineering Control Administrative control PPE (for EHSMS)
6.4.5 Information security risk treatment: ISO 27001 (6.1.3/8.3)
The control objective and controls are mentioned in Annex-A of ISO 27001
Appropriate control objectives and controls shall be selected from Annex-A of ISO 27001 and implemented to meet the requirements identified by the risk assessment. This selection shall take account of the criteria for accepting risks as well as legal, regulatory and contractual requirements.
IMS MANUAL PLANNING FOR IMS
Page 30 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Selected controls shall reduce the risk value. This may be in terms of: o Increasing the security o Stricter controls o Transferring the risk o Procurement of new hardware/software o Or any other appropriate mechanism
Obtain risk owner’s approval for risk treatment plan before implementation
Statement of applicability (SoA) has been prepared which includes the following:
o Control objectives and control selected o The control objective and controls currently implemented o The exclusion of any control objectives and control and
appropriate justification for their exclusion
6.4.6 Quality, Environment, Health & Safety and Information Security Objectives and Planning to achieve them: ISO 9001(6.2), ISO 14001 (6.2), OHSAS 18001 (4.3.3), ISO 27001 (6.2) Top management ensures that IMS objectives and targets, including those needed to meet requirements for SISCOL business requirements (Products, Projects, Services and Solutions) are established at relevant functions, levels & process within the organization. In the beginning of every financial year, a workshop/ brainstorming session is being organized to identify the Thrust Areas, based on the market evolution, organizational focus, SISCOL priorities, competitor analysis, organization’s strategic goals etc.; while customer satisfaction remains the core in all of these. Subsequently, based on these thrust areas, SISCOL’s Objectives are identified and communicated to stakeholders by HODs. While establishing & reviewing these objectives, the organization considers its legal & other requirements, its significant environmental aspects, its OH&S risks, its technological options, its financial, operational & business requirements, information security risks, and the views of interested parties. The objectives are measurable consistent with IMS policy, including the commitment to continual improvement and prevention of hazards/risks & pollution.
IMS MANUAL PLANNING FOR IMS
Page 31 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
All functions identify their own measurable objectives based on SISCOL’s Objectives. The objectives are set and monitored for their achievement periodically. Review of the quality objectives is part of our management review meeting (MRM) process. After the review the quality objectives are updated as appropriate. The progress on the achievement of these objectives is monitored at MRM/DRM/PRM etc and if required same is updated as appropriate. Based on the project/organizational needs, EHS programmes are developed which include specific responsibilities/authorities, resources and the milestones with defined time frames. These programmes are reviewed at appropriate level in safety committee, monthly meetings, management review meetings etc. Where necessary, the management programmes are amended to address changes to the activities, products, services, operating conditions or new developments/new or modified activities including project management. When planning how to achieve the IMS objectives, the Top Management has put in place a system for defining, implementing, reviewing the objectives at various levels in the organization; in which what will be done; resources needed; who will be responsible; when it will be completed; how the results will be evaluated gets encapsulated. 6.3.1 Planning of changes ISO 9001 (6.3), ISO 14001 (6.3), OHSAS 18001 (4.3.3)
The continuity and effectiveness of IMS is maintained substantially in the event of significant changes in the IMS generated due to customer feedback, customer complaint, product failure, employee feedback, innovation, determined risk, determined opportunity, internal audit results, management review results, identified nonconformity etc. These changes are carefully planned so as not to disrupt ongoing capability and responsibility to effectively meet customer and regulatory requirement. In such instances, following points are considered:
Careful planning of the nature and timeline for the changes Determining the impact or outcome of such changes Ensuring adequate resources are available to implement the change Top management authorization Change deployment and follow-up Allocation/re-allocation of RASCI
IMS MANUAL PLANNING FOR IMS
Page 32 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 6 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Review of the IMS by top management after changes are effected
SISCOL follows well defined steps to implement changes which include following in brief:
Defining the specifics of what is to be changed Planned (tasks, timeline, responsibilities, authorities, budget, resources,
needed information, others) Engagement of other people as appropriate in the change process Development of communication plan (appropriate people within the
organization, customers, suppliers, interested parties, etc. may need to be informed)
Using a cross functional team review the plan to provide feedback related to the plan and associated risks
Training of people Measurement of the effectiveness
Prior to making a change, the review committee considers unintended consequences. After making the change the Top Management monitor the change to determine its effectiveness and to identify any additional problems that might be created. The integrity of the IMS is maintained by MR, when changes to the management systems are planned and implemented. As and when, any change in any documentation is envisaged, the other concerned documents are also modified as per procedure for Documented Information.
IMS MANUAL SUPPORT
Page 33 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
7.1 PURPOSE
To describe the Leadership involvement, accountability, commitment & support for ensuring resources for establishing, implementing, sustaining, awareness & continually improving the Quality, Environment, OH&S and Information Security Management Systems.
7.2 SCOPE
Applicable to the implemented Quality, Environment, Occupational Health & Safety and Information Security Management Systems covering various activities as per scope given in Chapter 1 of this document.
7.3 OVERALL RESPONSIBILITY
Top Management Leadership Team MR Concerned Head of the Departments (HODs)
7.4 RESOURCES
ISO 9001 (7.1), ISO 14001 (7.1), OHSAS 18001 (4.1) & ISO 27001 (7.1)
7.4.1 General, People ISO 9001 (7.1.1, 7.1.2), ISO 14001 (7.1), OHSAS 18001 (4.4.1), ISO 27001(7.1)
At SISCOL, top management ensures the availability of resources essential to establish, implement, operate, monitor, review, maintain and continually improve the Integrated Management Systems. Requirements of resources, essential for the implementation, control and improvement of the IMS are determined by various HODs and after approval from competent authority, provision is made in the budget. The provision includes: human resources people & specialized skills, software, hardware, technology, financial resources, infrastructure and environment for the operation of process.
SISCOL has a mechanism that evaluates/determines the capabilities/competencies/constraints of the internal resources and external providers, on regular intervals at Corporate, Project, Department levels; which will be considered while reviewing the resources for the implementation of IMS.
At the time of selection, the concerned HOD ensures that the employee’s competence level is mapped with the competency criteria defined by the
IMS MANUAL SUPPORT
Page 34 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
organization on the basis of educational qualifications, relevant experience, training, skills & professional qualifications. It is also ensured that any person performing work that have potential to cause a significant environmental impact or H&S risks or quality deviation or IS related risks are competent. As part of continual business improvement, as and when there are any changes in organizational processes, the competency requirements are also reviewed by HODs along with HR and efforts are made to provide the competent personnel for effective execution of these jobs. Competency Matrices of the personnel in SISCOL gets mapped, being driven by HR and implemented by HoDs at individual levels; which brings out the gaps and competencies/expertise for their deployment (in projects/business activities etc.) for the effective implementation of IMS and for the operation and control of the processes.
7.4.2 Infrastructure
ISO 9001 (7.1.3), ISO 14001 (7.1), OHSAS 18001 (4.4.1) As a part of resource management process and to achieve conformity of products and services, the requirements for infrastructure related to office and project sites are determined & maintained by the Head-Operations and Head-Field Services along with Industrial Infrastructure team, with the approval of CMD. The infrastructure covers following:
a) Building and work space (office as well as project sites) b) Utilities such as, electricity, water, fuel gases, power backup etc. at
office & sites c) Process equipment’s required at the manufacturing & project sites d) Service, Logistics, Maintenance, Safety, Security, Transport, Information
& Technology (IT), Communication resources required at site and offices
7.4.3 Environment for the operation of processes ISO 9001 (7.1.4), ISO 14001 (7.1), OHSAS 18001 (4.4.1)
The requirements for maintaining the environment for the operation of process needed to ensure the conformity of the product & services throughout the realization & subsequent processes; are determined as part of resource management process. The environment for operation is maintained in accordance with process or project requirements/specifications. It ensures that the safe, hygienic, ergonomically (worker movement, fatigue, manual effort and loads, etc.), workplace location, heat, light, humidity, airflow, noise, vibration, hygiene, cleanliness, pollution, adequate facilities (lockers, lunchroom, cafeteria, washrooms etc.); health and safety regulations;
IMS MANUAL SUPPORT
Page 35 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
cleanliness of premises and environment friendly working conditions are provided at the office, manufacturing and project sites. As and when required SISCOL conducts survey to access the satisfaction level of employees as evidence for social & psychological status and data for further continual improvement of the people. SISCOL has a team for devising & implementing numerous Employee Engagement initiatives thru’ Business Managers across the organization that ensures the upkeep of employee’s morale, human and physical factors; that creates the conducive environment for the effective operations. Additionally, behavioural training programs are devised by HR/Head-QHSE & Training related to emotional, de-stressing to have a calm and composed mind-set to implement IMS.
7.4.4 Monitoring & measuring resources
7.4.4.1 General
ISO 9001 (7.1.5.1), ISO 14001 (7.1), OHSAS 18001 (4.4.1) & ISO 27001 (7.1) SISCOL determines the resources needed for valid and reliable monitoring and measuring results (where monitoring or measuring is used for evidence of conformity of product & services to specified requirements), and ensures that the resources provided are: a) Suitable for type of monitoring and measurement activities being undertaken; b) Maintained to ensure continued fitness for their purpose, while conducting regular audits & checks. The calibration status of all the monitoring & measuring resources are mapped electronically to ensure compliance to the requirements. SISCOL retains appropriate documented information as evidence of continuing fitness for purpose of monitoring and measurement activities, where measurement traceability is:
a) Statutory or regulatory requirement, or b) Customer or relevant interested party expectation; or c) Considered by the organization to be an essential part of providing
confidence in the validity of measurement results; as a minimum
7.4.4.2 Measurement traceability ISO 9001 (7.1.5.2), ISO 14001 (7.1), OHSAS 18001 (4.4.1) & ISO 27001 (7.1) Appropriate system has been developed to ensure that all the measuring devices/gauges/templates being used at shop floor and the project sites including the measuring devices under the control of sub-contractors are calibrated during their use. For all the outsourced items, during selection & evaluation of the supplier it is ensured that their monitoring & measuring
IMS MANUAL SUPPORT
Page 36 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
devices are calibrated with traceability to National/International standards. Additionally, the monitoring & measuring devices used for measuring and monitoring the safety/environmental parameter are also covered under calibration control system. The measuring equipment is identified based on the controls over Product & Services and process characteristics. It is ensured that the supplier or sub-supplier/contractor has prepared the master list of measuring instruments incorporating the instrument details, frequency of calibration, permissible error etc. It is ensured that the measuring devices are:
a) Calibrated or verified at specified intervals or prior to use, against measurement standards traceable to international or national measurement standards. Where no such standards exist, the basis used for calibration or verification is kept as documented information. Traceability of calibration to national/international standards is subsequently ascertained. In case there is no national/ international measurements standards exist, the basis of calibration is defined in the respective calibration procedure.
b) Adjusted or re-adjusted if found to be out of calibration, as necessary c) Identified to enable calibration status through status stickers or
calibration documented information d) Safeguarded from adjustments, as applicable, that would invalidate
the measurement result e) Protected from damage and deterioration during handling,
maintenance f) Storage by imparting training to the users of such devices g) All the software being used for designing or other purposes are being
validated before their use through some alternate mechanism and documented information of the same is maintained.
7.4.5 Organizational Knowledge ISO 9001 (7.1.6) SISCOL’s top management is committed to determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. Under the Knowledge Management System (KMS), SISCOL TM has deployed Knowledge Management Policy make SISCOL a knowledge driven organization. Standard documented information has been made to effect for implementation of SISCOL’s Knowledge Management Policy. Electronic/Server platform is the pivot of Knowledge Management System and repository of all the shared learning and the other documents listed in standard documented information. This platform serves as a single point interface for
IMS MANUAL SUPPORT
Page 37 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
dissemination of all knowledge management documents. This platform also captures Lessons Learnt, Structured Knowledge, Good/Bad Practices, Ideas etc., which have been made accessible to all employees to capture, integrate, preserve, secure and share latest developments on SISCOL’s quest to build the knowledge base. Knowledge Management System at SISCOL is envisaged to be a consolidated, comprehensive and robust system comprising database of all project learning which are attained during any point of project life cycle and captured in the KM platform. The database is readily accessible to all stakeholders in SISCOL. The objective of KM platform is to ensure that the experiential knowledge acquired during execution/ operations is captured, shared and then effectively utilized in other/new projects further to improve systems and processes of SISICOL. Additionally, knowledge sharing sessions are organized in time-bound manner/regularly to share amongst team members (incl. from other projects/new projects) to take cue and implement. HoDs have processes to manage the organizational knowledge, with the association of Business Managers and HR. External Trainings are also arranged to keep SISCOL updated on the latest trends in the industry. SISCOL personnel also attends various conferences, meetings, assessments to gather the knowledge from customers & external providers.
7.4.6 Competence ISO 9001 (7.2), ISO 14001 (7.2), OHSAS 18001 (4.4.2) & ISO 27001 (7.2) Depending upon the job requirements and the available competence among the employees, the gaps in the existing competence are identified by the HODs during objective setting (SISCOL-CP-08) and performance appraisal processes. In order to fill up these gaps, actions such as providing training or any other actions are initiated by Head-QHSE & Training. The various training requirements are identified by the HODs through the performance reviews, job analysis, objective settings and annual appraisal system. Training needs are identified by the employees themselves or by the departmental heads or through any other feedback mechanism. Based on the identified training needs, training planning is done by Training/HR/HoD and training is imparted as per the training calendar released. In some cases, unplanned training programmes are also conducted as per the business needs. Through the procedure on competence, awareness & training (SISCOL-CP-06), the company ensures that:
a) Necessary competence levels for personnel performing work affecting the Product & Services/ project/system quality, environment, OH&S and IS are determined
IMS MANUAL SUPPORT
Page 38 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
b) Training or other actions are taken to satisfy these needs c) Effectiveness of the actions taken are evaluated d) All personnel are aware of the relevance and importance of their
activities and how they contribute to the achievement of the Quality, Environmental, H&S and IS objectives
e) Appropriate documented information of education, training, skills and experience are maintained
f) Roles, responsibilities and abilities in achieving conformity to policy, procedures, objectives, targets, control of risk/impacts including the emergency preparedness and response are well defined
7.5 AWARENESS
ISO9001 (7.3), ISO14001 (7.3), OHSAS 18001 (4.4.2), ISO27001 (7.3) Employees are made aware of benefits from improved quality, environment, occupational, health and safety, information security performance for the interested parties and the organization. SISCOL ensures that persons doing work under the organization’s control are aware & made aware of:
a) the corporate / IMS policy b) relevant IMS objectives c) their contribution to the effectiveness of the IMS, including the benefits
of improved performance d) the implications of not conforming with the IMS requirements in
numerous avenues such as: i. while conducting the induction to IMS ii. HoDs ensure the IMS requirements are communicated iii. Promotional events further deep-root the awareness amongst
persons under SISCOL’s IMS control
7.6 COMMUNICATION
ISO 9001 (7.4), ISO 14001 (7.4), OHSAS 18001 (4.4.3) & ISO27001 (7.4) SISCOL ensures that appropriate communication processes are established within & outside the organization and communication takes place regarding the effectiveness of the IMS. The specific communication channels (email, newsletters, announcements, CMD address etc.) established for dissemination of pertinent information on Quality, Environmental aspects, Occupational, Health & Safety risks, IS risks and other information needed as per various management systems.
IMS MANUAL SUPPORT
Page 39 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
The communication modes include departmental level formal or informal meetings, top management level review meetings, circulars or memos, displays on notice, IMS policy boards, e-mail, intercom, intranet, magazines, personal contacts, reports etc. The communication from top to bottom and vice versa is ensured for effectiveness of the implemented integrated management system. Appropriate procedure has been established to communicate supplier about any requirement related to quality, environment, health & safety and IS. To ensure Health & Safety of visitors visiting offices/manufacturing premises/project sites, procedure has been implemented at appropriate locations. For any external communication (incl. media etc.) protocol is already in place within organization and project level that what, who, when, how, with whom communication is to be made.
7.7 DOCUMENTED INFORMATION
ISO 9001 (7.5), ISO 14001 (7.5), OHSAS 18001 (4.4) & ISO27001 (7.5)
7.7.1 General ISO 9001 (7.5.1), ISO14001 (7.5.1), OHSAS 18001 (4.4.4), ISO 27001 (7.5.1) SISCOL has the following documented information structure that caters to the requirements of QMS, EMS, OHSMS and ISMS along with any additional documented information determined by the organization as being necessary for the effectiveness of IMS.
3-tier documented information structure in SISCOL
IMS Manual
(Level-1)
Department Control Procedures - DCPs
(Level - 2)
SOPs, WIs, OCPs, Checklists, Formats (Level-3)
IMS MANUAL SUPPORT
Page 40 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Integrated Management System documentation includes: a) IMS Policy, Objectives and Deployment Programmes. b) IMS Manual c) Department’s Procedures d) Work Instructions, Quality Plans, OCPs, KPIs, MSDS, Directives, Forms &
Guidelines, Control Objectives, Risk identification, Aspect & impact register analysis and mitigation plans, on site emergency Preparedness plan, Statement of Applicability etc.
e) Common procedures and Standard Operating Procedures (SOP) applicable throughout the organization are referred in the Manual
f) Documented information required demonstrating the evidence of operation and control of processes and as per requirements of these standards
The IMS manual describes the core elements of Management Systems & their interaction and provides directions to the execution of various processes. The manual includes:
a) Scope and exclusions including justifications for the same b) Reference to documented common procedures established for the Quality,
Environment, Health & Safety and Information Security Management Systems, including the interaction between the processes (Department Processes as per Annexure A and Common Processes as per Annexure-B and overall flow chart as per Chapter - 1)
7.7.2 Creating & Updating
ISO 9001 (7.5.2), ISO 14001(7.5.2), OHSAS 18001 (4.4.4/4.4.5), ISO27001 (7.5.2) SISCOL ensures the following practices while creating and updating documented information:
a) Identification: documented information have titles, document numbers, which indicates their identity and are unique to Department/Project/Customer/Function. Common documents are made by the central teams with proper identification/document numbers. Document Number system are in place to ensure the identification and description
b) Format: An appropriate format is created to the purpose of usability and accessibility of users, the language used is in general is English, various software’s used are compatible to each other, the size and scale of the document to be printed are generally mentioned on the documents specifically for drawings.
IMS MANUAL SUPPORT
Page 41 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 7 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
c) SISCOL has a system to identify that which document shall be under approval or information category, the documents under approval category has multi-tier level of approval and same is done by competent authority either by email, initials, electronic signatures, MoM etc. Review and approval does have suitability, adequacy, traceability and security.
7.7.3 Control of Documented information ISO 9001 (7.5.3), ISO 14001(7.5.3), OHSAS 18001 (4.4.5), ISO27001 (7.5.3) Documented information required as per Integrated Management system has been controlled by means of documented information (SISCOL-CP-01) which ensures:
a) Approval of documents by the designated authorities b) Review and updating as necessary and re-approval c) The identification of nature of changes, control and revision status d) Distribution, access, retrieval and use e) Availability of relevant latest versions at points of use/issue with adequate protection as and when needed for that documented information f) Legibility, traceability and readily identifiable g) Identification of external origin documents and their distribution control h) Documented information retained as evidence of conformity shall be protected from unintended alterations (loss of confidentiality, improper use, or loss of integrity) i) Prevention of unintended use of obsolete documents and their storage/ preservation for future reference/use including legal obligations, if any j) Transfer, storage and disposition of the documents in accordance with the applicable procedure, as per the classification of documents
All the process owners ensure that the documented information remain legible, retrievable, readily identifiable & traceable to activities involved during the complete life cycle of the manufacturing and project execution. The master list of documented information indicating the retention period is maintained by the concerned process owner. Relevant documented information is maintained for all the Health, Safety and information security incidents. During the project closing cycle, all the important documents are archived by the PMG on the electronic format so that same can be referred if required in the future. If contractually required, the documented information is made available to the interested parties. Access matrices of the location of placement of documented information (in server, portal etc.) are defined and reviewed on periodic intervals along with IT team; and cross verified during audits for ensuring the effective implementation of IMS requirements.
IMS MANUAL OPERATION
Page 42 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
8.1 PURPOSE
To describe the Leadership involvement, accountability & commitment in planning & controlling end-to-end value chain (including design) for establishing, implementing, sustaining, awareness & continually improving the Quality, Environment, H&S and Information Security Management Systems.
8.2 SCOPE Applicable to the implemented Quality, Environment, Occupational, Health & Safety and Information Security Management Systems covering various activities as per scope given in Chapter 1 of this document.
8.3 OVERALL RESPONSIBILITY
Top Management Leadership Team MR Concerned Head of the Departments (HODs)
8.4 SYSTEM DESCRIPTION
8.4.1 Organizational Operational Planning & control
ISO 9001 (8.1), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) 8.4.2 Planning of Product Realization
ISO 9001 (8.1), ISO 14001 (4.4.6), OHSAS 18001 (4.4.6), ISO 27001 (8.1) SISCOL has put in place multi-disciplinary approach for planning the
project/product/service realization. The Process Flow Charts/DCPs/SOPs/ WIs/Formats have been prepared by the concerned process owners along with the control points and their acceptance criteria at the relevant points of usage. These documents also identify such characteristics/indicators for products and services which need to be constantly monitored to meet the specified objectives. These documents are developed at the system, projects and products levels during the different phases of manufacturing and project execution.
Based on the contractual requirements, critical to quality (CTQ) aspects and
inputs are identified by design & engineering and subsequently these inputs are taken into consideration while developing various QA/QC requirements.
IMS MANUAL OPERATION
Page 43 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Product, process and projects’ regulatory requirements are also identified by the concerned process owners and given due consideration during the development and preparation of relevant process control documents. Resources, infrastructure, work environment and competency of required personnel are identified by the concerned HODs along with HR.
8.4.2.1 The following functions in SISCOL shall collaborate during process, product and project realization:
a) Business Strategy b) Business Development & Marketing c) Sales d) Contracts e) Operations f) Vendor Development & Procurement g) Production h) Logistics & Delivery i) Industrial Infrastructure j) Design & Engineering k) Field Services l) Corporate Relations m) Key Account Management n) Project Planning & Monitoring, Execution and Control o) Stores (Incoming and Final product) p) Plant Maintenance q) Quality Assurance r) Environment Health & Safety s) Training t) Information Technology u) Human Resource & Administration v) Finance & Accounts
8.4.2.2 Following are considered, as appropriate, at the time of development, updating/modification for improvement in the existing process by process owners in due consultation with concerned team head: a) Identified quality objectives and requirements for the product b) The need to establish processes, documents, and provide resources
specific to meet the requirements of the product c) Required verification, validation, monitoring, inspection and test
activities specific to the products processed at relevant stages of processes and the criteria for the product acceptance
d) Records needed to provide objective evidence that the realization processes and resulting products fulfil requirements
IMS MANUAL OPERATION
Page 44 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
The output of this planning in the form of quality plan, process monitoring instructions, material arrangements, inspection arrangements, review and validation of processes are made and provided at the relevant stages of processing for its implementation.
8.4.2.3 EMS, OHSMS and ISMS Planning
Head EHS maintains the inventory of all the applicable environmental aspects and Health & Safety risks, while list of information security related risks is maintained by Head-IT. A procedure has been established to identify and evaluate the environmental aspect/health & safety risks and IS risks. Based on the significance of these aspects/risks, control measures have been identified and being implemented throughout the organization. It has been ensured that these significant aspects, Health & Safety risks and IS risks are considered while developing IMS at SISCOL. SISCOL has established and maintains a procedure to identify and have access to legal and other requirements to which SISCOL subscribes to. To fulfil the commitments established in IMS Policy and achieve other organizational goals, IMS objectives, targets and programmes are established by the concerned HODs at the beginning of the year based on SISCOL annual objectives/thrust areas. The organization controls planned changes and reviews the consequences of unintended changes, takes action to mitigate any adverse effects, thru’ the implementation of the common process: Risk and Opportunity Identification, Assessment, Implementation and Reviewing effectiveness (SISCOL-CP-02) as necessary. Teams during the execution phase also identifies, reviews, monitors, mitigates the risks/changes in planned intervals. Whenever there is any outsourced process that affects product conformity to the requirements, adequate controls are exercised by the relevant functions. The type and extent of control on such outsourced processes depends upon criticality of the characteristics or extent of control exercised by the supplier. All the statutory and regulatory requirements of the product/project work being outsourced are discussed with the supplier and their compliance is ensured through periodic inspections and audits. All those activities of supplier or contractors which can be significant with respect to our environment, health and safety systems are identified by Head EHS, during environmental aspect and risk identification and are well addressed in the purchase order or purchase contract. Regular monitoring of supplier’s
IMS MANUAL OPERATION
Page 45 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
activities is done to ensure compliance to these requirements by QA, EHS, Operations/PMG and SCM/Procurement.
8.5 REQUIREMENTS FOR PRODUCTS & SERVICES
ISO 9001 (8.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6)
8.5.1 Customer Communication ISO 9001 (8.2.1), ISO 14001 (8.1/7.4), OHSAS 18001 (4.4.3)
Before award of the project, Business Development/Marketing/Sales department are responsible for establishing any communication with the customers or responding to the queries from customers. After award of the work, Head-Operations/Design & Engineering/Project Management Group or as nominated by CMD will be responsible for all the communications on the behalf of SISCOL. The product/ project information is communicated through various means like brochures, catalogues, website, in-house magazines etc. Customer feedback including customer complaints are reviewed and analysed for root cause of the problems by the respective HoDs. The decisions are taken for corrective and preventive actions including further improvements in the products, processes and services. Needful communications with regard to handling and/or controlling customer properties are taken care at pre-order and post-order stages. Whenever required, Head- Business Development/ Marketing/ Sales/ Operations/ Design & Engineering/Project Management Group or as nominated by CMD will communicate customer the specific requirement for contingency.
8.5.2 Determination of Requirement Related to the Product, Project and
Services
ISO 9001 (8.2.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6)
Head Business Development & Marketing identifies the customer requirements before submitting the bid. It is ensured that financial viability, technical viability and risk assessment is completed before submission of the bid/offerings. All the customer’s requirements are considered including supplies, installation and commissioning, project management, transportation & logistics, quality, health & safety, contracts management, site management, handing over, legal/statutory & regulatory clearances, trainings, warranty, insurance etc. as per the scope of the project or services.
IMS MANUAL OPERATION
Page 46 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
SISCOL has established various processes at appropriate levels to determine: a) Requirements specified by the customer, including the requirements for
environment, EHS, delivery and post-delivery activities b) Requirements not stated by the customer but necessary for the
application of product. c) Statutory and regulatory requirements related to the product, processes &
systems for environmental / OH & S performance, and d) Implied needs and expectation or any additional requirements required by
the organization e) Contract or order requirements differing from those previously expressed
8.5.3 Review of requirements related to the Product & Services
ISO 9001 (8.2.3), ISO 14001 (8.1), OHSAS 18001 (4.4.6)
Nominated Business Development & Marketing team along with other stakeholders like strategy, engineering, operations, manufacturing, quality, project management, EHS, insurance etc, review the requirements related to the product, project and services. This review is conducted prior to submission of the bid documents, to ensure that customer requirements including their product specifications, delivery schedules, packing, logistics, commissioning, installation and post commissioning requirements are clearly defined. Any specific environmental, H&S & IS performance required during project execution is also appropriately reviewed. Where the customer provides no documented requirements, the customer requirements are agreed with suitable division of responsibilities etc. Whenever it is felt that if some client requirements are not met the same is communicated to the client through deviation statement and concurrence obtained for the same.
8.5.4 Changes to requirements for products and services ISO 9001 (8.2.4), ISO 14001(8.1), OHSAS 18001 (4.4.6) During finalization of the contract, Head - Business Development & Marketing/ Sales ensures that there are no differences in the bid documents vis-à-vis contract documents. In case any deviation is found the same is recorded and resolved with the client. Records of contract review and actions arising from the review are maintained by Head - Business Development & Marketing. These requirements are communicated to the Operations/Design & Engineering/Project Management or suitable function for compliance, planning and execution of the subsequent product/service realization processes. As and when any amendment to product/project requirements are received from the customers, the responsible project/operations team ensures that the same are reviewed for their ability to supply and the relevant documents are amended
IMS MANUAL OPERATION
Page 47 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
accordingly. These modified documents are conveyed to relevant functions by the process owner for making all stakeholders aware of the changed requirements for immediate compliance.
8.6 DESIGN & DEVELOPMENT OF PRODUCTS & SERVICES
ISO 9001 (8.3), ISO 14001 (8.1), OHSAS 18001 (4.4) & ISO 27001 (8.1)
8.6.1 General ISO 9001 (8.3.1), ISO 14001 (8.1), OHSAS 18001 (4.1/4.4) & ISO 27001 (8.1) SISCOL has established, implemented and maintains a design and development process that is appropriate to ensure provision of products and services.
8.6.2 Design and development planning ISO 9001 (8.3.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) Planning for all the activities under the ambit of design & engineering is being done by Head-Design & Engineering. During D&D planning, the Head-Design & Engineering and nominated personnel from a specific project determine:
a) the nature, duration and complexity of the design and development activities based on the scope and technical specifications vis-à-vis organization’s capabilities
b) Design and development stages, considering all the interfaces c) The controls (review, verification and validation) that are appropriate
to each D&D stage d) Responsibilities and authorities for design & development being spelt
in DCPs and other associated documents e) the internal and external agencies that have to be involved for the
design and development of products and services f) The level of control expected for the D&D process by customers and
other relevant interested parties on a continuous basis and ensure the effective planning to manage it.
All the interfaces between various stakeholders involved in D&D process are managed adequately by the concerned Director - Operations or Project / Nominated Personnel, to ensure effective communication and clear assignment of responsibilities. As the D&D progresses, the planning outputs are updated, as appropriate. SISCOL has a structured approach to ensure the necessary documents are incorporated to demonstrate that D&D requirements have been met:
a) Periodic review with suppliers/vendors/contractors/service providers
IMS MANUAL OPERATION
Page 48 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
b) Periodic review and/or meetings with customers/customers representatives/statutory bodies
c) Internal reviews and internal audits to verify the incorporation of the documented information
8.6.3 Design & Development Inputs ISO 9001 (8.3.3), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) Before undertaking any D&D activity, all the design inputs are identified by the Head-Design & Engineering. These inputs may include:
a) Customers’ needs b) Applicable statutory and regulatory requirements c) Policies and objectives of the organization d) Timeline for deliverables e) Standards or codes of practice f) Functional and performance requirements of the product g) Information derived from previous designs, if applicable h) Testing and acceptance requirements i) Potential consequences of failure based on the review-sharing of
earlier/similar project data, holding knowledge sharing initiatives, having numerous test scenarios being simulated/reviewed by CFT
These inputs are reviewed for their adequacy by the Head-Design & Engineering and any incomplete or conflicting requirements are resolved. Records of design inputs are maintained by Head-Design & Engineering.
8.6.4 Design and development controls ISO 9001 (8.3.4), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) SISCOL applies necessary controls (reviewing/verifying/validating) to the design and development processes.
8.6.4.1 Design & Development Review
To assess the ability of the results of D&D process to meet the product/project requirements, systematic review of various design activities including the interfaces is done as per the design review plan by the Head-Design & Engineering along with internal associated stakeholders. Cross functional team for the review of D&D is nominated at the planning stage. D&D reviews are carried out in a systematic manner, in accordance with the planned arrangements:
a) To evaluate the ability of the results of design & development to meet requirements
b) And to identify any problems and propose necessary actions
IMS MANUAL OPERATION
Page 49 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Records of the results of the reviews and any necessary actions are maintained.
8.6.4.2 Design & Development Verification D&D verification is done by Head-Design & Engineering along with the nominated operations/project team as per the D&D planning to ensure that outputs are meeting the design inputs. Records of the results of design verifications are maintained. It is ensured that all the deviations found during D&D verifications are resolved before progressing to the next stage of D&D.
8.6.4.3 Design & Development Validation D&D validation is done as per D&D planning to ensure that resulting product is capable of meeting the requirements for the specified application or intended use. Wherever practicable, validation shall be completed prior to the delivery or implementation of the product. Validation of the product may be done in presence of the customer or at customer’s premises as per the contractual requirements. Records of D&D validation are maintained appropriately.
8.6.5 Design& Development Outputs ISO 9001 (8.3.5), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) The D&D outputs are documented and provided in suitable form (Drawings/ Technical Specifications/Calculations/Prototype/BOM/Data Sheets etc.) enabling verification against D&D inputs. The design outputs are verified, reviewed and approved before release by Design & Engineering. D&D outputs shall:
a) Meet the D&D input requirements b) Provide appropriate information for purchasing, production, operations,
manufacturing, erection, commissioning, testing and acceptance of the product/services along with adequacy for the subsequent processes
c) Contain or reference monitoring and measuring requirements and product acceptance criteria
d) Specify the characteristics of the product/services which are essential for its safe and proper use
8.6.6 Design & Development Changes ISO 9001 (8.3.6), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) SISCOL has established procedures to identify D&D changes at all the stages of D&D. On identification of any change or request for any change in design, the same is reviewed, verified and approved before implementation by the CFT. During review of D&D changes, all the stake holders are taken into consideration
IMS MANUAL OPERATION
Page 50 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
including all the interfaces likely to be affected by the change including the parts already delivered. SISCOL shall retain the following documented information:
a) Design and development changes b) The results of reviews c) The authorization of the changes d) The actions taken to prevent adverse impacts
8.7 CONTROL OF EXTERNALLY PROVIDED PROCESSES, PRODUCTS & SERVICES
ISO 9001 (8.4), ISO 14001 (8.1), OHSAS 18001 (4.4) & ISO 27001 (8.1)
8.7.1 General and Type & Extent of Control ISO 9001 (8.4.1, 8.4.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) In SISCOL, procurement activities are managed through a dedicated function: Procurement, equipped with specialist team of buyers for various equipment’s. Stringent supplier selection and evaluation criteria have been established to ensure that the output product/services delivered by the suppliers meet the customer requirements. Prior to selection of the supplier, SISCOL team comprising Procurement/Vendor Development, Quality and Engineering/CFT/Expert may visit the supplier and completes the assessment based on pre-defined checklist and supplier selection procedure. The type and extent of control applied to these suppliers and the purchased product depends upon the criticality of the purchased product/services on subsequent product/service realization or the final product including packaging of material. Potential suppliers are being assessed by Procurement/Vendor Development and selection of suppliers is based on their ability to supply product in accordance with the organizations’ requirements. Criteria for selection, evaluation and periodical re-evaluation have been established considering quality, environmental, safety and delivery rating. Records of the results of evaluations and any necessary actions arising from the evaluation at company or supplier end are maintained. Orders for long delivery/critical equipment are placed early in the project to ensure timely deliveries by suppliers. The core activities of Logistics are handled by Logistics team and physical transportation activities may be outsourced to one or several freight forwarders depending on the project/operation requirements.
IMS MANUAL OPERATION
Page 51 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
For ODC consignments/heavy lifts, a detailed route survey is undertaken in close co-ordination with the freight forwarder by Logistics team. Whenever there is any outsourced process that affects product conformity to the requirements, adequate controls are exercised by the relevant functions. The type and extent of control on such outsourced processes depends upon criticality of the characteristics or extent of control exercised by the supplier. All the statutory and regulatory requirements of the product/project work being outsourced are discussed with the supplier and their compliance is ensured through periodic inspections and audits. All those activities of supplier or contractors which can be significant with respect to our environment, health and safety systems are identified by Head EHS, during environmental aspect and risk identification and are well addressed in the purchase order or purchase contract. Regular monitoring of supplier’s activities is done to ensure compliance to these requirements by QA, EHS, Operations and Procurement/Vendor Development. SISCOL has established procedures for source or in-coming inspection as per the applicable QAP, drawings and technical specification to ensure that the purchased products meet the specified purchase requirements including that for environment/H&S. QA ensures that through these plans the products are verified at source and during receipt at the project site. In case, if any deviation is found, non-conformity is raised and communicated to the concerned (Procurement/PMG, Operations/D&E or Supplier) for initiating root cause analysis, corrective and preventive actions along with assessing the impact/potential impact. If required the services of TPIAs can be utilized by QA for conducting source/receipt inspection. For selection, evaluation and re-evaluation of these TPAIs procedures have been documented. If contractually agreed, the company also allows its customers or their representatives to witness the manufacturing processes/purchased materials at supplier end for ensuring product/materials conform to the specified requirements. When it is proposed to verify the purchased product at the supplier's premises by either customer or company’s representatives, the verification arrangements and the method of product release are specified in the purchase order.
8.7.2 Information for external providers ISO 9001 (8.4.3), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1) SISCOL has established criteria for detailing adequate purchasing information in the purchase documents for the products/services to be procured. To start with,
IMS MANUAL OPERATION
Page 52 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
the buyer/requisition department prepares the purchase requisition (PR) containing all the relevant details of the product or the services (Critical to quality parameters, delivery requirements, etc) to be procured. The purchase order (PO) being raised contains complete information related to the product like: specification, acceptance criteria, logistics, packaging, delivery time, inspection requirements, performance evaluation process/parameters, reference to QAPs, verification or validation activities by SISCOL &/or its customers, or other acceptance criteria etc. The product/service details are described in purchase documents or other means, including where applicable:
a) Requirements for approval of product, services procedures, processes, and equipment
b) Requirements for qualification/competency of personnel, and c) Quality (ISO 9001), Environment (ISO 14001), Health & Safety (OHSAS
18001) and Information Security (ISO 27001) management system requirements
The purchase personnel review the purchase information to ensure the adequacy of specified purchase requirements prior to their communication or issue to the suppliers. Communication mechanism / protocol between SISCOL and the external providers gets defined during the ordering phase. It is ensured that for all the chemicals or hazardous substances being purchased, MSDS of the same is obtained from the supplier and necessary trainings are imparted to the end users for storage and handling of such substances.
8.8 PRODUCTION & SERVICE PROVISION
ISO 9001 (8.5), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO27001 (8.1)
8.8.1 Control of Production & Service Provision ISO 9001 (8.5.1), ISO14001 (8.1), OHSAS 18001 (4.4/4.4.6) & ISO 27001 (8.1)
SISCOL plans and carries out project and manufacturing/operations execution under controlled conditions which includes the following, as applicable (but not limited to):
a) The concerned HODs ensures that all the relevant technical requirements including special features are taken care while developing the drawings, engineering specifications, SOPs, Work Instructions etc. as per the contractual requirements, that defines: the characteristics of the products to be produced, the services to be provided, or the activities to be performed; and the results to be achieved
IMS MANUAL OPERATION
Page 53 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
b) Quality Assurance develops the QAPs, FQAPs, ITPs & QA programme as per the customer and regulatory requirements
c) Vendor Development & Procurement coordinates for all the outsourced material and vendor approval/assessment/re-evaluation/development
d) Operations/project team develops the project planning & project execution procedures; prepares documented information and ensures the use of suitable infrastructure and environment for the operation of processes; Logistics & Delivery
e) The availability of job/work instructions at the point of use incorporating the controls exercised for EHS/IS performances are ensured by Head EHS and Head IT
f) It is ensured that the equipment being used are suitable for the relevant processes including their environment friendly set up & safe performance
g) QA and D&E ensures the availability and use of appropriate monitoring and measuring devices for control of identified characteristics
h) Head EHS ensures that measuring devices used for monitoring EHS performance are being calibrated at the defined frequency
i) Monitoring and measurement of all the identified parameters with respect to quality, environment, OH&S and IS are done as per the defined frequency and methodology. In case any deviation is found, necessary corrective and preventive actions are taken by the concerned process owner
j) QA gives the despatch clearance after ensuring completion of the required operations/inspection/testing
k) QA forward the inspection records as per the applicability to the nominated SPOC for further submission to the customer
l) Field Services ensures the product, service, solutions’ deliverance by erection & commissioning to the requirements agreed upon
m) Post-delivery activities are identified with respective stake-holders and their involvement are agreed-upon during contract finalization and the actual implementation are ensured
All the special processes required for the production, project and service requirements are validated and revalidated as per the laid down guidelines. Welding, painting, brazing, heat treatment etc. have been identified as special processes whose resulting output cannot be fully verified by subsequent monitoring or measurement. Special processes have been pre-qualified for their sets of operating parameters suited to various class and types of products by QA/D&E/Operations/PMG.
IMS MANUAL OPERATION
Page 54 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
The qualification records and subsequent process monitoring records are maintained by QA/D&E/Operations/PMG. The qualification considers the following issues, as applicable:
a) Defined criteria for review and approval of the processes b) Approval of equipment and qualification of personnel c) Use of specific control measure and procedures d) Requirement of process monitoring records e) Whenever there are any changes to the process equipment/new
process equipment is procured or a new category/class of product is to be manufactured, these processes are re-validated as per need. Additionally, if the process results (in terms of product quality) are not found satisfactory, the relevant process may be revalidated to ensure product complying with the requirements through readjustment of qualified process control parameters
SISCOL emphasises on the competency building via numerous training mechanisms/drills ably supported by the infrastructure facilities/environment; putting in place systems in order to prevent human error. The key characteristics of the operation that can have significant environmental impacts/risks are identified in the relevant OCPs and are being monitored at the defined frequency.
8.8.2 Identification & Traceability ISO 9001 (8.5.2) The organization has established various systems for product identification and traceability, at the various stages of the project, product and service execution to ensure that the products/assemblies/sub-assemblies/components are identifiable throughout their life cycle. Identification: Raw materials and bought out components are received by stores from suppliers along with the details of material containing the supplier information. After receipt, the store in-charge raises the GRN and offers the receipt material to QC for incoming inspection. The inspection and test status of incoming bought out items are identified based on supplier’s certificate and inspection lot. QA / nominated person inspects the material as per QAP/FQAP/relevant reference document and if found acceptable, the material is cleared for storage at the designated location. From the store, the material is issued to the project team/manufacturing/operations divisions as per their requirements. During all the stages of the project/production execution, it is ensured that all the assemblies/sub-assemblies are identified by means of tags/stickers/locations.
IMS MANUAL OPERATION
Page 55 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
The inspection and test status of items is identified through identification stickers, inspection records, identified storage space etc as applicable. These are then stored at designated locations. Separate areas have been identified and marked for accepted and non-conforming items throughout the life cycle of the project/product. Traceability: Whenever required (Customer requirements, legal requirements, contractual requirements) traceability for the products/assemblies/sub-assemblies are maintained through drawings, receipt vouchers, inspection reports, lot numbers or any other unique number. QA indicates the status of the material, components, and sub-assemblies by use of inspection tags. All the non-conforming products/assemblies/components are suitably identified through red tags, ‘Rejected’ tags, stickers, punch, marking and location and they are quarantined to avoid the inadvertent use of these materials. Components and the products at the dispatch stage are identified with respect to the dispatch documents. With these systems in place, the traceability back to the origin is traced back.
8.8.3 Property belonging to customer or external providers ISO 9001 (8.5.3) Customer or external providers’ property received by the organization (drawings/specifications/materials) are suitably identified at the point of receipt as per the contractual requirements. During the time of receipt, same is verified against our requirements, if found unsuitable returned to the customer/ external provider; otherwise adequately stored. Proper storage is done for all the customer/ external providers’ property and in case of any loss and damage same is reported to the customer/ external provider and records are maintained.
8.8.3.1 Preservation ISO9001 (8.5.4), ISO 14001 (8.1), OHSAS18001 (4.4.6) SISCOL has established procedures for preserving the product quality from receipt of materials through internal processing up to the handing over of project site/product/service to the customer. Concerned HODs ensure that adequate care is taken during handling of material, components and products/outputs to avoid any damage. Though specific responsibilities are defined in the relevant DCP/SOP, yet every employee is responsible for safe handling of the products at various stages of operations/manufacturing/project execution. Various SOPs have been developed for preserving the product/service
IMS MANUAL OPERATION
Page 56 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
at various stages of value chain. Suppliers/OEMs manuals are being referred for storage of equipment at shop floor and site.
8.8.3.2 Handling and Transportation: It is ensured by the concerned HOD that the handling and transportation of products are controlled to prevent damage, deterioration or loss. When necessary, for particular items, special instructions/work instructions are issued/displayed and monitoring is carried out to check satisfactory implementation. The appropriate handling of products is followed to avoid any deterioration of quality of product and any damage during handling/transportation within the plant. Appropriate instructions are provided to the suppliers of goods and services for safe packaging, transportation and loading/unloading – as applicable.
8.8.3.3 Storage: Appropriate storage facilities are provided at production facilities and project site for materials and products for their safe upkeep, prevent damage and deterioration of the product quality including suitable preservation wherever necessary. Condition of product in the store is assessed at appropriate interval. Receipt and issue from stores is approved by authorized personnel. All materials having limited shelf life are issued on First In First Out (FIFO) basis, as applicable. Appropriate storage areas are provided for finished goods to prevent any damage or deterioration of these products. The stored products are periodically assessed for any deterioration or shelf life expiry. Safe handling/loading/unloading/storage instructions have been issued to the stores personnel from environmental/H&S view point.
8.8.3.4 Packaging & Despatch: Production/Operations hands over only cleared components and products to Logistics for packaging and dispatch as per the packaging list issued by D&E. Logistics/Transporter takes adequate precautions to avoid any damage or deterioration during packing and shipping. For all those products that has/envisaged to have contamination into it gets controlled with EHS Team with inputs from MSDS, Vendor etc. Regular audits also ensure the compliance to the controls established to this regard.
8.8.4 Post – Delivery activities ISO9001 (8.5.5), ISO14001 (8.1), OHSAS18001 (4.4.6) Post-delivery activities are identified with respective stake-holders and their involvement are agreed-upon during contract finalization and the actual
IMS MANUAL OPERATION
Page 57 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
implementation are ensured. Head-Business Development & Marketing takes the necessary inputs from the customers/prospective customers related to any of the post-delivery contractual deliverables (not limited warranty, maintenance services etc.). These requirements are passed on to the internal team/functions/business associates in SISCOL for deliberation, planning, implementation when necessitated. SISCOL while ensuring the post-delivery activities, considers (when applicable):
a) All the applicable statutory and regulatory requirements b) Potential undesired consequences associated with its products and
services c) The nature, use and intended lifetime of its products and services d) All the customer requirements being mutually agreed upon e) Customer’s feedback
BD&M in consultation with Contracts reviews all the post-delivery related agreements before signing-off with Customers. The agreed post-delivery requirements are communicated to the Operations/PMG/relevant stakeholders for ensuring these requirements are met.
8.8.5 Control of changes
ISO 9001 (8.5.6), ISO 14001(8.1), OHSAS 18001 (4.4.6), ISO 27001 (7.5.3)
SISCOL has established procedures to identify changes at all the stages of production and/or service provisions (if necessitated). On identification of any change or request for any change in production and/or service provisions, the same is reviewed, verified and approved before implementation by the CFT. During review of production and/or service provisions changes, all the stake holders are taken into consideration including all the interfaces likely to be affected by the change including the parts already delivered. Records of the production and/or service provisions changes, authorising the changes and actions emanating from the review are maintained appropriately. Change Notes, Field Trouble Reports (FTRs), Site Deviation Reports (SDRs) etc are few of the ways of controlling the changes in production and/or service provisions. For ISMS there is a procedure to control the planned changes. Change Management Request is maintained with appropriate approvals and risks being evaluated for planned changes.
8.9 RELEASE OF PRODUCT & SERVICES
ISO 9001 (8.6), ISO 14001 (8.1), OHSAS 18001 (4.4.6/4.5.1) & ISO 27001 (8.1)
IMS MANUAL OPERATION
Page 58 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
SISCOL has defined the characteristics for the different outputs to be achieved at appropriate stages of the project realization (receipt, in-process, final inspection and despatch clearance) for meeting the customer requirements. All these characteristics are monitored and measured by responsible personnel in respective departments in order to ensure that the product/service (output) requirements meet internal as well as external customer requirements including all the regulatory requirements. These characteristics have been defined by respective HODs, in their DCPs, OCPs, SOPs, QAPs etc. as applicable to the relevant stages of the processes. For all identified characteristics, the acceptance criteria for the evidence of conformity have also been defined. Source, incoming, in-process and final inspections are conducted by SISCOL inspector or SISCOL approved TPIAs to ensure/compliance evidence of the same. In-process inspection and testing is carried out at various stages of manufacturing and project execution. FQAPs have been developed to monitor and measure the critical parameters during site execution. No project/ product stage is allowed for further execution until it has been inspected and tested by QA/nominated representative as per QAP/TS/FQAP/applicable requirements. SISCOL ensures that all Quality Plans/OCPs/Inspection requirements are planned & implemented and that their inspection records are maintained to verify that at each stage of process, the characteristics conform to applicable instructions, procedures, inspection plans and / or specifications, as applicable. The final product/service is verified for conformance to the specified requirements as per procedures / inspection standards / Quality Plan and is handed over to the customer. The relevant records clearly indicating the conformance / non-conformance of the product and authority for releasing the product are maintained by QA. All the applicable legal and other requirements related to EHS have been identified at relevant areas by Head EHS. Legal register has been prepared by Head EHS based on these identified requirements. Legal register is a comprehensive document containing brief description of the requirements SISCOL subscribes, required parameters, current status, responsibility and compliance evaluation frequency and outputs.
8.10 CONTROL OF NON-CONFORMING OUTPUTS
ISO 9001 (8.7.1), ISO 14001 (8.1/10.1), OHSAS 18001 (4.5.3/4.4.7) & ISO 27001 (10.1)
IMS MANUAL OPERATION
Page 59 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
8.10.1 Control of non-conforming outputs
SISCOL has established documented information (SISCOL-CP-04) to ensure that Quality, Environment, Occupational, Health & Safety and Information Security related non-conformities are suitably identified and controlled throughout the life cycle of the product and project (including post-delivery). The related responsibilities and authorities and ways for dealing with such non-conformities have also been defined in the relevant DCPs/SOPs, which include handling and investigation of incidents, accidents, nonconformities under normal/abnormal conditions. The controls include prioritizing the non-conformance, analysing them and taking immediate action, correction, segregation, containment, return or suspension of provision of products and services, based on their criticality, authorizing use, release or acceptance under concession by operation/project authorized personnel and, where applicable the concession may also be taken from the customer. Based on the decision, the non-conformances are suitably disposed-off. The final product characteristics are re-verified by QA/designated team for ensuring conformance to the requirements before being despatched to the customer. The records indicating the nature of non-conformities including the concessions, if any, and the subsequent actions taken for reducing and eliminating them are maintained by QA or other responsible function. The actions on accidents, incidents, safety non-conformances are reviewed through risk assessment process, prior to implementation by Head EHS. The trends of non-conformance are periodically reviewed for further deciding continuous improvements in the product and process. In case the nonconforming products/outputs found during any stage of manufacturing or project execution, are corrected (i.e. reprocessed or re-worked), the products / information is re-verified by QA/Nominated Team for the requirements in which these were found to be nonconforming in order to demonstrate the conformity to the requirements. In case the non-conformance in the product is detected after the same have been delivered to the customer or their use has started, organization examines the criticality of such characteristics. Such non-conformance which are critical and major in nature are informed to the customer and if required, the same are withdrawn from usage. The potential effects of the nonconformity are also analysed and appropriate actions are taken.
IMS MANUAL OPERATION
Page 60 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 8 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
8.11 EMERGENCY PREPAREDNESS & RESPONSE / INCIDENT INVESTIGATION / INFORMATION SECURITY RISK
8.11.1 Emergency Preparedness & Response ISO 14001 (8.2)
All the potential emergencies related to EHS have been identified in “Emergency Plans” being maintained at relevant manufacturing/projects sites. Emergency Plan is a detailed document describing the various responsibilities of emergency coordinator, emergency communication team, emergency relief team etc. This plan describes how to respond to actual emergencies and prevent or mitigate associated environmental aspects and Health & Safety risks. In planning its emergency, SISCOL shall take account of the need of interested parties & neighbouring industries. The efficiency/response action of this emergency plan is demonstrated through regular mock drills (where practicable) twice in year respective to EMS & OHSMS planned by EHS and results of the mock drills/ occurrence of emergency situations are used to review & modify emergency preparedness plan & the planned response actions, if required. SISCOL shall provide relevant information and training related to emergency preparedness and response, as appropriate, to relevant interested parties, including persons working under its control. (employees, workmen, sub-contractors working at SISCOL’s premises)
8.11.2 Incident Investigation OSHAS 18001 (4.5.3.1)
Head-EHS shall devise the incident investigation procedure that shall record, investigate and analyse H&S incidents. The corrective and risk-based thinking/actioning procedures also includes mechanism for incident investigation so that all H&S deficiencies are identified, after having root causes analysis, necessary corrective (and preventive) actions are identified including opportunities for improvements. The results emanating from the investigations shall be documented and communicated to all the stakeholders. Head-EHS shall ensure the investigations are conducted time-bound.
8.11.3 Information security risk assessment & treatment ISO 27001 (8.2, 8.3)
Requirements and SISCOL’s approach are defined in 6.4.4 and 6.4.5 of Chapter-6 of this document.
IMS MANUAL PERFOMANCE EVALUATION
Page 61 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
9.1 PURPOSE
To describe the organizational process for monitoring, measurement, analysis and evaluation (incl. Internal Audits, MRMs etc.) for establishing, implementing, sustaining, awareness & continually improving the Quality, Environment, H&S and Information Security Management Systems.
9.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and Information Security Management Systems covering various activities as per scope given in Chapter 1 of this document.
9.3 OVERALL RESPONSIBILITY
Top Management Leadership Team MR Concerned Head of the Departments (HODs)
9.4 MONITORING, MEASUREMENT, ANALYSIS & EVALUATION
ISO 9001 (9.1), ISO 14001 (9.1), OHSAS 18001 (4.5) & ISO27001 (9.1)
9.4.1 General ISO 9001 (9.1.1), ISO 14001 (9.1.1), OHSAS 18001 (4.5) & ISO27001 (9.1) SISCOL has determined who, what, how & when the processes needed to be monitored, measured, analysed and evaluated and it’s implementation to demonstrate conformance to product & service requirements and conformity to QMS, EMS, and OHSMS & ISMS and continually improve their effectiveness. Measurement & monitoring system is based on data and it’s analysis for which various analytical tools are being used. SISCOL has defined the measurable parameters for the different processes/ products and services /projects to ensure meeting the customers and regulatory requirements. While preparing the project schedules & plans and product delivery schedules, all the processes which have to be measured are identified by the concerned process owners/HODs. These process parameters are monitored, measured and its results are analysed & evaluated at the specified frequency as per the responsibilities defined in QAPs/FQAPs/Flow Charts/SOPs to ensure that these processes achieve the
IMS MANUAL PERFOMANCE EVALUATION
Page 62 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
planned results. When planned results are not achieved, the non-conforming outputs (products/services/information) are corrected (repaired/reworked/re-processed) and the suitable corrective actions, as applicable are taken by the concerned HODs, to ensure conformity of the products (outputs). The compliance to these identified process parameters are ensured during inspection or system audits. Appropriate documented information are maintained. Those processes or operations having significant environmental impact/ significant risks are suitably monitored by respective process owners/HoDs in order to ensure all the customer requirements (internal & external customers) are met. OCPs/SOPs has been defined by Head EHS, to control these significant environmental aspects and Health & Safety risks. Head EHS has established a procedure to monitor and measure EHS performance on regular basis by deploying: a) Qualitative and quantitative measures appropriate to the organizational
needs b) Monitoring of the extent to which EHS objective are met c) Monitoring the effectiveness of EHS controls being exercised at different
manufacturing locations, offices and project sites d) Proactive measures of performance that monitor conformance with EHS
programmes, controls and operational criteria e) Reactive measures of the performance like monitoring of ill health,
incidents, and other historical evidence of deficient EHS performance f) Recording of data and results of monitoring and measurement to facilitate
subsequent corrective and risk analysis.
Monitoring includes various operational parameters like water, stack/ambient air, noise levels and progress on management programmes, objectives & targets, compliances to relevant legislations & regulations, near-misses, incidents, accidents and ill health. The Head-IT has established a procedure to:
a) Monitor and review IT related controls to promptly detect errors, identify attempted and successful breaches and incidents, enable management to determine whether the security activities delegated to people or implemented by IT are being performing as expected, help detect security events and thereby prevent security incidents by the use of indicators and determine whether the actions taken to resolve a breach of security were effective
IMS MANUAL PERFOMANCE EVALUATION
Page 63 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
b) Undertake regular reviews of the effectiveness of the ISMS taking into account the results of security audits, incidents, results from effectiveness measurements, suggestions and feedback from all interested parties
c) Measure the effectiveness of controls to verify that security requirements have been met Review risk assessment at planned intervals and review the residual risks and the identified acceptable levels of risk, taking into account changes to the organization, technology, business processes, identified threats, effectiveness of the implemented controls and external events like any changes to the legal or regulatory environment, changed contractual obligations and changes in social climate
d) Undertake security plans to take into account the findings of monitoring and reviewing activities
e) Conduct internal audits and MRM as per the planned schedules f) Documented information actions and events that could have an impact on
the effectiveness or performance of ISMS
9.4.2 Customer Satisfaction ISO 9001 (9.1.2) SISCOL has established & implemented a system for measuring customer satisfaction (Voice of Customer - VoC) on transactional basis. Marketing/Business Development/Sales/Business Excellence captures the voice of customers based on the project progress/product deliveries on regular basis and forward the output to Quality or the concerned department for analyzing the feedback. Customer feedback (incl. complaints, pain areas & their opinion) are also being captured by the concerned Project Management Team during their regular interaction with the customers. For timely responding to the customer complaints and issues, detailed action plan is developed and subsequently KPIs are identified at relevant functions and monitored & reviewed regularly. Data on customer satisfaction is compiled and presented in the top management review meeting by MR along with the effectiveness of the actions being taken by SISCOL.
IMS MANUAL PERFOMANCE EVALUATION
Page 64 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
9.4.3 Analysis & Evaluation ISO 9001 (9.1.3), ISO 14001 (9.1.2), OHSAS 18001 (4.5.1) and ISO 27001 (9.1) SISCOL determines, collects and analyses appropriate data to demonstrate the suitability and effectiveness of the IMS and evaluate for deciding the continual improvement of these systems. The data is collected at the specified periodicity and by the designated personnel. The data is compiled and trends are made to indicate the comparison, trend along with targets. This data are analysed during the review meetings to decide the further improvements & action point are listed to address risks & opportunities. The “Analysis of Data” includes:
a) The data generated as a result of process/project monitoring and measurement-project delays, project cost, project non-conformances, customer complaints, rejections, rework, delivery issues, cost of quality etc.
b) Data on the external providers evaluation/performance c) Customer Satisfaction Levels d) Key Performance Indicators (KPIs) of each department e) The achievement of the planned activities f) effectiveness of actions taken by functions in SISCOL to address risks and
opportunities identified g) The data collected from other relevant sources, e.g. Bench Marking Data
from relevant association or from the customers. h) Data on Environmental and OH&S and IS performance – accidents/
incidents/near miss, status of EMP/OHSMP, spillage or leakages at site, mock drill data, security violations etc.
Sl No. Indicative data to be analyzed Responsibility
1. Project win loss analysis Marketing/BD 2. Project delays, project cost, project risks PM 3. Non-conformance, rework QM 4. Customer complaints PM/Quality 5. Customer perception (VoC) Mktg./BD/Quality6. External provider performance Quality/SCM/MM7. In process non-conformance Quality 8. EHS Incident, near miss and accident EHS 9. Information security violations/incidents IT 10. System non-conformance MRs 11. Employee engagement, attrition HR
IMS MANUAL PERFOMANCE EVALUATION
Page 65 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
12. Training feedback & effectiveness HR 13. Process KPI monitoring All function HODs
All the applicable legal & other requirements with respect to IMS have been identified in the legal register. These requirements are periodically reviewed as per designated persons for their compliance. Documented information of these reviews are maintained at appropriate levels as per the responsibilities defined in the legal register.
9.4.4 Internal Audit ISO 9001 (9.2), ISO 14001 (9.2), OHSAS 18001 (4.5.5) and ISO 27001 (9.2) SISCOL has established a documented information (SISCOL-CP-03) to ensure that all the activities which can have an influence, changes affecting the organization on the quality / environment / occupational, health & safety/ information security are subjected to internal audits bi-annually. The procedure defines the responsibilities and requirements for planning (audit programs), conducting/implementing, reporting & recording the audits. Internal audits are planned at six monthly frequency considering the audit criteria, scope, frequency and methods. Audit criteria include international standards, IMS manual, IMS policy, applicable legal requirements, objectives, targets, management programme, department procedures, SOPs, etc. The frequency of audits can be increased depending on the severity of Quality, Environment, Occupational, Health & Safety and Information Security risks and the non-conformances observed during previous audits or operations. Frequency of these internal audits can also be increased in case of customer complaints, process or product rejections and service failures. SISCOL has a well-documented information for training of internal auditors. Auditors are trained based on education, experience, skills and their performance in the written examination. The auditors are selected in a manner to ensure objectivity and impartiality of the audit process. Annual audit plan is being prepared by the respective MRs. Audit schedule is prepared based on the status and importance of the process and results of earlier non-conformances observed. Audits are also scheduled based on results of risk assessments and changes affecting the organization. It is ensured that Auditors do not audit their own work activities. The audit results/reports are the documented information, which are shared with all the concerned stakeholders. These reports form the basis of taking suitable corrective actions (CA) by the concerned HODs after suitable root cause analysis (RCA). The HoDs take the required corrective action (CA) without any
IMS MANUAL PERFOMANCE EVALUATION
Page 66 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
undue delay. Other non-conformances are prioritized and accordingly actions are started to avoid their recurrence. Follow-up activities include the verification of the corrective actions taken either by actual verification at site or by verifying the related documentation, depending upon the criticality of the non-conformances. The results of the action taken are reviewed and discussed in Management Review Meeting. Apart from the scheduled audits, other audits can also be initiated based on the importance of activities and change in processes or services.
9.4.5 Management Review ISO 9001 (9.3), ISO 14001 (9.3), OHSAS 18001 (4.6), ISO 27001 (9.3)
9.4.5.1 General
At SISCOL, management review happens at various levels: a) Management review meeting to review the effectiveness of IMS b) Project Review meetings/Departmental review meeting c) Risk Review Meeting etc.
9.4.5.2 Management Review Meeting
CMD reviews the company’s IMS, at planned intervals (at least once in a year), to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization. The review meeting interval can change considering the changing business conditions. At SISCOL implemented IMS is reviewed in the MRM which comprises of Senior Team Members under the leadership of CMD. Review includes, assessing risks & opportunities for improvement and the need for changes to the IMS, including the SISCOL policy and objectives. Documented information of management reviews including the minutes of Management Review Meeting (MRM) are maintained by CMD’s office/MR; for projects by Project Planning Team/PMG.
9.4.5.3 Review Input ISO 9001 (9.3.2), ISO 14001 (9.3), OHSAS 18001 (4.6), ISO 27001(9.3)
The input to management review in the form of agenda for Management Review Meeting includes information for the period under review on all elements of ISO 9001, ISO14001, OHSAS 18001 and ISO 27001. The specific agenda items relevant to each of these standards are given in the common procedure on MRM (SISCOL-CP-07). However, more focus is laid down on the following:
IMS MANUAL PERFOMANCE EVALUATION
Page 67 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
a) Status of actions from previous management reviews b) Changes in external and internal issues relevant to IMS, including
strategic direction c) Review the context of the organization d) Review the needs & expectations of interested parties e) Review the scope of IMS f) Information on IMS’s performance, including trends and indicators for:
o Nonconformities and corrective actions o Monitoring and measurement results o Audit results o Customer satisfaction o Feedback from relevant interested parties o performance of external providers o process performance and conformity of products and services o the extent to which IMS objectives have been met
g) Issues concerning external providers and other relevant interested parties h) Adequacy of resources required for maintaining effective QMS i) Process improvement and conformity of products and services j) Effectiveness of actions taken to address risks and opportunities, result of
risk assessment and status of risk treatment plan k) New potential opportunities for continual improvement
Specifically, to EHS; the review addresses the possible need for changes to policy, objectives and other elements of the environment/OH&S Management Systems in the light of EMS/OHSMS audit results, changing circumstances and the commitment to continual improvement of EHS performance.
9.4.5.4 Review Output
ISO 9001 (9.3.3), ISO 14001 (9.3), OHSAS 18001 (4.6), ISO 27001 (9.3) The minutes of the management review meeting are recorded and maintained for a specified period. The output of the management review shall include any decisions and actions related to:
a) Opportunities for improvement b) Need for change in IMS including resources c) Update of the risk assessment and risk treatment plan
The outputs from MRM shall also include any decisions and actions related to possible changes to:
a) Business requirements and security requirements, b) IMS performance c) IMS Policy and Objectives
IMS MANUAL PERFOMANCE EVALUATION
Page 68 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 9 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
d) Any changes in the context of the organization e) Any changes in the needs & expectations of interested parties f) Any changes in the scope of IMS g) Regulatory or legal requirements and contractual obligations h) Levels of risk and criteria for accepting risks i) Improvement of product related to customer requirements
The output of the management review meeting is communicated by CMD’s/MR’s office to all the stakeholders for initiating time bound actions and regular follow up is maintained for completion.
IMS MANUAL IMPROVEMENT
Page 69 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 10 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
10.1 PURPOSE
To establish a system for identification of improvement opportunities of the various process identified in documented QMS, EMS, OHSAS & ISMS, to demonstrate the reduction in undesired effects and achieve continual improvement of SISCOL business processes. It includes various processes like continual improvement, incident investigation, non-conformity & corrective action.
10.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and Information Security Management Systems covering various activities as per scope given in Chapter 1 of this document.
10.3 OVERALL RESPONSIBILITY
Senior Leadership team Head of the Departments (HODs)
10.4 SYSTEM DESCRIPTION
10.4.1 Improvement (General) ISO 9001 (10.1), ISO 14001 (10.1), OHSAS 18001 (4.2/4.3.3/4.6), ISO 27001 (10) SISCOL leadership is committed to create, determine, select opportunities & facilitate a culture of continual improvement in the organization. The leadership team encourages the continual improvement efforts put forth and reviews the implementation of improvement plans and evaluate their effectiveness to meet customer requirements and enhance customer satisfaction. SISCOL has established the processes with the best of intentions, focusing on performing the task at hand, with the resources at hand, in the environment where they exist. A structured approach to understand the existing conditions, generate improvement ideas, and then implement the changes to see the betterment has been made part of SISCOL’s systems and processes. Various improvement programmes are identified by Leadership team across the value chain of operations. In addition HoDs drives various improvement initiatives; all aiming to improve products and services; while meeting requirements as well as to address future needs and expectations.
IMS MANUAL IMPROVEMENT
Page 70 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 10 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
SISCOL in every process puts efforts in correcting, preventing or reducing the undesired effects associated with it; in order to improve the performance and effectiveness of the established IMS.
10.4.2 Non-conformity & corrective action ISO 9001 (10.2), ISO 14001 (10.2), OHSAS 18001 (4.5.3), ISO 27001 (10.1) SISCOL has established documented information (SISCOL-CP-04) to react and ensure that Quality, Environment, Health & Safety and Information Security related non-conformities are suitably identified and controlled throughout the life cycle of the product & services and project. The related responsibilities and authorities and ways for dealing with such non-conformities have also been defined in the relevant DCPs/SOPs, which include handling and investigation of incidents, accidents, nonconformities under normal/abnormal conditions. The controls include prioritizing the non-conformance, analyzing them and taking immediate action, based on their criticality, authorizing use, release or acceptance under concession by project authorized personnel and, where applicable the concession may also be taken from the customer. Based on the decision, the non-conformances are suitably disposed-off. The final product & services characteristics are re-verified by QA for ensuring conformance to the requirements before being despatched to the customer. The documented information indicating the nature of non-conformities including the concessions, if any, and the subsequent actions taken for reducing and eliminating them are maintained by QA or other responsible function. The actions on accidents, incidents, safety non-conformances are reviewed through risk assessment process, prior to implementation by Head EHS. The trends of non-conformance are periodically reviewed for further deciding continuous improvements in the product and services and process. In case the nonconforming products & services and services found during any stage of design, manufacturing or project execution, are corrected (i.e. reprocessed or re-worked), the products & services / information are re-verified by QA/competent personnel for the requirements in which these were found to be nonconforming in order to demonstrate the conformity to the requirements. In case the non-conformance in the product is detected after the same have been delivered to the customer or their use has started, organization examines the criticality of such characteristics. Such non-conformance which is critical and major in nature is informed to the customer and if required, the same are withdrawn from usage. The potential effects of the nonconformity are also analyzed and appropriate actions are taken.
IMS MANUAL IMPROVEMENT
Page 71 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 10 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Based on non-conformity observed, the risk related to the NC shall be identified and updated in ROAM related to the concerned process. Corrective Action The company has established a documented information (SISCOL-CP-04) for taking actions to eliminate the cause of non-conformities in order to prevent recurrence of significant problems by analysis of non-conformance documented informations, product rework/ rejection data, external provider performance documented informations, project execution documented information etc. SISCOL ensures Corrective actions are appropriate to the effects of the nonconformities encountered, which are monitored to have cent percent compliance. Through this documented information it is ensured that controls are exercised for:
a) Reviewing the non-conformities (including customer complaints) b) Determining the causes/analysing non-conformities c) Evaluating the need for action based on criticality of the activities to ensure that non-conformities do not recur d) Determining, deciding the corrective action needed based on root cause
analysis and implementing the same e) Determining if similar nonconformities exist, or could potentially occur f) Maintaining the documented information of the results from the action
taken g) Communicating the results of corrective actions to all the stakeholders h) Reviewing effectiveness of corrective actions i) Determining the cause of reoccurrence of similar NCRs j) Update risks and opportunities determined during planning
All customer complaints, customer returns, rework, rejections, delays, incidents are identified during the project execution life cycle by the nominated persons. These deviations are analyzed, using various statistical tools/problem solving methods and the corrective actions are taken to eliminate the cause of non-conformities in similar areas. The effectiveness of the corrective action is verified during subsequent product/processes/project audits. Cross functional teams are constituted for the critical problems related to Quality, EHS and IT. Integrated management system is made richer by changing the way of operations/processes to incorporate the learnings from the non-conformities.
IMS MANUAL IMPROVEMENT
Page 72 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Chapter No. 10 Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
10.4.3 Continual Improvement ISO 9001 (10.3), ISO 14001 (10.3), OHSAS 18001 (4.2/4.3.3/4.6), ISO 27001 (10.2) Continual improvement is of paramount importance for SISCOL. The organization aims to utilize the analysis of product/project/process related data and continually enhance, improve the suitability, adequacy and the effectiveness of the Quality, Environment, Health & Safety and IS management systems. Continual improvement programmes/KPIs for Quality, Environment, H&S, IS are identified by use of Policy, Objectives & Targets, market analysis, results of risk assessments, environmental aspects evaluation, feedback for improvements through audit results, analysis of data, customer feedback, applicable legal requirements, significant environmental aspects, H&S risks, IS risks, corrective action and the discussions held in management reviews. The continual improvement programmes are identified based on the results of analysis and evaluation (defined in Chapter 9, but not limited to), outputs emanating from management review meets; by the concerned HODs, using following indicators (naming a few, indicative): a) Customer Dissatisfaction e.g. complaints or project delays b) Inventory Management improvement c) Delivery Problems from External providers d) On time delivery of projects to the customers e) Integrated Management Systems improvement f) Improvement in external provider Rating g) Reduction in consumption of natural resources h) Training feedback and effectiveness i) Improving housekeeping at manufacturing/project site j) Cost of quality k) Reducing environmental impacts through innovative product design l) Achieving stretched goals m) Analysis of data related to accidents, incidents, near misses n) Sharing the lessons learnt from the projects across SISCOL
IMS MANUAL LIST OF DOCUMENTED INFO.
Page 73 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure - A DOC NO: SISCOL/IMS/MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
ANNEXURE A: SAMPLE LIST OF DOCUMENTED INFORMATION (DI)
Sr. No. DI No. Details Scope of Standards
1 SISCOL-CP-01 Documented Information QMS+EMS+OHSAS+ISMS
2 SISCOL-CP-02
Risk and Opportunity Identification, Assessment,
Implementation and Reviewing effectiveness
QMS+EMS+OHSAS+ISMS
3 SISCOL-CP-03 Conduction of Internal Audits QMS+EMS+OHSAS+ISMS
4 SISCOL-CP-04 Control of Non-conformance and
Corrective ActionQMS+EMS+OHSAS+ISMS
5 SISCOL-CP-05 Competency Development QMS+EMS+OHSAS+ISMS
6 SISCOL-CP-06 Management Review Meeting QMS+EMS+OHSAS+ISMS
7 SISCOL-CP-07 Objective Settings QMS+EMS+OHSAS+ISMS
8 DCP-1
9 DCP-2
10 DCP-3
11 DCP-4
12 .
13 .
14 .
15 .
16 .
IMS MANUAL LIST OF DOCUMENTED INFO.
Page 74 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure - A DOC NO: SISCOL/IMS/MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
17 .
18 .
19 .
20 .
21 .
22 .
23 .
24 .
25 .
26 .
IMS MANUAL COMMON PROCESSES
Page 75 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.1 Doc. No.: SISCOL-IMS-MANUAL
1.1. Documented Information
1.1.1. Process Flow
IMS MANUAL COMMON PROCESSES
Page 76 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.1 Doc. No.: SISCOL-IMS-MANUAL
1.1.2. Process Notes P1. All the documented information required for the activity/ function should be identified well in advance and to be reflected in the functional DCPs/ Manual / MDL.
P2. As identified in MDL, all the documented information to be prepared and identification of the owner of the DI & retention period to be done, all the documents to be prepared as per reference national, International standards, contract document, customer requirement, SISCOL and applicable legal & statutory requirement in the standardized format/ template structure only.
D1. Before approving the documents, review should be done comprehensively for all the applicable processes with respect to QMS, EHSMS, ISMS, Customer, SISCOL and applicable legal & statutory requirements.
P3. The approved DI shall be circulated / distributed in controlled manner, and shall be stored in protected way to avoid any loss of data, to ensure that only the authorized users are having access to these documents, the access is controlled through IT.
P4. The documents approved shall be updated in MDL, the updated master list of documents should be available with concerned process owners along with the current revision no. The master list of drawings/specifications should be available with the nominated person.
P5. 1. The reason for the change should be justified in the change request.
2. In case the change is affecting more than one function/project, the issue to be discussed with the other interested parties before implementing the change
P6. Modify/amend the document. The changed part of the document should be identifiable through italics/ bold/ underline/ font colour / Box with Rev. No.
D2. The document should be approved by the same or higher level as in original document.
P7. The revision number to be incremented after the change and master list of documents of internal origin reflected in DCPs should be modified.
P8. The revised document to be communicated to all the original recipient or additional persons as per the business requirements.
P9. Obsolete documents to be discarded as per the prevailing practices and should not be available at the point of use. One copy of obsolete document should be archived for future reference.
1.1.3. SIPOC
Trigger – Ensure the Control of Document Information Frequency – Ongoing
Supplier Input P Output Customer Engineering/ Stakeholders/
Vendors/Client/ Manufacturing
National, International standards, contract document, customer requirement, SISCOL
and applicable legal &
MDL, DCP, Manual
Process Owners, Client,
External
IMS MANUAL COMMON PROCESSES
Page 77 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.1 Doc. No.: SISCOL-IMS-MANUAL
Team/ Project Team
statutory requirement Providers
Engineering/ Stakeholders/
Vendors/Client/ Manufacturing Team/ Project
Team
MDL
DCP/Procedure/SOP/ QAPs/Engineering
Deliverables/ OCP/manual/Work
Instructions/Formats/ guidelines/flow chart/plans etc.
Process Owners, Client,
External Providers
1.1.4. RASCI
Activity Responsible Accountable Support Consult Inform P1. Identification of
needs for Documented Information (DI)
required for effective Management Systems
Process owner
HOD Stake holders
IMS Team, External Providers
Process Owner, Client,
External Providers
P2. Preparation of DI, identification of owner and its retention period
Process owner HOD
Stake holders
External Providers
Engineering team, Client,
External Providers,
stake holders
D1. Review & approval of documents;
Approved?
Process owner HOD - -
Client, External
Providers, Engineering
team
P3. Circulation/ Distribution/ Storage/
Protection of DI +
Process owner
HOD IT team -
Client, External
Providers, Engineering
team
P4. Updating MDL of internal origin
Process owner HOD IT team
Client, External
Providers, Engineering
team
P5. Receipt of change request or need for
change of document and its review
Process owner/
nominated person
HOD
External Providers,
cross functional
team members
- Process Owner
P6. Amendment/ modification in the
documents
Process owner/
nominated person
HOD External Providers Client Stakeholders
IMS MANUAL COMMON PROCESSES
Page 78 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.1 Doc. No.: SISCOL-IMS-MANUAL
D2. Approval of documents; Approved?
Process owner HOD
External Providers - Stakeholders
P7. Update issue No/ revision No. and MDL
Process owner/
nominated person
HOD External Providers - Stakeholders
P8. Circulation/ Distribution/ Storage/
Protection of DI
Process owner/
nominated person
HOD External Providers
- Stakeholders
P9. Retention, archival & disposition of DI
Concerned user HOD
External Providers - Stakeholders
Note: Internal/IMS related documents may not be meant for Client/External Provider
1.1.5. ROAM
Probable/ Envisaged
Sl. No. Description
Possible Mitigation Plan/ Most-likely Benefits
RISK
1 Missing of identification of critical document in the
Document Management process 1. Availability of all references/standards for identification of documents
2. Higher level and CFT review 2
Missing important elements/parameters of the
processes/products to be captured in the document as per
requirement
3
Non-conformities due to non-communication of
approved/modified documents to concerned
Communication of approved/modified documents to
all concerned stake holders
4 Theft or loss of data Strict compliance to ISMS
OPPORTUNITY
1 Security of documents with sensitive information
Avoid access of sensitive information to competitors
2 Centrally controlled repository of
documents
To adopt and implement a structured method to establish,
update and communicate controlled documentation
3 Use of Standard
templates/Formats across Improvement in operational
effectiveness
IMS MANUAL COMMON PROCESSES
Page 79 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.1 Doc. No.: SISCOL-IMS-MANUAL
1.1.6. KPIs
KPI Objective Formula UoM
Identification of document
To identify internal origin document required for effective Integrated Management System
Within 30 days of receipt of contract/Within 15 days of
change or revision of process
Days
Preparation, Review & Approval document
To prepare, review & approve document required
for effective Quality Management System
15 days in advance start of processes
Days
Communication of documents
To communicate document/amendments/modifications to all concerned
departments
Within 2 days after approval
Days
IMS MANUAL COMMON PROCESSES
Page 80 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.2 Doc. No.: SISCOL-IMS-MANUAL
1.2. Risk and Opportunity Identification, Assessment,
Implementation and Reviewing Effectiveness
1.2.1. Process Flow
IMS MANUAL COMMON PROCESSES
Page 81 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.2 Doc. No.: SISCOL-IMS-MANUAL
1.2.2. Process Notes The objectives of the ‘Risk Management’ process is to ensure that the project/ manufacturing/proposed project periodically goes through a comprehensive risk management process by:
● Assessing and quantifying all risks associated with the project/proposed project
● Developing risk mitigation/treating plans that can be followed through, using the
review mechanism
● Ensuring that top management is kept abreast with the overall risk profile of the
project/manufacturing/proposed project with focus on the most critical risks
P1. The assessment shall be performed in line with SISCOL risk guidelines. For the proposal project, risk assessment & treatment shall be performed before technical/price bid submission. For ongoing or under execution projects/manufacturing, risk assessment & treatment shall be performed once in a quarter.
a) Risks and Opportunities to be identified at various stages of the manufacturing and project life cycles through proactive monitoring of various process parameters/ acceptance criteria, product non-conformities and internal/external audits.
b) Risks and opportunities to be proportionate to the potential impact on the conformity of products.
P2. Determine/Identify the sources, causes/ processes/ activities in Risk and Opportunity form
P3. CFT/team/person constituted by the concerned HOD for risk assessment
P4. Nominated team/person will assign probabilities to each risk element based on past experience and current project expectations, segregates risks based on their impact on either delay liabilities or cost escalation. Severity calculated based on estimated delay and/or cost implication as per norms of the SISCOL Risk Policy. Nominated team/person will identify risk treatment plan and submit it for competent authority.
D1. Approval from competent authority to be obtained before implementation of Mitigation/Contingency plan
P5. In case any modification suggested by competent authority, same shall be incorporated
D2. After incorporating the changes, nominated team/person will identify any modification in system/process/document (DCP/SOP/QAP etc.)
P6 In case of any modification same shall be obtained from competent authority/process owner.
P7. Treatment/Mitigation and Contingency plan to be implemented within defined time frame. The record is maintained in risk register.
IMS MANUAL COMMON PROCESSES
Page 82 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.2 Doc. No.: SISCOL-IMS-MANUAL
P8. Review/evaluation of effectiveness of implementation to be completed within defined time frame as per Mitigation/ Contingency Plans and maintained in risk register.
1.2.3. SIPOC
Trigger - Risk and Opportunity Identification, Assessment, Implementation and Reviewing effectiveness Frequency – As per SISCOL Policy
Supplier Input P Output Customer
Process owner
Process monitoring/ knowledge sharing/Audits/Non-
Conformities/external & internal issues w.r.t context of the organisation/ requirement
of interested parties
Risk register Nominated
Team/ person
BD&M Risk Register from pre-bid (for
project/manufacturing)
Nominated Team/person Mitigation / Contingency Plan Risk Register & record note
Competent authority
1.2.4. RASCI
Activity Responsible Accountable Support Consult Inform P1. Identification of
Risks and Opportunities
throughout the life cycle of the
Project/Process.
Process owner/
Nominated Team/person
Process owner
PMG/Functional Head
Leadership Team/Functional
Head
Nominated Team/ person/ Functional Head
P2. Determine the Sources, causes/
Process/ activities for the Risk and Opportunity
Process owner/
Nominated Team/person
Nominated Team/person
Functional Head
Leadership Team/Functional
Head
Nominated Team/ person
P3. Nomination of the Risk and Opportunity
Assessment person/team
Leadership Team
Leadership Team
Functional Head/HR
Functional Head/
HR/Contracts
Nominated Team/ person
P4. Identification of risks, areas of
impacts, events & their causes and their
potential consequences. Then
carry out Risk/Opportunity
assessment considering the Probability and
Severity. After that assign category for
Process owner/
Nominated Team/person
Nominated Team/person
Functional Head
Leadership Team/Functional Head/Contracts
Nominated Team/ person/
Leadership Team/Functional Head/Contracts
IMS MANUAL COMMON PROCESSES
Page 83 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.2 Doc. No.: SISCOL-IMS-MANUAL
the same. Prepare the Mitigation and
Contingency plans for identified Risk
D1. Seek approval for implementation;
Approved?
Nominated Team/person
Nominated Team/person
Functional Head
Functional Head/Contracts
Competent Authority
P5. Modify the treatment plan
Nominated Team/person
Nominated Team/person
Functional Head
Functional Head/Contracts/
Competent Authority
Process owner/ Functional
Head/Contracts/ Leadership Team
D2. Any system change /
process modification required
Process owner
Process owner
Nominated Team/person/
Functional Head
Nominated Team/person/
Functional Head
Nominated Team/person/
Functional Head/Contracts/ Leadership Team
P7. Implementation of Risk Treatment
Plan
Process owner
Process owner
Nominated Team/person/
Functional Head
Nominated Team/person/
Functional Head
Nominated Team/person/
Functional Head/Contracts/
Leadership Team/
P8. Review and record the
implementation and evaluate
effectiveness of Risk Control/Opportunities
Process owner
Process owner
Nominated Team/person/
Functional Head
Nominated Team/person/
Functional Head
Nominated Team/person/
Functional Head/Contracts/
Leadership Team/
1.2.5. ROAM
Probable/ Envisaged
Sl. No. Description
Possible Mitigation Plan/ Most-likely Benefits
RISK
1 Missing of risk/opportunity identification
Promote culture to identify the risk/opportunity by anyone during the
project cycle. Getting wetted from Contracts in line
with SISCOL guideline
2 Ineffective mitigation and contingency plan
● Mitigation and contingency plan to be prepared by competent team/ person.
● Mitigation and contingency plan to be reviewed and monitored for the implementation of effectiveness.
● Consultation with Contracts team
OPPORTUNITY 1 Culture to identify risk/opportunity
by anyone during the project cycle
Will have least possibilities to miss out major risk/opportunity and its impact of
organization/project
2 Effective implementation of mitigation and contingency plan
Damage owing to risk will be arrested or minimized
IMS MANUAL COMMON PROCESSES
Page 84 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.2 Doc. No.: SISCOL-IMS-MANUAL
1.2.6. KPIs
KPI Objective Formula UoM
Risk assessment and Opportunities
in risk
Identification of sources of risks, areas of impacts, events & their
causes and their potential consequences. Then carry out Risk/Opportunity assessment
considering the Probability and Severity.
As per SISCOL risk guideline Numbers
Risk Treatment Plan
Derive the treatment plan Preparing plan within defined
time frame Days
Effectiveness treatment plan
Evaluation of the effectiveness of mitigation and contingency plan
Number of change in plan Numbers
IMS MANUAL COMMON PROCESSES
Page 85 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.3 Doc. No.: SISCOL-IMS-MANUAL
1.3. Internal Audit
1.3.1. Process Flow
IMS MANUAL COMMON PROCESSES
Page 86 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.3 Doc. No.: SISCOL-IMS-MANUAL
1.3.2. Process Notes P1.
1. Minimum criteria for Auditors shall be they must have valid Internal / Lead Auditor certification in ISO Management Systems.
2. There shall be continuous process for identification of employees to be trained as new internal Auditors / Lead auditor certifications.
P2. 1. All the projects/activities/manufacturing facilities of SISCOL to be audited at minimum frequency of six months. 2. Internal audit schedule to be prepared at least 2 weeks before the date of internal audit. 3. Auditor independence to be ensured while planning the audits 4. Tentative audit duration to be specified in the audit plan
P3. Circulation of audit plan to the concerned auditee, auditors & stakeholders at least 2 weeks before the internal audit. P4. 1. The audit should be completed as per the internal audit plan.
2. The audit should be as per the defined scope, criteria and objectives
P5. Audit reporting & identification of OFIs to be done in specified format/platform by auditor after discussion (in audit closing) with auditee within 3 days after conduction of internal audit. P6. Review of Audit reports and improvement areas by Audit committee and approval / for circulation of Audit report / NCs/ OFIs to concerned auditee / functional head within 2 days of submission of reports by internal auditors. P7.
1. Root cause analysis and proposed closure date of NC/OFIs shall be provided in NC format/platform by Auditee / Process owner in consultation with stakeholders / function heads within 1 week of release of audit report.
2. Correction / corrective action on the NCs / observations raised to be taken within 3 weeks of submission of internal audit report or within the date of agreed proposed closure date.
D1. Audit committee to check and verify whether NCs / OFIs were vacated, within 2 days of submission of implementation of corrective action by auditee/ process owner. P8. Follow up audit (if required) to be conducted for verification of corrective action. D2. All NCs to be resolved within 3 weeks after conducting internal audit including the completion of corrective actions. P9. The audit summary report to be prepared and presented to the concerned HOD within 3 weeks of the completion of internal audit and in quarterly meet to TM & MRM.
IMS MANUAL COMMON PROCESSES
Page 87 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.3 Doc. No.: SISCOL-IMS-MANUAL
P10. During the top management meetings the input for continual improvement programmes and updating of ROAM shall be derived. D3. Review the effectiveness of the internal audits, upto what extent management expectations are met by internal audit 1. Continuous process
2. Based on the review, further actions like refresher trainings to auditors etc. are planned.
1.3.3. SIPOC
Trigger – Conducting IMS internal audit Frequency – Six Months
Supplier Input P Output Customer Functional Heads / IMS
Team Auditor List Audit Schedule IMS Team
Auditors Audit schedule, DCP, Manuals,
Contractual / statutory requirements
Audit Reporting
Auditee / Process owners,
Functional Heads, IMS Team
IMS Team NC / Audit report / RCA Audit Summary
report Top Management
1.3.4. RASCI
Activity Responsible Accountable Support Consult Inform Identification of trained internal
auditors IMS Team Head Quality /
EHS / IT Functional
Heads
Reporting Manager of
Auditors
Auditors, Auditee,
StakeholdersPreparation & circulation of internal audit
schedule / plan
IMS Team Head Quality /
EHS / IT IT
Department
Auditors, HODs,
Process Owners
Auditors, Process Owners,
HODs
Conducting Audit & Reporting Auditor Auditor - IMS Team
Auditee, IMS Team,
Functional Heads
Vacating NCs/ Root Cause Analysis,
Corrective actions
Auditee / Process Owner
Functional Head Stakeholders Auditor IMS Team
Follow-up Audit and verification
of CA Auditor IMS Team
Functional Heads
-
Preparation of IMS Team, IMS Team, Leads Auditor, Auditor, Top
IMS MANUAL COMMON PROCESSES
Page 88 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.3 Doc. No.: SISCOL-IMS-MANUAL
audit summary report &
presentation to concerned HOD
Leads Auditee Auditee Management
Identification of Continual
Improvement programmes (CIP)
and updating ROAM
Functional Heads
Functional Heads - - Stakeholders
Review the effectiveness of
the internal audits
Functional Heads Functional Heads IMS Team -
Head Quality / EHS / IT
1.3.5. ROAM
Probable/ Envisaged
Sl. No. Description
Possible Mitigation Plan/ Most-likely Benefits
RISK
01 Non availability of enough no. of
competent auditors for conducting internal audit
Proactive action for identification of auditors and there training and maintaining proportional ratio between total employees and
auditors
02
Delay in conducting audits due to Non-availability of certified
internal auditors as per planned schedule
1) Schedule shall be made thoroughly considering the project schedule and commitment from top management, HODs. 2) Circulation of Audit plan well in advance (Min. 2 Weeks) for auditors and auditee to reserve there date and time.
02
Improper reporting by auditors (For e.g. the report is not clear to
address the issue) leading to failure of finding right issue.
Second level review by IMS team before releasing the report auditee
03 Closure of NCs by auditee without
ensuring proper root cause analysis
IMS Team / Auditor shall conduct verification audits for Major NCs
04 Repetition of similar NCs in
subsequent audit
Top Management, Process owner shall have analysis of audit results /
NCs
OPPORTUNITY
1 Involvement of Top Management / HODs in to review process.
Improvement in IMS effectiveness
2 Gap analysis by process owner at regular interval
Improvement in IMS effectiveness
3 To Identify hidden risk in the process
Improvement in planning
IMS MANUAL COMMON PROCESSES
Page 89 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.3 Doc. No.: SISCOL-IMS-MANUAL
1.3.6. KPIs
KPI Objective Formula UoM
IMS Internal Audit Conduction of IMS internal
audit minimum twice in a year and as per planned schedule
Six Monthly Numbers
IMS Internal Audit Conduction of IMS internal
audit as per planned schedule
% of Completed internal audits in comparison to the
internal audit planned %
Audit Reporting Timely reporting of internal audit observations / report
The length of time for issuing internal audit reports days
Audit Reporting
Creation of suitable observations w.r.t non-
conformance in reference to standard, IMS Manual, DCP,
OFIs, Good practices
External Audit NCs/ Observations
No. of Major audit findings & recommendations
Numbers
Vacating NCs Submission of corrective
action & Closure of NCs with objective evidence
Within 3 weeks of audit / within time frame of proposed closure date
Period
Audit summary report
Presentation of audit summary reports to HODs/Top
Management Within 3 weeks of audit Period
Effectiveness of internal audit
Evaluation of effectiveness of Internal audit
1) The progress in action implementation of audit recommendation
2) Reduction in final product rejections
%
IMS MANUAL COMMON PROCESSES
Page 90 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.4 Doc. No.: SISCOL-IMS-MANUAL
1.4. Control of Non-conformance and Corrective Action
1.4.1. Process Flow
IMS MANUAL COMMON PROCESSES
Page 91 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.4 Doc. No.: SISCOL-IMS-MANUAL
1.4.2. Process Notes
P1. Non-conformities, potential EHS risks and IS events will be identified during manufacturing and throughout life cycle of the project through proactive monitoring of various process parameters/ acceptance criteria, feedback from interested parties, risk identification & analysis, customer voice, project review, internal and external benchmarking and internal audits. NC may also be identified by the customer or relevant interested parties.
P2. Incase of product NCs, the material, component, equipment shall be adequately quarantined by placing at identified space/red tagging etc.(as applicable) in line with correction requirement. In case of System NCs, EHS incident or IS events appropriate action plan shall be taken based on proposed correction.
P3. Identify the appropriate corrections/containments action and nominated person/ team considering impact of Non-Conformance/ incident/ IS events. The nominated person/ team will take appropriate corrections/containments action P4. Relevant records of rework/ reject/ concessions/ risk mitigation to be maintained as appropriate. D1. Effectiveness of correction/ containments action verified by nominated person/ team. P5. Team will be identified/ nominated for root cause analysis and bring out corrective action plan. P6. The nominated person/ CFT shall identify the root cause analysis within specified time period. P7. Nominated person/CFT shall identify/propose corrective action for avoiding recurrence of in same or other site with in specified time period. D2. Approval concerned head to be obtained before implementation of corrective actions. P8. Corrective actions emerged out from root cause analysis to be implemented within specified time interval based on the recommendation of nominated person/CFT. P9 In case there is modification suggested by approving authority same shall be modified. P10. The implementation of corrective action will be reviewed/evaluated also effectiveness of the corrective plan checked. P11. Effectiveness of corrective actions will be presented/reported to concerned leadership team. P12. The existing document will be updated incase same is necessitated (QA Plans, QA, EHS & IT Risk assessment, Procedures, SOPs).
IMS MANUAL COMMON PROCESSES
Page 92 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.4 Doc. No.: SISCOL-IMS-MANUAL
1.4.3. SIPOC
Trigger – Control of Non-conformance and Corrective Action Frequency – Continuous
Supplier Input P Output Customer
Interested parties
Stakeholder feedback/ process measurement/ project review/ internal audits/ Inspection, VOC/
NCR/ supplier or contractor evaluation,
deviation reports
Raise of Non conformity and
quarantining product from use
Process owner through Vendor/
contractor/ service provider/SISCOL
project/functional incharge
Interested parties Non Conformity Report Root Cause Analysis;
Correction; Corrective Action
Nominated person/CFT
Interested parties Non Conformity Report
Effectiveness of correction,corrective
action report/ presentation
Leadership team/ Interested Parties
1.4.4. RASCI
Activity Responsible Accountable Support Consult Inform
P1. Identification of Non
Conformity
Interested Parties
MRs/HODs/ Auditors
IMS Audit Team/
Executing Agency/PMG/ Field Services
Team
IMS Audit Team/
Executing Agency/PMG/ Field Services
Team
Process owner/
Executing Agency / Relevant
Interested Party
P2. Immediate segregation/
quarantine the Non Conformity
to avoid any unintended use of the same, as applicable (not applicable for system NCs)
Process Owner /
Execution agency
Process Owner
Functional Team
Members
Functional Team
members / Relevant
Interested Party
Process owner/
Executing Agency / Relevant
Interested Party
P3. Identification and containment
actions to be taken on the Non Conformity along
with responsibility.
Process Owner /
Execution agency/
Concerned nominated
person
Functional Head
Functional team members
Relevant Interested
Party / Execution agencies
Execution agencies /
Process Owner/ Relevant
Interested Party
P4. Recording status of action
taken
Process Owner/
Execution
Functional Head
Functional Team
Members
Relevant Interested
Party /
Execution agencies /
Process
IMS MANUAL COMMON PROCESSES
Page 93 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.4 Doc. No.: SISCOL-IMS-MANUAL
(correction/ rework/reject/ concessions/risk
mitigation)
agency Execution agencies
Owner/ Relevant
Interested Party
D1. Verification of correction
taken as effective?
Process Owner/
Execution agency/
Concerned nominated
person/team
Concerned nominated
person/team
Functional Team
Members
Functional Team
members
Core / Central team
P5. Nomination of team/person for root cause analysis of the identified non
conformity including EHS
Incident and IS events (As per requirement)
Functional Head/HOD
Functional Head/HOD
Process Owner/
Execution agency/
Functional Team
Members
Process Owner/
Execution agency/
Functional Team
Members
Process Owner/
Execution agency/
Functional Team Head
P6. Root cause analysis of the NC
Nominated persons/
team
Nominated persons/
team
Process Owner/
Execution agency/
Functional Team
Members
Process Owner/
Execution agency/
Functional Team
Members
Process Owner/
Execution agency/
Functional Team Head
P7. Identifying the corrective actions to be
implemented to avoid its
reoccurrence in the same or other
projects
Nominated persons/ team / Process Owner
Nominated persons/
team
Process Owner/
Execution Agencies/ Functional
Team Members
Process Owner/
Execution Agencies/ Functional
Team Members
Process Owner/ other stakeholder
D2. Seek approval for
implementation; Is approved?
Nominated persons/
team
Functional Head/HOD
Process Owner/
Execution Agencies/ Functional
Team Members
Process Owner/
Execution Agencies/ Functional
Team Members/ Nominated
person/team
Process Owner/
Execution Agencies/ Functional
Team Members/ Nominated
person/teamP9.
Implementation of output of RCA
(Corrective actions)
Process Owner /
Execution agency
Process Owner
Functional Team
Members/ Process Owner/
Functional Team
members / Nominated
Person/team/
Functional Head/ Process owner/
Executing
IMS MANUAL COMMON PROCESSES
Page 94 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.4 Doc. No.: SISCOL-IMS-MANUAL
Execution Agencies
Relevant Interested
Party
Agency / Relevant
Interested Party
P10. Modify implementation
plan
Nominated persons/
team
Nominated persons/
team
Functional Team
Members/ Process Owner/
Execution Agencies
Functional Team
Members/ Process Owner/
Execution Agencies
Functional Head/ Process Owner/
Execution Agencies
P11. Review the implementation
and evaluate effectiveness of
Corrective actions
Process Owner /
Execution agency
Functional Heads
Functional Team
Members/ Process Owner/
Execution Agencies
Functional Team
Members/ Process Owner/
Execution Agencies
Functional Head/ Process Owner/
Execution Agencies
P12. Present/report
the effectiveness of corrective
actions to concerned HOD/ PD/RCM/Leadership team (as per
requirement)
Process Owner /
Execution agency
Functional Heads
Functional Team
Members/ Process Owner/
Execution Agencies
Functional Team
Members/ Process Owner/
Execution Agencies
HOD/Function Heads
P13. Updation of existing
documents (QA Plans, EHS, Risk assessment, IS
risk assessment, OCPs,
Procedures, SOPs)
Process Owner
Functional Heads
Functional Team
Members/ Process Owner/
Execution Agencies
Functional Team
Members/ Process Owner/
Execution Agencies
HOD/Function Heads
1.4.5. ROAM
Probable/ Envisaged
Sl. No. Description Possible Mitigation Plan/
Most-likely Benefits
RISK
1 NCs not identified during life
cycle of project which results in failure of component/equipment
All efforts to be done to identify and raise NCs during life cycle of
project. Conducting periodic audits.
2 Resolution of NCs kept on hold for longer time which delays progress of project or delivery schedule.
All NCs shall be resolved with proper corrective action within specified
time period 3 Irrelevant/ illogical or wrong RCA Support from experts to be taken for
IMS MANUAL COMMON PROCESSES
Page 95 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.4 Doc. No.: SISCOL-IMS-MANUAL
done against NCs proper RCA
4 Improper or ineffective corrective actions/correction
Correction/Corrective actions to be verified for effective and proper
implementation.
OPPORTUNITY
1
Identification of NCs at right time during execution of project or
mfg. processes of components/equipment
NCs can be resolved with proper corrective action and avoid failure
of component/equipment.
2 Analysis of NCs Benefit in smooth execution of New
projects
3 Proper, logical RCA and effective
implementation of CAs Arresting the recurrences.
1.4.6. KPIs
KPI Objective Formula UoM Identification of
Correction, Corrective
Action, RCA
Within specified time by Leadership Team/Functional
Heads
100% identification within specified time
Numbers of days
Resolution of NCs Within specified time by
Leadership Team/Functional Heads
100% identification within specified time
Numbers of days
Recurrence of NCs
Arresting the cause of problem on account of same
issue Zero recurrence Numbers
IMS MANUAL COMMON PROCESSES
Page 96 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.5 Doc. No.: SISCOL-IMS-MANUAL
1.5. Competency Development
1.5.1. Process Flow
IMS MANUAL COMMON PROCESSES
Page 97 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.5 Doc. No.: SISCOL-IMS-MANUAL
1.5.2. Process Notes
P1. 1. The required job description for the position to be filled shall be identified by Business Manager/HOD, prior to selection process.
2. The JD to be approved by Functional Head/HOD and sent to HR for further processing
3. Competency Matrix Sheet gets generated, which captures the skill sets required for all the process/levels/functions/personnel. This shall be made by HODs with assistance from Training Team.
P2. During selection of the prospective employee, HR to scout and ensure personnel meets the JD. Interview panel conducts the interview. Selection Process (in HR DCP) is also referred to here.
P3. The gaps in the interview are captured in Interview Sheet, as well as during day to day review and also during the appraisal process of the employee. Competency Matrix Sheet gets filled for the function/level/process/personnel, and there by the gaps against the required skill-sets gets emanated. This process shall be carried out prior to start of financial year/issue of annual training calendar by Training Team; and as-and-when new profile is necessitated.
P4. The gaps are the input for identification of training needs for the department/ of all the personnel/profiles.
P5. The training needs are forwarded to Training Team for planning and execution of the same. Updating the training needs in Records. Both the technical and behavioural training needs to be identified.
P6. Training Team/HR/Ext. Agency conducts training programmes. Training feedback for all the trainings to be obtained by Training Team and analysed for circulation to the relevant interested parties.
D1. The effectiveness of the training imparted should be evaluated by Training Team along with reporting manager within 3 months from the completion of training. Ref.: Training Effectiveness Process of Training Team. Assess the gaps if the effectiveness is not up to the mark for re-conducting the training (can be on-job/classroom based/discussion/seminar etc.)
P7. Continuous/Regular/Periodic monitoring & updating the competence for re-mapping and once-again the cycle begins.
1.5.3. SIPOC
Trigger – System for identifying the job requirements, job competence & identifying competency gaps; obtaining training feedback, training effectiveness and subsequently enhancing the competence of all the employees of SISCOL Frequency – Continuous
IMS MANUAL COMMON PROCESSES
Page 98 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.5 Doc. No.: SISCOL-IMS-MANUAL
Supplier Input P Output Customer JD – Business
Managers; Competence
Reqmnt.: HR in discussion with
DH/PDs/Business Managers
Existing and future business
requirement O1. Competency
Matrix Sheet Department/ Employees
Training Team Selection Process (in
HR DACP) O2. Filled Interview
SheetHOD/FH/Training
Team/HR
I1. HOD/FH I2. HR
I1. Competency Matrix Sheet
I2. Interview Sheet O3. Filled
Competency Matrix HOD/FH/Training
Team/HR
HOD/FH/Training Team/HR
Training Content/ Framework
O4. Training Feedback
HOD/FH/Training Team/HR
Training Team/HR Training
Effectiveness Framework
O5. Training Effectiveness Report
HOD/FH/Training Team/HR
1.5.4. RASCI
Activity Responsible Accountable Support Consult Inform P1. Identification of various job profiles along with detailed
competence requirements
Functional Heads HOD Training
Team/HR
Head Training/ Head HR
Top Management
P2. Selection of the potential personnel for
the identified job
Functional Heads HOD
Training Team/HR
Head Training/ Head HR
Top Management
P3. Identification of gaps vis-à-vis
competence required
Functional Heads HOD Employees
Head Training/ Head HR
Top Management
P4. Identification of training needs of all the
personnel/profiles
Functional Heads HOD Employees
Head Training/ Head HR
Top Management
P5. Forward the training needs to HR for planning
and execution of the same. Updating the
training needs in PODP/Records
Functional Head HOD Employees
Head Training/ Head HR
Top Management
P6. Conduct of training programmes by
Training/HR/Ext. Agency and obtaining
training feedback
Training Team/HR
HOD Faculty Employees Top Management
D1. Evaluation of effectiveness of training
Functional Head Training Team Employee
Head Training/
Top Management
IMS MANUAL COMMON PROCESSES
Page 99 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.5 Doc. No.: SISCOL-IMS-MANUAL
Head HR P7. Continuous/ Regular/Periodic
monitoring & updating the competence
Functional Head
HOD Employee Head
Training/ Head HR
Top Management
P8. Assess the gaps Functional Head
HOD Employee Head
Training/ Head HR
Top Management
1.5.5. ROAM
Probable/ Envisaged
Sl. No.
Description Possible Mitigation Plan/ Most-likely Benefits
RISK (What can go
wrong?)
1 Selection of incompetent personnel
Identify job and skill requirement and involve concerned personnel in
selection process.
2 Wrong identification of required
gapProper identification of gap by
senior people/HODs
3 Ineffective training to fill the gap
Training effectiveness to be evaluated
OPPORTUNITY
1 Selection of skilled and competent personnel
Improves the operational excellence
2 Competency gap identification Proper / relevant gap identification by HR with FHs
3 Evaluation of training effectiveness
Training to be ensured for effectiveness
1.5.6. KPIs
KPI Objective Formula UoM
Selection of the potential personnel for
the identified job
Ensure the resource is available for as per
the JD (or close match) requirement
Prior to start of intended work
Always
Identification of gaps vis-a-vis competence
required
Ensure the Competency Mapping
is carried out and gaps are identified in every
dept./project
100% of the cases Always
Increase in Competency Levels of Personnel/Process/
Function
Pre and Post Training interventions
As defined for the FY in the Objective of HR/Function/
Project
% Increase
Training mandays per employee
Conducting minimum no. of mandays of
training
Training mandays per employee Number
IMS MANUAL COMMON PROCESSES
Page 100 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.6 Doc. No.: SISCOL-IMS-MANUAL
1.6. Management Review Meeting
1.6.1. Process Flow
IMS MANUAL COMMON PROCESSES
Page 101 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.6 Doc. No.: SISCOL-IMS-MANUAL
1.6.2. Process Notes
P1.
1. MRM to be conducted on yearly basis 2. Project Review meetings/ Departmental review meeting 3. Quarterly Risk Review Meeting 4. MRM committee includes functional heads of SISCOL and for PRM etc. teams will be
constituted by respective Functional Heads.
P2. Information to be received at least one week prior to the MRM and it should include various information related to projects & manufacturing like status of NCs / Audits, Customer feedback, corrective action, internal reviews, ongoing progress etc.
P3.; P4 The agenda should be finalized based on the action points of last MRM, business requirements, IMS requirements and shall be circulated to all concerned participants of MRM committee one week prior to MRM, details for minimum MRM agenda point is mentioned below.
P5. All the agenda points to be discussed during MRM.
P6. Discussion points to be noted during MRM and a minutes of MRM will be formed and same needs to be circulated to MRM committee and relevant interested parties within 2 days of meet.
P7. IMS team will prepare action plan w.r.t points / issues discussed during MRM in consultation with members of MRM committee and circulation of the same will be done to all stakeholders for implementation.
D1. Completeness of the actions as per defined time frame.
P8. MRM committee member shall interact with stakeholders / process owner for expediting of closure action plan taken.
P9. Recording of action take and Verification/effectiveness of points from previous MRM.
Minimum agenda for IMS Management Review Meeting:
● Status of actions from previous management reviews ● Changes in external and internal issues relevant to IMS, including strategic
directions ● Review of Context of the Organization ● Review of Needs & expectations of interested parties ● Information on IMS’s performance, including trends and indicators for:
o Nonconformities and corrective actions o Monitoring and measurement results o Audit results o Customer satisfaction o Feedback from relevant interested parties o performance of external providers o process performance and conformity of products and services
IMS MANUAL COMMON PROCESSES
Page 102 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.6 Doc. No.: SISCOL-IMS-MANUAL
o the extent to which quality objectives have been met ● Issues concerning external providers and other relevant interested parties ● Adequacy of resources required for maintaining effective QMS ● Process improvement and conformity of products and services ● Effectiveness of actions taken to address risks and opportunities ● New potential opportunities for continual improvement
1.6.3. SIPOC
Trigger – Conduction of Management Review Meeting Frequency – Once in a year
Supplier Input P Output Customer
Functional Heads, Process owner
● Status of actions from previous management reviews
● Changes in external and internal issues relevant to IMS, including strategic direction
● Review of Context of the Organization
● Review of Needs & expectations of interested parties
● Information on IMS’s performance, including trends and indicators for:
o Nonconformities and corrective actions
o Monitoring and measurement results
o Audit results o Customer satisfaction o Feedback from relevant
interested parties o performance of external
providers o process performance and
conformity of products and services
o the extent to which quality objectives have been met
● Issues concerning external providers and other relevant interested parties
● Adequacy of resources required for maintaining effective QMS
● Process improvement and conformity of products and services
● Effectiveness of actions taken to address risks and opportunities
● New potential opportunities for continual improvement
Agenda for
MRM discussion
Stake holders / interested parties
IMS MANUAL COMMON PROCESSES
Page 103 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.6 Doc. No.: SISCOL-IMS-MANUAL
Quality / EHS / IT
MRs Agenda For MRM Discussion
MOM and Action Plan of
MRM
Process Owner,
Functional Heads,
MRM Participa
ntsProcess
Owners / MRs (QMS
/EHS / ISMS) /
functional Heads
MOM and Action Plan of MRM Updated MRM
Output Stakehold
ers
1.6.4. RASCI
Activity Responsible Accountable Support Consult Inform Establish frequency
for MRM and constitution of MRM
committee
MR / Functional
Heads
Top Management
Process owner
- MRM
Committee / Stakeholders
Receipt of information from various projects/
functions/ manufacturing
facilities on Status of NC/ audits/ customer feedback/ Corrective
actions/ internal reviews/ ongoing
progress etc.
Process Owners
Functional Heads
Process Owner / IMS
Team HODs
MRM Committee
Preparation Finalization of
agenda for MRM MR MR
Functional Heads / IMS
Team
Top Management
MRM Committee
Circulation of agenda to all the concerned participants (MRM
Committee)
MR MR IT Team - MRM
Committee
Conduct of MRM MR Top
Management Functional
Heads -
Participants of the
meetingPreparation of minutes of MRM including continual improvement issues, Risk & Opportunities
MR MR
Top Management
/ MRM Committee
- MRM
Committee
Circulation of MR Top - Functional Stakeholder /
IMS MANUAL COMMON PROCESSES
Page 104 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.6 Doc. No.: SISCOL-IMS-MANUAL
minutes of MRM for implementation to all the members
Management Heads Interested parties
Review of actions Top Management
Top Management
Functional Heads / MR
- MRM
Committee / stakeholders
Recording of actions taken and review of effectiveness of MRM
Top Management
Top Management
Functional Heads / MR
- MRM Committee
1.6.5. ROAM
Probable/ Envisaged
Sl. No. Description
Possible Mitigation Plan/ Most-likely Benefits
RISK
1 Missing of important/critical
issues
● Agenda to be prepared in advance by considering all the important/critical issues and an effective review to be done before finalization.
● Emergency MRM can be organised in case of exigency.
2 Ineffectiveness of MRM
MRM to be attended by all HODs with defined agenda and all records to be kept for reference and action
plans
OPPORTUNITY 1 Platform to identify, review and monitor important/critical issues
Helps for smother execution of IMS and various business processes
1.6.6. KPIs
KPI Objective Formula UoM
MRM Conduction of MRM to ensure
healthiness of QMS/IMS As defined Period
MRM Review of all the agenda points mentioned in MRM
agenda
All the agenda points to be reviewed / discussed %
IMS MANUAL COMMON PROCESSES
Page 105 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.7 Doc. No.: SISCOL-IMS-MANUAL
1.7. Objective Setting
1.7.1. Process Flow
IMS MANUAL COMMON PROCESSES
Page 106 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.7 Doc. No.: SISCOL-IMS-MANUAL
1.7.2. Process Notes ● P1. Thrust areas/Strategy map of SISCOL are identified at the start of FY ● Mission & Vision statement, IMS Policy, context of the organization, market trends,
competitor analysis etc. will become the bare minimum input for this workshop. ● P2. All the Thrust areas are communicated to Department Heads within 1 week for
identification and finalization of their departmental objectives. ● P3; P4. Identification & Finalization of Departmental objectives and its approval by
leadership team shall be completed as per HR timelines. ● P5. P6 Objective of Department once approved by Leadership team shall be shared
within the function and based on the objectives setting shall be carried out at sub function levels as per HR timelines.
● D1. Review of the objective setting shall be done by Functional Heads. ● P7. Approval of Objective setting shall be done with identification of training
needs. ● D2. Midterm review of objective shall be conducted by Reporting Manager/HODs ● P8. Any changes and action plan shall be communicated and implemented. ● P9. Update actions on regular basis as and when required. ● Adequacy of resources required for maintaining effective IMS
1.7.3. SIPOC
Trigger – Objective setting Frequency – Yearly
Supplier Input P Output Customer Top
Management Front End Marketing Corporate Strategy
L&T Power Mission/ Vision/ Policy/ market trends/ competitor analysis /
Results of KPIs / Context of Organization Thrust Area
Business Units &
Functional Heads
HR Head Top
Management
Thrust areaL&T Power Mission/ Vision/ Policy/
market trends/ competitor analysis / Results of KPIs
Departmental
Objectives
Functional Team
members
Department Head Approved Departmental objectives
Functional / Process / individual objectives
Functional Team
Members.
1.7.4. RASCI
Activity Responsible Accountable Support Consult Inform Identification of
SISCOL’s Thrust Area Top
Management Top
ManagementFunctional
HeadsBusiness Strategy
Functional Heads
Communication of Thrust Areas to HODs
Head HR Head HR IT
Department
Business Strategy
Top Management / Functional
IMS MANUAL COMMON PROCESSES
Page 107 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.7 Doc. No.: SISCOL-IMS-MANUAL
HeadsIdentification and
finalisation of Department / Project objectives / KPIs of Functions Level /
Process
Department Head
Department Head
Functional Team
Members Head HR Head HR
Approval of objective by leadership
Top Management
Top Management HR HR HR
Sharing/communication of approved objective
within the function
Department Head
Department Head
HR HR Functional
Team members
Objective setting by Individual
Functional in charge
Department Head
HR
Functional Team
Members / Process Owners
HR
Review & Approval of objectives by
Department Heads
Department Heads
Department Heads
Functional in charges - HR
Midterm review of objectives
Department Heads
Department Heads
Functional Team
members
Functional in charges HR
Updating of actions on regular basis
Department Heads
Department Heads
Functional Team
members
Functional in charges
HR / Functional
Team Members
1.7.5. ROAM
Probable/ Envisaged
Sl. No. Description Possible Mitigation Plan/
Most-likely Benefits
RISK
1 Missing the link of objectives
among organization, departments and individuals.
Objectives shall be approved by assigned authorities, and link to be ensured by proper communication
2 Possibility of identifying non-measurable objectives
Care to be taken by ensuring SMART objectives by approving KPI by
assigned authorities.
3 Missing or failure of objectives by misdirecting the efforts/work
Regular monitoring to be done by individual and same is ensured
through MTR.
OPPORTUNITY
1 Establishing link among the
organization, departments and individuals
Efforts to be directed to achieve objectives
2 Ensuring to take SMART objectivesObjectives will be effective and
beneficial.
3 Clear Guidelines / work
instructions in form of objective Better Employee Engagement
IMS MANUAL COMMON PROCESSES
Page 108 of 118 Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – B.7 Doc. No.: SISCOL-IMS-MANUAL
1.7.6. KPIs
KPI Objective Formula UoM
Objective Setting To set measurable objectives for SISCOL at start of FY
Numbers days
Objective Setting To set measurable objectives for
Departments
7 days from the formation of SISCOL’s
objectives days
Objective Setting To set measurable objectives for
function/level/employees
14 days from the formation of SISCOL’s
objectives days
Mid-Year Review
Mid-year review of performance objectives for
organization/department/ function/level/employees
October days
Final Year Review
Final year review of performance objectives for
organization/department/ function/level/employees
March days
IMS MANUAL TERMS & DEFINITIONS
Page 109 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
TERMS & DEFINITIONS
Acceptable Risk Risk that has been reduced to a level that can be tolerated by the
organization having regard to its objectively to determine the extent to which “audit criteria” are fulfilled
Access Control means to ensure that access to assets is authorized and restricted based on business and security requirements.
Analytical Model Algorithm or calculation combining one or more base measures and/or derived measures with associated decision criteria.
Asset Any tangible or intangible thing or characteristic that has value to an organization
Audit Systematic, independent and documented process for obtaining audit
objective evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled
Audit Criteria Set of policies, procedures or requirements used as a reference against
which objective evidence is compared
Audit Evidence Records, statements of fact or other information which are relevant to the
audit criteria and verifiable
Audit Findings Results of the evaluation of the collected audit evidence against audit
criteriaAudit Scope Extent and boundaries of an audit
Availability Something is available if it is accessible and usable when an authorized
entity demands access
Availability Property of being accessible and usable upon demand by an authorized
entity (ISO 27000)
Audit Programme Set of one or more audits planned for a specific time frame and directed
towards a specific purpose Audit Plan Description of the activities and arrangements for an audit
Audit Conclusion Outcome of an audit, after consideration of the audit objectives and all
audit findingsAudit Client Organization or person requesting an audit
Auditee Organization being audited
Audit Team One or more persons conducting an audit, supported if needed by technical
expertsAuditor Person who conducts an audit
Authentication Provision of assurance that a claimed characteristic of an entity is correctAuthenticity Property that an entity is what it is claims to be
Attack any unauthorized attempt to access, use, alter, expose, steal, disable, or
destroy an asset or information
Attack Attempt to destroy, expose, alter, disable, steal or gain unauthorized access
to or make unauthorized use of an asset Business It is a capability of an organization to continue its business of delivering its
IMS MANUAL TERMS & DEFINITIONS
Page 110 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Continuity products and services at acceptable predefined levels after disruptive incidents occur. Organizations use business continuity procedures and
processes to help ensure that operations continue after disruptive incidents occur
Base Measure Measure (2.47) defined in terms of an attribute (2.4) and the method for
quantifying it
Capability Ability of an object to realize an output that will fulfill the requirements for
that outputCompetence Ability to apply knowledge and skills to achieve intended results
Continual Improvement Recurring activity to enhance performance
Confidentiality The property that information is not made available or disclosed to
unauthorized individuals, entities or processes Correction Action to eliminate a detected nonconformity
Corrective Action Action to eliminate the cause of a nonconformity and to prevent recurrenceCustomer
Satisfaction Customer’s perception of the degree to which the customer’s expectations
have been fulfilledCustomer
Satisfaction code of conduct
Promises, made to customer by an organization concerning its behavior, that are aimed at enhanced customer satisfaction and related provisions.
Context of the Organization
combination of internal and external issues that can have an effect on an organization’s approach to developing and achieving its objectives
Control is any administrative, managerial, technical, or legal method that is used to
modify or manage information security risk Control Measure that is modifying risk (ISO 27000)
Consequence Outcome of an event affecting objectives
Customer Person or organization that could or does receive a product or a service that
is intended for or required by this person or organization
Change Control
Activities for control of the output after formal approval of its product configuration information. Changes to the organization, business processes,
information processing facilities and systems that affect information security shall be controlled
Control Objectives
An information security control objective is a statement that describes what organization’s information security controls are expected to achieve.
Control Objective Statement describing what is to be achieved as a result of implementing
controls (ISO 27000)Continual
Improvement is a set of recurring activities that are carried out in order to enhance the performance of processes, products, services, systems, and organizations.
Contract Binding agreementConformity Fulfilment of a requirement
Configuration Interrelated functional and physical characteristics of a product or service defined in product configuration information
IMS MANUAL TERMS & DEFINITIONS
Page 111 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Configuration base line
Approved product configuration information that establishes the characteristics of a product or service at a point in time that serves as
reference for activities throughout the life cycle of the product or service
Configuration status accounting
Formalized recording and reporting of product configuration information, the status of proposed changes and the status of the implementation of
approved changesCompetence Ability to apply knowledge and skills to achieve intended results
Complaint Expression of dissatisfaction made to an organization, related to its product or service, or the complaints-handling process itself, where a response or
resolution is explicitly or implicitly expected
Customer Service Interaction of the organization with the customer throughout the life cycle
of a product or a service
Concession Permission to use or release a product or service that does not conform to
specified requirements
Combined Audit Audit carried out together at a single auditee on two or more management
systems
Data Collection of values assigned to base measures, derived measures and/or
indicatorsDefect Nonconformity related to an intended or specified use
Design and Development
Set of processes that transform requirements for an object into more detailed requirements for that object
Document Information and the medium on which it is containedDocumented Information
Information required to be controlled and maintained by an organization and the medium on which it is contained
Determination Activity to find out one or more characteristics and their characteristic
valuesEffectiveness Extent to which planned activities are realized and planned results achieved
Event Occurrence or change of a particular set of circumstances
Environment Surroundings in which an organization operates, including air, water, land,
natural resources, flora, fauna, humans, and their interrelationEnvironment
Aspect Element of an organization’s activities, products or services that can interact
with the environmentEnvironment
Impact Any change to the environment, whether adverse or beneficial, wholly or partially resulting from an organization’s activities, products or services
Environmental Management System (EMS)
Part of an organization's management system used to develop and implement its environmental policy and manage its environmental aspects
Environment Objective
Overall environmental goal, arising from the environmental policy, that an organization sets itself to achieve, and which is quantified where practicable
Environmental Performance
Measurable results of the environmental management system, related to an organization’s control of its environmental aspects, based on its
environmental policy, objectives and targets Environmental Overall intentions and direction of an organization related to its
IMS MANUAL TERMS & DEFINITIONS
Page 112 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Policy environmental performance as formally expressed by top management
Environment Target
Detailed performance requirement, quantified where practicable, applicable to the organization or parts thereof, that arises from the environmental objectives and that needs to be set and met in order to achieve those
objectives
External Context External environment in which the organization seeks to achieve its
objectives
External Supplier Supplier that is not part of the organization for providing a product or a
service
Feedback Opinions, comments and expressions of interest in a product, a service or a
complaints-handling process Governance of
Information Security
System by which an organization’s information security activities are directed and controlled
Grade Category or rank given to different requirements for an object having the
same functional useGuide Person appointed by the auditee to assist the audit team
Guidelines The steps that are taken to achieve objectives and implement policies.
Guidelines clarify what should be done and how
Hazard Source, situation, or act with a potential for harm in terms of human injury
or ill health, or a combination of these Hazard
Identification Process of recognizing that a hazard exists and defining its characteristics
Human Factor Characteristic of a person having an impact on an object under consideration
Ill Health Identifiable, adverse physical or mental condition arising from and/or made
worse by a work activity and/or work-related situation
Incident Work-related events in which an injury or ill health (regardless of severity)
or fatality occurred, or could have occurred
Infrastructure System of facilitates, equipment & services needed for the operation of an
organizationInformation Need Insight necessary to manage objectives, goals, risks and problems
Information Processing Facilities
Any information processing system, service or infrastructure, or the physical location housing it
Information System
Applications, services, information technology assets, or other information handling components
Information Security
Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-
repudiation and reliability can also be involved Information
Security Continuity
Processes and procedures for ensuring continued information security operations
Information Identified occurrence of a system, service or network state indicating a
IMS MANUAL TERMS & DEFINITIONS
Page 113 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Security Event possible breach of information security policy or failure of controls, or a previously unknown situation that may be security relevant
Information Security Incident
A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and
threatening information security Information
Security Incident Management
Processes for detecting, reporting, assessing, responding to, dealing with, and learning from information security incidents
Information Security
Management System (ISMS)
That part of the overall management system, based on a business risk approach, to establish, implement, maintain, operate, monitor, review, and
improve information security
Inspection Determination of conformity to specified requirements
Interested Party Person or organization that can affect, be affected by, or perceive itself to
be affected by a decision or activity (ISO 9001)
Interested Party Person or group concerned with or affected by the environmental
performance of an organization (ISO 14001)
Interested Party Person or group, inside or outside the work place, concerned with or affected by the OH&S performance of an organization (OHSAS 18001)
Interested Party Person or organization (2.57) that can affect, be affected by, or perceive
themselves to be affected by a decision or activity (ISO 27000)
Internal Context Internal environment in which the organization seeks to achieve its
objectives
Internal Audit
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the environmental management system audit criteria set by the organization are
fulfilled
Integrity The property of safeguarding the accuracy and completeness of assets
(Property of accuracy and completeness) Improvement Activity to enhance performance Joint Audit Audit carried out at a single auditee by two or more auditing organizations.
Level of Risk Magnitude of a risk expressed in terms of the combination of consequences
and their likelihoodLikelihood Chance of something happening
Management Coordinated activities to direct & control an organization
Measuring Equipment
Measuring instrument, software, measurement standard, reference material or auxiliary apparatus or combination thereof necessary to realize a
measurement processManagement
System Set of interrelated or interacting elements of an organization to establish
policies and objectives and processes to achieve those objectivesMetrological Confirmation
Set of operations required to ensure that measuring equipment conforms to the requirements for its intended use
Measure Variable to which a value is assigned as the result of measurement
IMS MANUAL TERMS & DEFINITIONS
Page 114 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Measurement Management
System
Set of interrelated or interacting elements necessary to achieve metrological confirmation and control of measurement processes
Measurement
Is a process that is used to determine a value. In the context of information security management, measurement is a process that is used to obtain
information about the effectiveness of an Information Management System (ISMS) and the controls that it uses
Measurement Function
Algorithm or calculation performed to combine two or more base measures
Measurement Method
Logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale
Measurement Results
One or more indicators and their associated interpretations that address an information need
Mission Organization’s purpose for existence as expressed by top management
Monitoring Determining the status of a system, a process, a product, a service, or an
activityMonitoring Determining the status of a system, a process or an activity (ISO 27000)
Measurement Process Set of operations to determine the value of a quantity
Nonconformity Non fulfillment of a requirement or a failure to meet a requirement
Non-Repudiation Ability to prove the occurrence of a claimed event or action and its
originating entitiesObserver Person who accompanies the audit team but does not act as an auditor
Organization person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives
Outsource Make an arrangement where an external organization performs part of organization’s function or process
Object Item characterized through the measurement of its attributes Objective Result to be achieved
Output Result of a process Objective Evidence Data supporting the existence or verify of something
Occupational Health and Safety
(OH&S)
Conditions and factors that affect, or could affect the health and safety of employees or other workers (including temporary workers and contractor’s
personnel), visitors or any other person in the workplaceOH&S
Management System
Part of an organization’s management system used to develop and implement its OH&S policy and manage its OH&S
OH&S Objective OH&S goal, in terms of OH&S performance, that an organization sets itself to
achieveOH&S
Performance Measurable results of an organization’s management of its OH&S risks
OH&S Policy Overall intentions and direction of an organization related to its OH&S
IMS MANUAL TERMS & DEFINITIONS
Page 115 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
performance as formally expressed by top management
Organization Person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives
Outsource Make an arrangement where an external organization performs part of an organization’s function or process
Preventive action Action to eliminate the cause of a potential nonconformity or other potential undesirable situation
Prevention of Pollution
Use of processes, practices, materials, or products that avoid, reduce or control pollution, which may include recycling, treatment, process changes,
control mechanisms, efficient use of resources and material substitutionProcedure Specified way to carry out an activity or a process
Product Output of an organization that can be procured without any transaction taking place between the organization and the customer
Product Configuration Information
Requirement or other information for product design, realization, verification, operation and support
Process Set of interrelated or interacting activities that use resources to transform
inputs into outputs. (Inputs to deliver an intended results)
Process Set of interrelated or interacting activities which transforms inputs into
outputs (ISO 27000)
Project Unique process consisting of a set of coordinated & controlled activities with
start & finish dates, undertaken to achieve an objective conforming to specific requirements including the constraints of time, cost & resources
Policy Intentions and direction of an organization as formally expressed by its top
managementPerformance Measurable result
Quality Degree to which a set of inherent characteristics of an object fulfils
requirements
Quality Assurance Part of quality management focused on providing confidence that quality
requirements will be fulfilled Quality Control Part of quality management focused on fulfilling quality requirementsQuality Policy Policy related to quality
Quality Management
Management with regard to quality
Quality Manual Specification for the quality management system of an organizationQuality Plan Specification for the quality management system of an organization
Quality Planning part of quality management focused on setting quality objectives and
specifying necessary operational processes, and related resources to achieve the quality objectives
Quality Improvement
Part of quality management focused on increasing the ability to fulfil quality requirements
Quality Management
Part of a management system with regard to quality
IMS MANUAL TERMS & DEFINITIONS
Page 116 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
System Quality
Management System
Realization
Process of establishing, documenting, implementing, maintaining and continually improving a quality management system
Quality Requirement Requirement related to quality
Quality Objective Objective related to quality
Record Document stating results achieved or providing evidence of activities
performedResidual Risk The risk remaining after risk treatment
Reliability Property of consistent intended behavior and results
Review Determination of the suitability, adequacy or effectiveness of the subject
matter to achieve established objectives Review Object Specific item being reviewed
Review Objective Statement describing what is to be achieved as a result of a review Rework Action on a nonconforming product to make it conform to the requirements
Requirement Need or expectation that is stated, generally implied or obligatory, by an
organization, its customers, or other interested partiesRegulatory
Requirement Obligatory requirement specified by an authority mandated by a legislative
body
Repair Action on a nonconforming product or service to make it acceptable for the
intended useRisk Effect of uncertainty on objectives
Risk Combination of the likelihood of the occurrence of a hazardous event or
exposure(s) and the severity of the injury or ill health that can be caused by the event or exposure(s) (OHSAS 18001)
Risk Acceptance Decision to accept a riskRisk Acceptance Informed decision to take a particular risk (ISO 27000)
Risk criteria Risk criteria are terms of reference and are used to evaluate the significance
or importance of an organization’s risks. They are used to Determine whether a specified level of risk is acceptable or tolerable
Risk Criteria Terms of reference against which the significance of risk is evaluated (ISO 27000)
Risk Assessment overall process of risk identification, risk analysis and risk evaluationRisk Identification Process of finding, recognizing and describing risks
Risk Analysis Process to comprehend the nature of risk and to determine the level of riskRisk
Communication and Consultation
Continual and iterative processes that an organization conducts to provide, share or obtain information, and to engage in dialogue with stakeholders
regarding the management of risk
Risk Evaluation Process of comparing the results of risk analysis with risk criteria to
determine whether the risk and/or its magnitude is acceptable or tolerable
IMS MANUAL TERMS & DEFINITIONS
Page 117 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
Risk Management Co-ordinated activities to direct and control an organization with regard to
risk
Risk Management Process
Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk
Risk Owner A risk owner is a person or entity that has been given the authority to
manage a particular risk and is accountable for doing so
Risk Treatment Process of selection and implementation of measures/controls to modify risk
(Process to modify risk)Security
Implementation Standard
Document specifying authorized ways for realizing security
Stakeholder Person or organization that can affect, be affected by, or perceive
themselves to be affected by a decision or activity
Statement of Applicability
Documented statement describing the control objectives and controls that are relevant and applicable to the organization’s Information Security Management System (ISMS). It also give justification for inclusion or
exclusion of controlsSystem Set of interrelated or interacting elements Supplier Organization that provides a product or a service Strategy Plan to achieve a long-term or overall objective Statutory
Requirement Obligatory requirement specified by a legislative body
Success Achievement of an objective Sustained Success Success over a period of time
Service Output of an organization with at least one activity necessarily performed between the organization and the customer
Test Determination according to requirements for a specific intended use or
applicationTraceability Ability to trace the history, application or location of an object
Threat Potential cause of an unwanted incident, which may result in harm to a
system or organization (ISO 27000)
Top Management Person or group of people who directs and controls an organization at the
highest levelTechnical Expert Person who provides specific knowledge or expertise to the audit team
Trusted Information
Communication Entity
Autonomous organization supporting information exchange within an information sharing community
Unit of Measurement
Particular quantity, defined and adopted by convention, with which other quantities of the same kind are compared in order to express their
magnitude relative to that quantity Validation Confirmation, through the provision of objective evidence, that the
IMS MANUAL TERMS & DEFINITIONS
Page 118 of 118Eff.: 6th Feb, 2018
Rev. No.: 00 Annexure – C Doc. No.: SISCOL-IMS-MANUAL
UNCONTROLLED DOCUMENT IF PRINTED
requirements for a specific intended use or approach have been fulfilled
Verification Confirmation, through the provision of objective evidence that specified requirements have been fulfilled
Vulnerability Weakness of an asset or control that can be exploited by one or more threats
Vision Aspiration of what an organization would like to become as expressed by top
managementWork
Environment Set of condition under which work is performed