1、PAS 99:2006Specification of common management system requirements as a framework for integrationICS 03.100.99NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWPUBLICLY AVAILABLE SPECIFICATIONLicensed Copy: Wang Bin, na, Tue Nov 07 01:41:51 GMT+00:00 2006, Uncontrolled Copy, (c) B
2、SIPublishing and copyright informationThe BSI copyright notice displayed in this document indicates when the document was last issued. BSI 2006ISBN 0 580 49059 9Publication historyFirst edition, 31 August 2006Amendments issued since publicationAmd. no. Date Text affectedPAS 99:2006Licensed Copy: Wan
3、g Bin, na, Tue Nov 07 01:41:51 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 2006 iPAS 99:2006ContentsForeword iiIntroduction iii1 Scope 12 Normative references 13 Terms and definitions 24 Common management system requirements 34.1 General requirements 34.2 Management system policy 44.3 Planning 44
4、.3.1 Identification and evaluation of aspects, impacts and risks 44.3.2 Identification of legal and other requirements 44.3.3 Contingency planning 44.3.4 Objectives 54.3.5 Organizational structure, roles, responsibilities andauthorities 54.4 Implementation and operation 54.4.1 Operational control 54
5、.4.2 Management of resources 54.4.3 Documentation requirements 64.4.4 Communication 64.5 Performance assessment 74.5.1 Monitoring and measurement 74.5.2 Evaluation of compliance 74.5.3 Internal audit 74.5.4 Handling of nonconformities 74.6 Improvement 74.6.1 General 74.6.2 Corrective, preventive and
6、 improvement action 84.7 Management review 84.7.1 General 84.7.2 Input 84.7.3 Output 9FiguresFigure 1 Illustration of how the common requirements of multiple management system standards/specifications can be integrated into one common system ivFigure 2 Illustration of how PDCA and the common require
7、ments combine to give the outline structure of the management system vAnnexesAnnex A (informative) Guidance on the background and use of this specification 10Annex B (informative) Common requirements 18Bibliography 20Summary of pagesThis document comprises a front cover, an inside front cover, pages
8、 i to vi, pages 1 to 20, an inside back cover and a back cover.Licensed Copy: Wang Bin, na, Tue Nov 07 01:41:51 GMT+00:00 2006, Uncontrolled Copy, (c) BSIPAS 99:2006ii BSI 2006ForewordThis Publicly Available Specification (PAS) has been prepared by the British Standards Institution (BSI) in partners
9、hip with BSI Management Systems. It is not to be regarded as a British Standard. It will be withdrawn upon publication of its content in, or as, a British Standard.Acknowledgement is given to the following members of a specially constituted Steering Group, who were involved in the drafting of this s
10、pecification.John Hele, BSI Management SystemsDavid Smith, IMS Risk SolutionsTara West, BSI Professional StandardsMartin Baxter, Institute of Environmental Management and Assessment (IEMA)Brian Burroughs, Independent International Organization for Certification (IIOC)Steve Dewhirst, Association of B
11、ritish Certification BodiesDick Hortensius, Netherlands Standards Institute (NEN)Marijke Korteweg, Institute of Quality AssuranceJohn Parkinson, British Chemical Distribution AssociationAcknowledgement is also given to the members of a wider review panel who were consulted in the development of this
12、 specification.This Publicly Available Specification is published by BSI, which retains its ownership and copyright. BSI reserves the right to withdraw or amend this specification on receipt of authoritative advice that it is appropriate to do so. This Publicly Available Specification will be review
13、ed at intervals not exceeding two years, and any amendments arising from the review will be published as an amended Publicly Available Specification and publicized in Update Standards.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for i
14、ts correct application.Organizations should use this PAS in conjunction with the specific requirements of management system standards or specifications to which the organization subscribes e.g. ISO 9001, ISO 14001, ISO/IEC 27001, ISO 22000,ISO/IEC 20000 and OHSAS 18001. Adherence to this PAS does no
15、t ensure conformity with any management system standard or specification. Compliance with a Publicly Available Specification does not of itself confer immunity from legal obligations.The BSI copyright notice displayed in this document indicates when the document was last issued.Licensed Copy: Wang B
16、in, na, Tue Nov 07 01:41:51 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 2006 iiiPAS 99:2006IntroductionMany organizations have adopted or are adopting formal management system standards and/or specifications such as ISO 9001, ISO 14001, ISO/IEC 27001, ISO 22000, ISO/IEC 20000 and OHSAS 18001. Fre
17、quently these are operated as independent systems. In all management systems, however, there are certain common elements which can be managed in an integrated way; the essential unity of all these systems within the overall management system of the organization can then be recognized and used to bes
18、t advantage. Therefore organizations are questioning the approach of having separate systems. To accommodate the growing interest in an integrated approach to management systems and the governance of organizational risk, this specification defines common management system requirements. It is intende
19、d to be used as a framework for implementing common requirements of management system standards or specifications in an integrated way. PAS 99 is primarily meant to be used by those organizations who are implementing the requirements of two or more management system standards. The adoption of this P
20、AS is intended to simplify the implementation of multiple system standards and any associated conformity assessment.Organizations using this PAS should include as input, the specific requirements of management system standards or specifications to which they subscribe e.g. ISO 9001, ISO 14001, ISO/I
21、EC 27001, ISO 22000, ISO/IEC 20000 and OHSAS 18001. Compliance with this PAS does not in itself ensure conformity with any other management system standards or specifications. The particular requirements of each management system standard will still need to be addressed and satisfied if certificatio
22、n, where sought, is to be achieved. Certification to this PAS in its own right is not appropriate.This PAS has been produced to help organizations to achieve benefits from consolidating the common requirements in all management system standards/specifications and managing these requirements effectiv
23、ely. The benefits may include:a) improved business focus;b) a more holistic approach to managing business risks;c) less conflict between systems;d) reduced duplication and bureaucracy;e) more effective and efficient audits both internally and externally.ISO Guide 72 1 for standards writers includes
24、a framework for the common requirements that are found in management system standards. The main requirements are categorized into the following subjects:a) Policy;b) Planning;c) Implementation and operation;d) Performance assessment;e) Improvement;f) Management review.Licensed Copy: Wang Bin, na, Tu
25、e Nov 07 01:41:51 GMT+00:00 2006, Uncontrolled Copy, (c) BSIPAS 99:2006iv BSI 2006Each management system standard has its own specific requirements, but these six subjects will be present in all of them and can be adopted as the basis for integration. This PAS therefore uses the same categorization
26、as a framework for the common management system requirements and each subject will be considered in more detail in the course of this specification.Many of the requirements in standards/specifications are common and these can be practically accommodated under one generic management system as shown i
27、n Figure 1. It follows that the reduction in duplication by combining two or more systems in this way has the potential to significantly reduce the overall size of the management system and improve system efficiency and effectiveness.Figure 1 shows that if the various management system requirements
28、can be so arranged that the core requirements are addressed in a common way, it is possible to integrate the systems to the degree that is most appropriate to the organization whilst minimizing duplication.The framework used in the PAS is based on ISO Guide 72 1 with some modifications, and has been
29、 tested in practice. It applies to all management systems whether they are the subject of a formal management system standard or whether they are less formal systems which form part of the overall management system of the organization. The six common requirements mentioned above should be looked at
30、in conjunction with Plan, Do, Check, Act, which all management systems follow. Figure 2 illustrates how PDCA and the common requirements combine to give the outline structure of the management system.The model used is as follows:Figure 1 Illustration of how the common requirements of multiple manage
31、ment system standards/specifications can be integrated into one common systemSpecificrequirementsforEPAS 99CommonRequirementsSpecificrequirementsforOSpecificrequirementsforQSpecificrequirementsforOMCommonrequirementsCommonrequirementsCommonrequirementsCommonrequirementsEOQOMEOQOMEnvironmentOHb) dete
32、rmine the sequence and interaction of these processes and the applicability for integration of these processes;c) determine criteria and methods needed to ensure that both the operation and control of these processes are effective;d) ensure the availability of resources and information necessary to
33、support the operation and monitoring of these processes;e) monitor, measure and analyse these processes, and implement actions necessary to achieve planned results and continual improvement of the organizations overall performance. Licensed Copy: Wang Bin, na, Tue Nov 07 01:41:51 GMT+00:00 2006, Unc
34、ontrolled Copy, (c) BSIPAS 99:20064 BSI 20064.2 Management system policyTop management shall define the policy of the organization in respect of its management system and ensure that it:a) is appropriate to the organizations activities, products and services;b) includes a commitment to comply with a
35、ll relevant legal and other requirements to which the organization subscribes and to continually improve the effectiveness of the management system;c) provides a framework for establishing and reviewing objectives;d) is communicated to all persons working for or on behalf of the organization;e) is r
36、egularly reviewed for continuing suitability.NOTE Organizations may have a specific policy covering each management system standard that it subscribes to or may combine all of the policy requirements into one policy. 4.3 Planning4.3.1 Identification and evaluation of aspects, impacts and risksThe or
37、ganization shall establish, implement and maintain (a) procedure(s):a) to identify the aspects of its activities, products and services relevant to the scope of the management system;b) to evaluate the risks to the organization by determining and recording those aspects that have or can have a signi
38、ficant impact (i.e significant aspects).The organization shall ensure that the significant aspects are considered when establishing, implementing and maintaining its management system.4.3.2 Identification of legal and other requirementsThe organization shall establish, implement and maintain (a) pro
39、cedure(s) to determine the legal and other requirements relating to its activities, products and services that are relevant to the scope of the management system and take them into account when establishing, implementing and maintaining its management system. 4.3.3 Contingency planningThe organizati
40、on shall establish, document and maintain (a) procedure(s) for identifying and responding to any unplanned event, potential emergency or disaster. This procedure(s) shall seek to prevent or mitigate the consequences of any such occurrence and consider the continuity of the business operations. Licen
41、sed Copy: Wang Bin, na, Tue Nov 07 01:41:51 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 2006 5PAS 99:20064.3.4 Objectives4.3.4.1 The organization shall establish objectives, taking into account its significant aspects, legal obligations, other applicable requirements and its commitment to continu
42、al improvement when implementing its policy. These objectives shall be measurable.4.3.4.2 The organization shall establish, implement and maintain (a) programme(s) for achieving its objectives. 4.3.5 Organizational structure, roles, responsibilities and authorities4.3.5.1 The organizations top manag
43、ement shall appoint (a) specific management representative(s) who, irrespective of other responsibilities, shall have defined roles, responsibilities and authority for:a) ensuring that the management system is established, implemented and maintained in accordance with the requirements of this PAS an
44、d the management system standards/specifications to which the organization subscribes;b) reporting to top management on the performance of the management system for review, including recommendations for improvement.4.3.5.2 The organization shall identify, document and communicate the roles, responsi
45、bilities and authorities of those involved in the management system and their interrelationships within the organization. 4.4 Implementation and operation4.4.1 Operational controlThe organization shall ensure that the operations that are associated with significant aspects are carried out under spec
46、ified conditions in order to meet the organizations policies and objectives as well as legal and other applicable requirements.4.4.2 Management of resources4.4.2.1 The organization shall ensure that all people working for or on behalf of the organization are competent on the basis of appropriate edu
47、cation, training, skills and experience for the tasks assigned to them.4.4.2.2 The organization shall:a) evaluate the effectiveness of the actions taken to ensure competence;b) ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achi
48、evement of the objectives.4.4.2.3 The organization shall determine, provide and maintain the resources and infrastructure needed to achieve its objectives. Licensed Copy: Wang Bin, na, Tue Nov 07 01:41:51 GMT+00:00 2006, Uncontrolled Copy, (c) BSIPAS 99:20066 BSI 20064.4.3 Documentation requirements
49、4.4.3.1 The management system documentation shall include:a) a description of the scope of the management system, including the management systems standards/specifications subscribed to;b) statements of the organizations policies and objectives;c) a system manual describing the main elements of the management system and their interaction, including common policies, processes and procedures and references to related documents;d) the documented procedures and records that are required by this PAS and the management syst
