Sabado, Disyembre 18, 2010

The Legal Compliance of Quality Management System by Jolito Ortizo Padilla



Legal compliance can be tricky area for auditors of management systems. To begin with, most professional training courses recommend focusing on system elements and avoiding decisions on what statutory or regulatory requirements apply to the product or service in question, let alone judging the level of actual compliance achieved.

Even where a direct violation has been identified and agreed with the auditee, the auditor must exercise due caution when writing up a finding. Auditors who identify a serious legal non- conformity may need to consider whether it needs to be reported to the authorities and whether their actions could result in potential liabilities and litigation for themselves , their employer, the client or the auditee. Interpreting the law is highly specialized and determining compliance is fundamentally the responsibility of the auditee or failing that, the competent regulators.

The proliferation of modern laws, regulation and directives can undoubtedly make it difficult to identify what might apply. And whereas environmental, occupational health and safety and social management systems have generally come to grips with assessing legal compliance , quality management systems appear to fall short.

ISO 9001 actually says comparatively little in legal compliance , although the expectation is that organizations should have a defined methodology to identify and apply statutory and regulatory requirements as process inputs. However, ISO 9001 is not explicit about monitoring process outputs to establish compliance. Unlike ISO 14001 and its clones, ISO 9001 does not have a separate clause to put the onus for evaluating compliance status firmly on the auditee organization.

This absence makes it harder for auditors , who generally receive little training in the national legal framework as it relates to quality management , to check the effectiveness of a system in ensuring compliance. The end result is that legal compliance can be dumbed down and even ignored. Except for heavily regulated sectors or products covered by CE marking, it can be difficult to decide which laws apply to the product or services and need to be addressed.

Using a lawyer can be expensive and has not been widely taken up by other certification programs. Also, in contrast to health and safety and environmental law, there is no central point of reference in terms of guidance manuals.

It may may be necessary to take account of other legal requirements that might undrmine the credibility of the quality management system. The ISO 9001 Auditing Practices Group guidance simply states that any deliberate nonconformity to statutory requirements "cannot be ignored".

This brings us to the various protocols for dealing with noncompliance situations. These rules are developed by certification bodies and should be sanctioned by their accreditation service. They are designed to guide the auditor and can affect the outcome of a certification audit. However, they are usually not readily transparent and, as far as organizations undergoing assessment are concerned , may only come to light when an awkward situation arises during an audit.

These protocols can also be controversial. For example, a company could still be awarded an ISO 14001 certificate despite a clear nonconformity to the conditions of its environmental operating permits. The rules allow this on provision that top management was aware of the situation and had endorsed a program , with the agreement of the competent regulatory authority, to attain the required level compliance within a defined period. While there are good reasons for making such allowances , it does contradict the obligatory policy commitment to comply with requirements and in some quarters could even be viewed as devaluing the ISO brand. What if similar protocols were applied to product noncompliance?

To maintain trust and confidence in ISO certification , the conformity assessment community needs a more rubost and transparent approach to legal compliance. Proper alignment between ISO 9001 and ISO 14001 in terms of the evaluation compliance would be a major step forward . There is also need to be clearer guidelines and greater openness about additional hidden rules or protocols.Perhaps more to the point , the ISO 19011 auditing standard needs to catch up with the latest version of ISO 9001 and beef up a competency requirements for auditors , especially in regard to checking legal compliance issues.

Thank you "The Chartered Quality Institute" for being part of the team.. My great appreciations........

2 komento:

  1. Very good information. You also can get more details on legal compliance services in pune

    TumugonBurahin
  2. Thank you for taking the time to provide us with your valuable information. We strive to provide our candidates with excellent care and we take your comments to heart.
    legal management software in india
    legal management software
    legal management software in Chennai

    TumugonBurahin