Integrated Management System ManualQMS, EMS, OHSAS

BASANT ICE CREAMS (REGD.) IMS MANUAL DOC. NO.
BCI/IMS/18/01
(ISO-9001:2015, ISO-14001:2015, ISSUE NO. 01
ISO-45001:2018) ISSUE DATE : 15.03.2018
Integrated Management System

(IMS)
Manual
This manual has been documented around BASNAT ICE CREAMS (REGD.)certified
Management System.
APPROVED B Y : PREPARED BY :
BASANT ICE CREAMS (REGD.) IMS MANUAL DOC. NO. BCI/IMS/18/01
(ISO-9001:2015, ISO-14001:2015, ISSUE NO. 01
ISO-45001:2018) ISSUE DATE : 15.03.2018
Contents
Context of the Organisation....................................................................................................................4
Company Overview.............................................................................................................................4
External and Internal Issues................................................................................................................4
Interested Parties................................................................................................................................4
Vision, Mission and Values..................................................................................................................5
SWOT Analysis.....................................................................................................................................5
Key Business Strategies.......................................................................................................................6
Scope...................................................................................................................................................6
Management Representative .............................................................................................................7
IMS Structure ......................................................................................................................................7
Process Flow .......................................................................................................................................9
Leadership.............................................................................................................................................10
Leadership and Commitment ...........................................................................................................10
Quality Policy ....................................................................................................................................11
Environmental Policy ........................................................................................................................11
Health and Safety Policy ...................................................................................................................12
Organisation Roles, Responsibilities and Authorities .......................................................................13
Planning ................................................................................................................................................15
Actions to Address Risks and Opportunities.....................................................................................15
Legal and Other Requirements .........................................................................................................16
Objectives, Targets and Plans ...........................................................................................................18
Support .................................................................................................................................................19
Resources and Infrastructure............................................................................................................19
Training, Competency and Knowledge Management ......................................................................20
Communication, Consultation and Awareness.................................................................................22
Documented Information and Control of Documents......................................................................23
Operations – Marketing........................................................................................................................25
Marketing - How to Publish a Blog....................................................................................................25
How to Manage Webinars ................................................................................................................26
How to Publish Release Notes ..........................................................................................................26
Reporting End of Month Marketing Lead Performance ...................................................................26
Operations – Sales and Partnering .......................................................................................................27
Sales ..................................................................................................................................................27
(ISO-9001:2015, ISO-14001:2015, ISSUE NO. 01
ISO-45001:2018) ISSUE DATE : 15.03.2018
Partner Process .................................................................................................................................27

Operations - Development ...................................................................................................................28
Developers Documentation..............................................................................................................28
Development Requests and Bugs .....................................................................................................28
BIC Application............................................................................................................................29
Operations – Support and Testing ........................................................................................................30
BIC Testing ..................................................................................................................................30
Communication of Releases..............................................................................................................30
Support .............................................................................................................................................31
Implementation ................................................................................................................................31
Operations - Supplier Evaluation and Control ......................................................................................32
Operations – Health and Safety............................................................................................................33
Hazard Identification, Assessment and Control................................................................................33
Accidents / Incidents.........................................................................................................................36
Employee Participation.....................................................................................................................38
Emergency Planning – Health and Safety .........................................................................................40
Operations – Environmental.................................................................................................................40
Aspects and Impacts Identification, Assessment and Control..........................................................40
Environmental Incident Reporting, Recording and Investigations ...................................................41
Environmental Emergency Planning .................................................................................................42
Performance Evaluation........................................................................................................................43
Monitoring, Measurement and Evaluation ......................................................................................43
Internal Audit ....................................................................................................................................44
Management Review ........................................................................................................................44
Improvement ........................................................................................................................................45
Improvement and Corrective Actions...............................................................................................45
(ISO-9001:2015, ISO-14001:2015, ISSUE NO. 01
ISO-45001:2018) ISSUE DATE : 15.03.2018
Context of the Organisation

Company Overview
Established in 2005, the company provides cloud based QHSE compliance software.
The company enables its customers to meet their compliance requirements be they ISO 9001, ISO
14001, ISO 45001, ISO 22000, ISO 13485, local and government legislation and regulations.
This Integrated Management System (IMS) serves to formalise the policies, processes and operating
standards that will apply to the company’s employees, partners and contractors.
External and Internal Issues

The company determines the external and internal issues that are relevant to its purpose and
strategic direction and that affect its ability to achieve the intended results of the IMS.
Consideration is given to the:
Positive and negative factors or conditions.

External context and issues, such as legal, regulatory, technological, competitive, cultural,
social, political and economic environments.
Internal context and issues, such as values, culture, organisation structure, knowledge and
performance of the business.
Determination and requirements of the needs and expectations of interested parties
relevant to the IMS.
Authority and ability to exercise control and influence.
Activities, products and services relevant to the business.
Documented information is retained as evidence to support that the context of the
organisation has been taken into account in the IMS.
Interested Parties
Interested Party Needs, Expectations and Issues
Owners/Shareholders Have a growing business that provides profit.
Be well governed and well managed.
Want staff to enjoy their work, be challenged, perform their job
competently and meet the company and customer requirements.
Customers Value for money.
A simple solution that manages compliance easier.
Implementation of the product in-line with customer
expectations.
Receive responsive support.
Delivery of free content to educate around compliance.
Suppliers/Contractors Ongoing and secure work.
To be paid on time.
Clear understanding of requirements.
Constructive feedback.
Want to provide services/products to a reliable, reputable and
financially viable business
Partners Make them more financially secure through additional revenue
from BIC sales.
Enable them to change their business model from hour-based to
value based income.
(ISO-9001:2015, ISO-14001:2015, ISSUE NO. 01
ISO-45001:2018) ISSUE DATE : 15.03.2018
Want a solution that they can sell, promote and support that will
assist their client’s to manage compliance.
Provide great support and knowledge to help them support their
Employees customers.
within business Job security.
Salary for work performed.
Flexible work hours.
Clear understanding of their role and responsibilities.
Able to raise issues of concern and provide constructive
feedback.
Good, friendly work environment.
To feel valued and appreciated.
Opportunities for personal development.
Regulators To meet the required laws and regulations.
To submit all tax obligations accurately and on time.
To maintain high standards of corporate governance.
Community Good corporate citizen.
Diversity of employees
Vision, Mission and Values

Vision: “Gets everyone involved and participating in QHSE”
Mission: Makes compliance enjoyable.
Values: Our customers’ are successful in compliance
SWOT Analysis
Strengths Weaknesses
Provider of a great quality product. Identification of good partners to meet our
Provider of great support for the product. standards/ requirements.
Responsive development to market Managing and review partner performance
requirements. Too operational and not strategic enough
Responsive to identified software issues. for partners
Depth of knowledge of buyer’s persona. Reliance on key employees within the
Regular delivery of free content. business.
Low client turnover relative to the industry. Time poor in a few key areas
Quick deployment of product post sales. Don’t have strong relationships with
Deep knowledge of customer’s pain industry players
Adaptable, responsive and able to make Measurable marketing outcomes based on
decisions. known starting points
Flexible to meet a wide range of customer
service issues.
Open to suggestions to improving the
product
Owners have recognised the need to have
external expertise to grow the business.
Looking at ways of improving the business.
Opportunities Threats
Changes to standards in our core markets: Competition
ISO 9001, ISO 14001, ISO 45001, H&S Act, Technology
Food Safety.
New technologies
Partnering with other solutions: Software
and Hardware
New focussed markets.
Certification to ISO 9001 will open up other
market opportunities through the
marketing of the process.
More marketing via additional platforms
To educate industry in compliance.
Key Business Strategies

Strategy Description
Develop business processes Develop and implement business processes that are suitable for
to accommodate the the business.
expected growth. Achieve certification to ISO 9001.
Transfer of knowledge to partners and employees for all key
processes
Use technology to manage as many processes as appropriate
Improve the efficiency and Identify the core processes (i.e. development and release, sales,
effectiveness of the core marketing, implementation, support)
processes Identify new ways (e.g. lean techniques) of doing the core
processes
Update and embed the core processes to ensure knowledge is
retained
Personnel to be capable of Key leadership personnel to be capable of leading and managing
delivering the growth for the their staff.
business Competency gaps to be identified by leadership personnel
Personnel to be assessed as competent for their role
Personnel to receive training for the role
Personnel to receive appropriate experience to do the role
Grow market share in all Identify and train new partners
markets Continuously review partner performance
Identify changes to legislation, standards and regulation
Identify key market verticals in each jurisdiction
Increase the number of qualified lead by creating more content
and deliver across multiple channels
Improve the sales conversion rate from qualified leads to sale
Scope
The IMS describes how the company requirements are to be addressed throughout its operations
and addresses the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.
The scope is: provision of marketing, sales, support, development and implementation of software
solutions. Location Unit 5, 340 Durham St North, Christchurch, New Zealand.
Management Representative
The Operations Manager is the currently appointed Management Representative and has
responsibility and authority for:
1. Ensuring that the:

a. IMS is established, implemented and maintained in accordance with the
requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.
b. IMS processes are delivering their intended outputs.
c. Promotion of customer focus throughout the company.
d. Integrity of the IMS is maintained when changes to the IMS are planned and
implemented.
2. Reporting on the performance of the IMS to top management for review and as a basis for
improvement.
IMS Structure
Interaction of Processes in the IMS
The company’s IMS complies with:
ISO 9001:2015,
ISO 14001:2015
ISO 45001:2018
The IMS consists of the following levels of documented information:
Policies: Policies are documents that demonstrate the overall commitment to improving
quality performance and are authorised by the Management Team.
System procedures: high-level procedures that define the activities that are to be fulfilled to
ensure that the IMS that complies with standards.
Module workflows, operational procedures and work instructions. Control and operational
procedures:
o Meet customers’ requirements.
o Provide supplementary guidance and instructions to support the intent of the IMS.
o Ensure that the requirements of the IMS will be adequately addressed within the
organisation.
Forms, registers and records are evidence to prove the IMS is operational. A
diagram of the structure of the IMS structure is presented below.

Policies
System
Procedures
Module workflows,
operational procedures and
work instructions.
Forms, registers and records
Provides automated workflows for the effective and efficient operation of the IMS.
Underpins the IMS and serves as the main retention application for all documented
information.
Workflows and modules replace written procedures and forms associated with the process.
They include the following:
Modules Actions
Accident/Incident Controls all near miss, accident, incident or injury reporting,
investigation, corrective action and injury management. The
workflow manages the process.
Audit/Inspection Controls the audit process, from scheduling through to audit reports.
Its captures all the corrective actions in the Improvement module.
Compliance Controls all the reporting and investigation of legal, regulatory and
standard registers in a seamless workflow.
Documents Controls and maintains the approval, publishing and authorisation of
all documentation within the module with electronic signatures.
Human Resources Controls all a comprehensive central database of employee details
that links people with their skills and positions.
Improvement Controls all reporting, investigation and corrective actions for

customer complaints, audit findings, internal issues or non-
conformances. The workflow manages the process.
Plant/Equipment Controls the maintenance of plant and equipment with email
reminders and alerts when maintenance is due or overdue.
Risk Management Controls identified and managed risks. The workflow manages the
process
Supplier and Contractor Controls all external suppliers and contractor’s details and
Management performance is captured and reviewed.
Process Flow
Purpose and Scope
To describe the interaction of process through the customer journey.
Procedure
References:
ISO 9001 ISO 14001 ISO 45001
4.1, 4.2, 4.3, 4.4 4.1, 4.2, 4.3, 4.4 4.1, 4.2, 4.3, 4.4
Leadership
Leadership and Commitment
Purpose and Scope
To define how the company demonstrates leadership and commitment to its IMS.
Procedure
1. Top management will take responsibility for the effectiveness of the IMS and will
demonstrate their commitment to the IMS by:
a. Defining roles, allocating responsibilities and accountabilities, and delegating
authorities, to facilitate effective IMS management.
b. Roles and Responsibilities are documented in Leadership - Organisation Roles,
Responsibilities and Authorities and through position descriptions, and IMS
procedures where applicable. Ensuring:
i. That relevant policies and objectives are established for the IMS and that
these are aligned with the context and strategic direction.
ii. The integration of the IMS requirements into the organisation's business
processes.
iii. That resources needed for the IMS are available.
iv. The IMS achieves its intended results.
v. The process approach and risk based thinking is promoted. Communicating
the importance of effective IMS management and of conforming to the IMS
requirements.
vi. Engaging, directing and supporting personnel to contribute to the
effectiveness of the IMS.
vii. Improvement is promoted.
viii. Other relevant management roles are supported to demonstrate their
leadership as it applies to their areas of responsibility.
2. Top management is committed to our customers and enhancing customer satisfaction. This
commitment is demonstrated by:
a. Ensuring that applicable customer and statutory requirements are determined,
understood and met throughout the business.
b. Ensuring the risks and opportunities that can affect conformity of products and
services and the ability to enhance customer satisfaction are determined and
addressed.
c. Exercising due care with our customer's property (data) whilst it is under the control
of the company.
d. Monitoring customer's perceptions of the degree to which their needs and
expectations have been fulfilled.
3. The key aspects of the customer information and data generated through the effective
implementation of the IMS processes are collected and collated by the Management
Representative and presented at each Management meeting.
References:
ISO 9001 ISO 14001 ISO 45001
5.1 5.1 5.1
Quality Policy
The company is committed to providing and delivering the customer great product, great support
and great marketing to make the management of our customer's compliance an easy and enjoyable
experience.
We are committed to:
Meeting legal requirements.

Continually improving our IMS.
Meeting the needs and expectations of interested parties.
To achieve this we will:
Provide our customers with a quality product for the management of their compliance
needs.
Provide our customers with free content, information and industry insight to improve their
compliance knowledge.
Provide timely and accurate support to our customers
Listen to our customers when developing and enhancing the product.
Provide an environment where staff can grow and learn new skills.
Provide a return to shareholders
We will measure our progress through:
Setting objectives
Documenting plans
Reviewing performance
We will enable this by:
Training our employees

Training our Partners
Improving BIC
Investing in resources
Investigating new technologies
Environmental Policy
The organisation has identified environmental management as one of its highest corporate
priorities. The organisation has established policies, programmes and practices to reduce risk to the
environment and the organisation and conduct business activities in an environmentally sound
manner.
The organisation is committed to environmental management and will:
Integrate its environmental policies and procedures fully into all business activities as a
critical element,
Comply with all environmental legislation, standards and contract requirements that are
applicable to the company’s operation,
Continually improve its environmental performance and prevention of environment impact
and taking into account current best practice, technological advances, current scientific
understanding, customer and community needs, educate, train and promote employees to
work in an environmentally responsible manner,
Complete environmental assessments for aspects and impacts of all new activities that the
company may undertake, promote, develop and design services, facilities, equipment and
work practices that have the least environmental impact, taking into account the efficient use
of energy and materials, the sustainable use of renewable resources and the responsible
disposal of waste, thereby minimising any serious or irreversible environmental degradation,
Promote and encourage the adoption of these principals by suppliers and contractors acting
on behalf of the organisation,
Develop, implement and maintain emergency preparedness plans,
Foster openness and dialogue with both employees and the public, encouraging them to
respond with their concerns or improvement ideas within the scope of the organisation’s
operations and maintain a set of environmental objectives and targets that are monitored
through the management review process to ensure effectiveness.
Health and Safety Policy

The company is committed to a safe and healthy working environment for everyone using the
premises as a place of work or visiting on business.
Management will:
Set health and safety objectives and performance criteria for all managers and work areas
Annually review health and safety objectives and managers’ performance
Encourage accurate and timely reporting and recording of all incidents and injuries
Investigate all reported incidents and injuries to identify all contributing factors and, where
appropriate, formulate plans for corrective action
Actively encourage the early reporting of any pain or discomfort
Provide treatment and rehabilitation plans that ensure a safe, early and durable return to
work
Identify all existing and new hazards and take all practicable steps to eliminate or minimise
the exposure to any hazards
Ensure that all employees are made aware of the hazards in their work areas and are
adequately trained so they can carry out their duties in a safe manner
Encourage employee consultation and participation in all health and safety matters Enable
employees to elect health and safety representatives
Ensure that all contractors and subcontractors are actively managing health and safety for
themselves and their employees
Promote a system of continuous improvement, including annual reviews of policies and
procedures
Meet legal obligations as specified in the legislation, codes of practice and any relevant
standards or guidelines.
Every manager, supervisor or foreperson is accountable to the employer for the health and safety of
employees working under their direction.
Each employee is expected to help maintain a safe and healthy workplace through:
Share in the commitment to health and safety.
Following all safe work procedures, rules and instructions
Properly using all safety equipment and clothing provided
Reporting early any pain or discomfort
Taking an active role in the company’s treatment and rehabilitation plan, for their ‘early and
durable return to work’
Reporting all incidents, injuries and hazards to the appropriate person.
The Health and Safety Committee includes representatives from senior management and union and
elected health and safety representatives. The Committee is responsible for implementing,
monitoring, reviewing and planning health and safety policies, systems and practices.
References:
ISO 9001 ISO 14001 ISO 45001
5.2 5.2 5.2
Organisation Roles, Responsibilities and Authorities

Purpose and Scope
To describe the responsibilities and authorities for the IMS and to define the organisation structure
for the effective operation of the IMS.
Associated Documents
Job/Position Descriptions.
Employee Contracts.
Human Resources Module.
Access Rights Sub-Module.
Procedure
1. The responsibility, accountability and authority of all personnel involved in the IMS is to be
defined, documented and communicated in order to facilitate effective IMS. This is to
include any responsibilities and accountability that is imposed by legislation.
2. Responsibilities, accountabilities and authorities are documented in position descriptions
and throughout the IMS.
3. Where suppliers are involved, their responsibilities and accountabilities are to be clarified
and documented by the responsible employee with authority.
4. All employees and Suppliers will comply with their responsibilities.
The Management Team are to:
1. Ensure organisation-wide compliance to the IMS.

2. Appoint the IMS Management Representative.
3. Ensure that the assigned roles, responsibilities and authorities are communicated and
understood.
4. Communicate the importance of meeting customer, statutory and regulatory requirements.
5. Establish appropriate policies that include a commitment to continual improvement of the
IMS.
6. Establish IMS objectives.
7. Ensure that all employees are aware of:
a. Policies.
b. Current IMS objectives, targets and plans.
c. The importance of compliance with the IMS.
d. Their contribution to the effectiveness of the IMS, including the benefits of
improved performance.
e. Potential consequences of non-compliance with the IMS requirements.
8. Hold people accountable for carrying out assigned responsibilities and the results delivered.
9. Make resources available.
10. Participate in IMS meetings including the Management Review.
11. Utilise BIC for the effective control of the IMS.
12. Actively promote and participate in IMS initiatives.
The Management Representative is to:
1. Ensure that the:

a. IMS is established implemented and maintained in accordance with the
requirements of the standards.
b. IMS processes are delivering their intended outputs.
c. Promotion of customer focus throughout the company.
d. Integrity of the IMS is maintained when changes to the IMS are planned and
implemented.
2. Report on the performance of the IMS for review and as a basis for continual improvement.
3. Perform the role of Administrator which has the authority to ensure access rights in the IMS,
for individuals, are in-line with their levels of authorities and responsibility in the
organisation.
4. Monitor, communicate and incorporate changes in the legal and other requirements in the
IMS.
5. Communicate amendments to the IMS.
6. Advise and provide guidance to ensure compliance to the IMS is maintained.
7. Provide guidance in developing action plans and conducting management system reviews.
8. Ensure that audits and inspections are conducted in accordance with the schedule.
9. Ensure that BIC is effectively utilised to administer and control the IMS.
10. Provide and or arrange for ongoing training and coaching to personnel with respect to IMS
matters.
11. Coordinate and participate in IMS meetings including the Management Review.
12. Publish and control all IMS documents.
14. Coordinate and administer arrangements with the certification agency.
Employees are to:
1. Ensure that the IMS is effectively implemented and maintained within their area of
responsibility.
2. Actively encourage all personnel to contribute towards the continual improvement of the
IMS.
3. Incorporate the IMS as part of site and departmental inspections and reviews.
4. Determine and escalate the need for resource requirements for the effective operation of
the IMS.
5. Participate in IMS meetings including the Management Review.
6. Utilise BIC for the effective control of the IMS.
8. Promptly report any unsafe working conditions, faulty equipment, hazards/risks, injuries or
incidents
Suppliers and Contractors are to:
1. Comply with the requirements of the IMS and participate in IMS promotions.
2. Promptly report any unsafe working conditions, faulty equipment, hazards/risks, injuries or
incidents
Organisation Structure
1. The Company recognises that the structure of the organisation needs to constantly evolve in
order to meet the changing needs of clients, the market and compliance obligations.
2. The Management Team are responsible for ensuring the structure of the organisation is
appropriate to the current business needs and will ensure that the organisation chart is
regularly reviewed and maintained.
References:
ISO 9001 ISO 14001 ISO 45001
5.3 5.3 5.3
Planning
Actions to Address Risks and Opportunities
Purpose and Scope
To describe the manner in which the company identifies and manages the risks and opportunities
within the business.
Risk Management Module.
Supplier Module.
Events Management Module.
Procedure
1. The company is committed to identifying and addressing relevant risks and opportunities as
a means for:
a. Increasing the effectiveness of the IMS.
b. Improving performance.
c. Preventing or mitigating negative effects.
2. When undertaking risk management activities the company must give consideration to the:
a. Positive and negative factors or conditions.
b. External context and issues, such as legal, regulatory, technological, competitive,
cultural, social, political and economic environments.
c. Internal context and issues, such as values, culture, organisation structure,
knowledge and performance of the business.
d. Determination of the requirements and needs and expectations of interested parties
relevant to the IMS.
e. Authority and ability to exercise control and influence.
f. Activities, products and services relevant to the business.
3. The company may adopt any or a combination of the following risk options:
a. Avoid the risk.
b. Eliminate the risk source.
c. Take the risk to pursue an opportunity.
d. Change the likelihood or consequences of the risk.
e. Share the risk.
f. Retain the risk by informed decision.
4. Opportunities identified by the company may lead to:
a. Adoption of new and improved processes.
b. Launching new products or services.
c. Pursuing new markets.
d. Utilising new technology.
e. Improved ways of addressing customer needs.
5. The company will manage risk and opportunities as follows:
a. Through ongoing effective leadership and commitment to the IMS.
b. Manage business and quality risks and opportunities in the Board meeting and the
Management meetings.
c. Through the effective management and control of suppliers and contractors.
d. Through the effective training of personnel to ensure they are competent to
perform relevant tasks safely.
e. By monitoring, measurement and review of relevant processes and outputs.
References:
ISO 9001 ISO 14001 ISO 45001
6.1 6.1 6.1
Legal and Other Requirements

Purpose and Scope
To describe how the company ensures that it has identified, complies with and verifies compliance
with all of the relevant legislative, regulatory and other requirements that apply to the activities
conducted by the company employees and contractors within its operations.
Compliance Module
Procedure
1. The company is to ensure that all relevant legislative and other requirements are identified.
2. Legislative and other requirements may include, but are not limited to:
a. Acts and Regulations.
b. Codes of Practice.
c. Guidelines.
d. Standards.
e. Agreements with clients, communities or public authorities.
f. Corporate requirements.
g. Industry standards or codes.
h. Voluntary commitments.
3. Details of all relevant legislative and other requirements are to be contained within the
Compliance Module. These will include mitigations and control methods. The verification of
compliance will be reviewed by the Board.
4. The Management Team are to ensure that where possible, they are notified of changes
and/or additions to legal and other requirements as those changes occur.
5. The means of ensuring notification of changes and/or additions may include:
a. Agreements with external legal or consulting organisations to monitor and advise of
any changes.
b. Registering with Standards New Zealand.
c. Advice from employer or industry associations.
6. When changes and/or additions occur they are to be included in the Compliance module and
the means of verifying compliance is to be defined as previously described.
7. A review of the Compliance module will be conducted as per the annual work plan in the
Board meeting. These will include:
a. Confirm that all updates to applicable legal and other requirements have been
captured and included.
b. Confirm that the means of ensuring and verifying compliance are appropriate.
8. The company is to ensure that all changes, additions and updates to the Compliance module
are communicated to relevant employees, contractors and other stakeholders.
Means of Ensuring Compliance
1. Once the application of a particular requirement has been defined, the means of how
compliance to the requirement is going to be ensured is to be established by the company,
in consultation with appropriate personnel.
2. Various means of ensuring compliance are available and include, but are not limited to the
following:
a. Policies and/or procedures being established documented and implemented.
b. Training being provided.
c. Engineered solutions being implemented.
d. Instructional signs being displayed.
3. Details of the means of ensuring compliance are to be entered into the Legal and Other
Requirements Register in the “Means of Ensuring Compliance” column alongside the
corresponding requirement in the Compliance Module.
Means of Verifying Compliance
1. Once the means of ensuring compliance has been determined, the means of how
compliance to each requirement is to be verified on a continuous basis is to be established
by the company, in consultation with appropriate personnel.
2. Various means of verifying compliance are available and include, but are not limited to the
following:
a. Internal auditing. (To verify compliance to the corresponding policies and/or
procedures).
b. Periodic workplace inspections.
c. Periodic review of records.
3. Details of the means of ensuring compliance are to be entered into the Legal and Other
Requirements Register in the “Means of Ensuring Compliance” column alongside the
corresponding requirement in the Compliance module.
Monitoring Changes
1. The Management Team are to ensure that where possible, they are notified of changes
and/or additions to legal and other requirements as those changes occur.
2. The means of ensuring notification of changes and/or additions may include:
a. Agreements with external legal or consulting organisations to monitor any advice of
changes.
b. Registering with Standards or Government organisations.
c. Advice from employer or industry associations.
3. When changes and/or additions occur they are to be included in the Legal and Other
Requirements Register and the means of ensuring and verifying compliance is to be defined
as previously described.
4. On an annual basis, usually in Q4 each year, the Management Team, in consultation with
appropriate personnel, is to coordinate a full review and update of the Legal and Other
Requirements Register in order to:
a. Confirm that all updates to applicable legal and other requirements have been
captured and included.
b. Confirm that the means of ensuring and verifying compliance are appropriate.
5. The Management Team is to ensure that all changes, additions and updates to the Legal and
Other Requirements Register are:
a. Tabled at management review and other relevant meetings.
b. Communicated to relevant employees, contractors and other stakeholders.
References:
ISO 9001 ISO 14001 ISO 45001
5.1.1, 6.3 6.1.3, 9.1.2 6.1, 9.1
Objectives, Targets and Plans

Purpose and Scope
To define the processes for establishing measurable IMS objectives and targets, for establishing
plans to achieve those objectives and targets and for periodically monitoring performance in
achieving each objective and target.
BIC Data
Management Review Minutes.
Objectives, Targets and Plans
Procedure
1. The company will establish measurable objectives and targets in relation to its IMS
performance.
2. The established objectives and targets must be:
a. Consistent with the applicable policies.
b. Measurable.
c. Monitored and updated.
d. Effectively communicated to relevant parties.
3. When establishing, reviewing and updating measurable objectives and targets, consideration
is to be given to:
a. Health and safety hazards/risks.
b. Significant environmental aspects and risks/opportunities.
c. Significant business or quality risks/opportunities.
d. Technological, financial and Operational and business requirements.
e. Products and services provided to customers.
f. The enhancement of customer satisfaction.
g. Views of stakeholders.
h. Legal and other requirements.
4. Once measurable objectives and targets have been established, plans for achieving those
measurable objectives and targets are to be established.
5. Performance in achieving each measurable objective and target is to be periodically
monitored during Management Review meetings.
References:
ISO 9001 ISO 14001 ISO 45001
6.2 6.2 6.2
Support
Resources and Infrastructure
Purpose and Scope
To describe how the resources and infrastructure required to establish, implement, maintain and
continually improve the effectiveness of the IMS and business operations are to be identified,
provided and maintained.
Asset Register (BIC)
PPE/Items module
Procedure
1. Resources include human resources and infrastructure, technology and financial resources.
2. The infrastructure and work environment needed to achieve conformity to product
requirements is to be determined, provided, managed and maintained. This can include, as
applicable:
a. Buildings and associated utilities.
b. Equipment including hardware and software.
c. Information and communication technology.
3. The Management Team will provide the organisational infrastructure, technology and
financial resources. They are to review the adequacy of the resources as part of BOD
meetings. As new technology becomes available, the possibility of introducing it to improve
the IMS is to be considered.
4. The Management Representative is to identify the resources required to establish and
maintain the IMS.
5. The Management Team are to prioritise the financial resources available and allocate them
to the various departments to provide the resources needed.
6. Each Department is to identify the resources required and to provide adequate support
when planning work. They are to identify the infrastructure needed to implement and
continually improve the IMS and meet requirements. The infrastructure to be considered
could include, but is not limited to:
a. Buildings and workspace.
b. Hardware and Software.
c. IT requirements.
d. Communications.
7. The Management Team will determine and maintain an appropriate work environment
needed to achieve conformity to the product or service requirements.
Plant and Equipment
1. Details of equipment used by employees are recorded in the PPE/Item module and on the
asset register.
2. All repairs, must be carried out:
a. In accordance with any regulatory and the original manufacturer’s requirements.
b. By appropriately trained, qualified, competent and experienced personnel.
c. All records of maintenance are recorded on the suppliers invoice
References:
ISO 9001 ISO 14001 ISO 45001
7.1 7.1 7.1
Training, Competency and Knowledge Management

Purpose and Scope
To ensure all relevant personnel are adequately trained, competent and informed in accordance
with their position and IMS requirements.
Position Descriptions
Induction Checklist
Event Management Module.
Procedure
Commencement and Induction of New Employees:
1. Employee setup in Employee module

1. Before a new employee commences work, the employee's manager is to arrange for
induction training in accordance with the induction checklist.
2. During the induction any training needs will be identified and logged in Employee module.
3. Once completed the induction checklist must be signed and dated by both the new
employee and the employees’ manager.
4. A record of the induction is to be maintained in Employee module.
Initial Employee Assessment:
1. The employee’s manager assesses the employees’ competency against the skill set that has
been established within the Skills/Qualifications Module.
2. The employee and the manager agree current competency and future training needs.
3. The Skills/Qualifications Module for that employee is updated by the employees’ manager or
delegate. Any supporting records are also loaded into BIC at this time.
4. The next review date for any further assessment of the employee's competency and training
needs is to be scheduled in the Events Management Module. BIC will automatically generate
an email advising the manager and employee of the next review.
5. Scheduled training is also able to be captured within the Events Management Module, if
necessary.
6. The employee’s manager is to ensure that training identified is undertaken, and whilst under
training the employee is appropriately supervised, as may be required.
Further Assessment of Employee Competency and Training Needs
1. The employees manager is responsible for conducting:

a. 90 day performance reviews.
b. Ongoing performance reviews.
c. Further assessment of employee competency and training needs.
2. The further assessments of employee competency and training needs are conducted using
BIC and involves the following steps:
a. Upon email notification from BIC, the manager will conduct an assessment of the
employee.
b. The employee and manager agree current competency, review training undertaken
during the previous year and evaluate the effectiveness of it and decide on future
training needs.
c. The Skills/Qualifications Module for that employee is updated by the manager or
delegate. Any supporting records are also loaded into Employee module at this time.
d. The next review date for assessment of the employee's competency and training
needs is to be scheduled in the BIC Events Management Module.
e. Scheduled training is also able to be captured within the Events Management
Module, if necessary.
f. The manager is to ensure that training identified is undertaken, and whilst under
training the employee is appropriately supervised.
Induction of Suppliers
1. Relevant suppliers must be inducted prior to commencement of work in accordance with

the applicable induction checklist. Records of the induction are to be retained.
2. During the induction they will be advised of any potential hazards/risks together with
information about required control measures and emergency procedures.
3. The induction is to also cover (as applicable):
a. Quality Policies.
b. Current IMS objectives, targets and plans.
c. The importance of compliance with the IMS.
d. Their contribution to the effectiveness of the IMS, including the benefits of
improved performance.
e. Potential consequences of non-compliance with the IMS requirements.
Training Providers
1. In-house training is to be conducted by appropriately skilled and competent trainers with

relevant experience, depending upon the subject matter.
2. Training may be performed by suitably trained, qualified and experienced external service
providers.
Knowledge Management
The following items are how we capture knowledge:
Monthly Company meetings

Weekly development meetings
Weekly marketing meetings
We capture this knowledge in each of these tools and share it amongst the company to ensure the
knowledge is used in giving the customer value. We review the effectiveness and efficiency of these
sources monthly in the company’s Management Review.
References:
ISO 9001 ISO 14001 ISO 45001
7.1 7.1 7.1
Communication, Consultation and Awareness

Purpose and Scope
This outlines the framework for communication and consultation with employees, contractors and
external parties in relation to IMS issues and initiatives.
The main objectives are to ensure personnel at all levels and functions are:
Are aware of IMS requirements and are effectively involved in the development,
implementation and review of policies and procedures.
Consulted when there are any changes that affect the workplace and or IMS systems.
Meeting Minutes.
Procedure
Communication of IMS Information with the Board:
The IMS and legal requirements are communicated and discussed at the board level. The BOD
minutes record what items have been discussed and actions to be done.
Where required actions will be assigned to the Monthly BIC Meeting.
Communication and Awareness of IMS Information with Internal Parties:
1. The IMS communication and consultation processes will occur at the monthly company
meeting run by the Director/s and attended by all employees.
2. The meeting will have an agenda that includes, but not limited to:
a. Quality Policies, Objectives, targets and plans.
b. Risks and Issues
c. Marketing, Sales, Support and Development improvement and performance.
d. Audits/Process Improvement
3. An email from BIC will notify the owner when meetings are due and will be signed off the
event including relevant evidence attached.
The company has ad-hoc meetings support the consultation processes:
Forum Attended by
Development Meeting Development Team
Scrum Meeting Development Team + Management
Marketing Meeting Marketing Department
Support Support Team + Management
Communication and Awareness of IMS Information to External Parties:
The company will communicate information externally about its IMS performance based on their
enquiry.
References:
ISO 9001 ISO 14001 ISO 45001
7.2, 7.3, 7.4 7.2, 7.3, 7.4 7.2, 7.3, 7.4
Documented Information and Control of Documents

Purpose and Scope
To describe the methods to control and manage documented information critical to the IMS.
Records
Documents Module.
Improvement Module.
Records Retention and Disposal Matrix.
Procedure
1. Documented information includes manuals, policies, procedures, work instructions, forms,

registers, flow charts, records and other IMS document requirements.
2. The Management Representative is responsible for ensuring that all IMS documented
information is effectively controlled.
3. All employees are responsible for ensuring they are always up to date with all IMS
documented information available in the Documents module.
4. Copies of procedures, policies and other documented information may be printed from
BIC, but these printouts will be deemed "uncontrolled".
5. To prevent the unintended use of obsolete documented information, superseded documents
are automatically identified and removed from general view through the workflow. Obsolete
documents are only able to be accessed by personnel, with the required access levels,
through the "History" button in the Documents Module.
Editing, Approval, Publishing and acknowledge of Documents:
The Documents module workflow manages the following document control activities:
1. Creation and editing

Approval
Publishing
Acknowledged
Retention of previous version
Revision numbering
Control of approvers and publisher.
Notifications
The FAQ describe the process in more detail.
Requests for changes:
1. All requests must be raised in the Improvement Module.
Advice of Changes:
1. When a change is made or new document added, personnel are able to be notified by email
automatically generated through BIC at the time of publication.
2. Changes can also be communicated via monthly meetings as deemed appropriate.
3. Changes to all IMS documents can be tracked through the Document Change History
Module.
Maintenance of IMS Documents
1. All IMS documents are to be reviewed at least once every three years, revised as necessary
and approved for adequacy.
2. This review is to be coordinated by the Management Representative in conjunction with the
relevant competent and responsible personnel as determined by the Management
Representative at the time of review.
External Documents
1. It is the responsibility of the Management Representative to review, implement and

maintain external documents and verify that they remain current.
2. External documents are kept in the Manage Files Module.
3. All external documents are verified as current and when necessary have their distribution
controlled through BIC. Updates to external documents shall be placed in the appropriate
file in the Documents Module and approved and published in accordance with this
procedure.
4. The Management Representative subscribes to relevant external regulators, agencies and
bodies who may provide periodic advice of changes to their specific documents. Upon
receiving advice of changes to an external document the Management Representative will
action this change in BIC and ensure the change is communicated to relevant parties.
Computer Back-Up
1. The Management Team are responsible for ensuring that appropriate arrangements are in
place to ensure that a back-up of data stored on the server is carried out on a daily basis.
2. The IMS as documented in BIC is backed up automatically by the application. Back-ups are
captured each hour within the primary data centre with additional back-ups being
captured every eight hours at a secondary data centre.
Records Management
1. All IMS records are retained in BIC for as long as the company uses the BIC Software
solution.
2. All IMS Procedures and Forms are maintained within the Documents Module.
3. The Management Representative is responsible for the management of records with respect
to the IMS.
References:
ISO 9001 ISO 14001 ISO 45001
7.5 7.5 7.5
Operations – Marketing
Purpose and Scope
To describe how the company publishes a blog.
Procedure
Step 1 - Create image for blog
Step 2 - Clone previous blog
Step 3 – Create Blog
Step 4 – Edit the Settings section
Step 5 – Publish or Schedule

How to Manage Webinars
Purpose and Scope
To describe how the company manages a webinar. This includes, pre and post webinar steps.
Procedure
Pre-Webinar
Step 1 -Create webinar in Go-to-Webinar
Step 2 - Integrate the webinar into HubSpot
Step 3 - Create Landing Page
Step 4 - Create an Email invitation to attend webinar
Step 5 – Webinar Presenter arranges planning
Post Webinar
Step 1 - Transport Webinar Recoding
Step 2 - Create Lists – attendees and non-attendees
Step 3 - Create a blog with webinar recording
Step 4 - Email a recording of the webinar to each list
How to Publish Release Notes

Purpose and Scope
To describe how the company publishes release notes so customers/evangelists are aware of any
new BIC updates. This procedure takes place once Support gives marketing the release notes.
Procedure
Step 1 – Create a new BIC News
Step 2 – Disable previous release notes news
Step 3 – Upload the FAQ into BIC (Support may assist with this)
Step 4 – Send out email to customers/evangelists to inform them of release
Reporting End of Month Marketing Lead Performance

Purpose and Scope
To describe how to report on the marketing leads at the end of each month. Reporting on this allows
us to keep track on how marketing is performing.
Procedure
Step 1 – Open up spreadsheet of leads
Step 2 – Get numbers of leads from HubSpot
Step 3 – Record the numbers on spreadsheet

References:
ISO 9001 ISO 14001 ISO 45001
8.1, 8.2
Operations – Sales and Partnering

Sales
Purpose and Scope
To describe how the company controls and Manages sales enquiries.
Procedure
Step 1 - Receipt of Leads
Step 2 - Verifying of Leads
Step 3 - Demo
Step 4 - Negotiation
Step 5 - Won
Step 6 - Closed/Lost Disengaged
Partner Process
Purpose and Scope
To describe the steps in the partner process.
Procedure
At the end of each step the Lead is notified.
Step 1 - Partner Enquiry
Step 2 - Partner Pack
Step 3 - Demo
Step 4 - Agreement
Step 5 - Sales and Marketing Plans
Step 6 - Training
Step 7 - Support, Monitoring and Communication
References:
ISO 9001 ISO 14001 ISO 45001
8.1, 8.2
Operations - Development
Developers Documentation
Purpose and Scope
To describe where and how the development team maintain shared technical information.
BIC Wiki
Procedure
The development team maintain a Wiki.
The CTO determines what information will be maintained in the Wiki to enable the development
team to code using standard methods.
Development Requests and Bugs

Purpose and Scope
To describe now development requests and bugs are managed and controlled.
Dev Request Module.
Support Module.
Mantis
MRS (BIC Requirement Specification)
Procedure
Releases:
A Mantis release is made up of a number individual Mantis's which can be Bugs, Enhancements,
Improvements or a complete new or reworked Module.
Sales, Development and Support will determine what makes up a Mantis release. Final decision for a
release is approved by Sales.
During a Release cycle, Mantis may be added or removed based on the following:
Urgency
Workload and Resources
System Development requirements
End User requirements and requests
Technical updates
Release cycles are 3 weekly; 2 weeks of development and 1 week of testing. Any bugs identified
within the testing will be fixed and retested.
If required a Mantis may be re-scheduled to meet a release date or the release date can be moved
based.
Each Mantis within a release will show the history, notes and current status as it travels through the
development cycle until it is passed.
Bugs:
Bugs can be received via Phone, Support Module, and [email protected] or are entered into
Mantis and assigned to a development Mantis release.
Patch:
If a bug is determined to be a major bug (i.e. stops BIC from performing a function that will effect
data) and the release has been finalised. Management can request a patch to be applied to address
the bug.
Enhancements:
Enhancements must be entered via the Dev Request module. If the request has merit it will be
entered into Mantis release. Dev request status is viewed via My Dev Request.
Major Enhancements:
A major enhancement can be a full rewrite of an existing module or a new module, this work will be
documented on a MRS.
MRS will be discussed with the Development Team and updated until development understand the
requirements.
A Mantis will be raised to cover the body of work to be done, Development may break the
requirements down to individual Mantis's so development can be split across the development team
and to enable support to test individual Mantis as work is completed.
Testing:
All development will be tested before release to production, refer to the Testing procedure.
BIC Application
Purpose and Scope
To describe the preservation of the BIC Application and customer data on the servers.
Release Notes
Procedure
Production Server:
This is the live server that holds the BIC Application and the BIC Database that our customers access.
Datacentre NAS:
This is a drive that holds data that is backup from the Production Server.
Test Server:
This is the server that holds the code that will be next released. It is used for internal testing purpose
only and the Source Control. Customers can't access this.
Backup Server
This is a secondary server that holds data that has been backed up from the Production Server.
NAS Drive:
This is a drive that holds data that is backup from the Backup Server.
Sandpit Server:
This server holds an old version of the BIC Application and the BIC Database. This server can be
refreshed from the NAS Drive. Customers only access this to review and approve custom workflows
prior to release to the live server.
Backups
Backups are performed automatically on a defined backup schedule.
References:
ISO 9001 ISO 14001 ISO 45001
8.3, 8.4, 8.5, 8.6
Operations – Support and Testing

BIC Testing
Purpose and Scope
To describe the testing procedures/processes for testing updates prior to release.
Procedure
1. Mantis is raised for development or bug fix

2. Mantis is scheduled
3. Mantis is coded and committed to test environment
4. Create Test plan
a. Where the development dictates, a comprehensive test plan will be created
b. Where the mantis is for minor work, no test plan is required
5. Test development against the Mantis
a. Where the testing fails, document the issues in Mantis and change status to 'Failed
Test'
b. Where testing has been successful, document testing completed in the Mantis
6. Release notes written
7. Code committed to live environment
8. Testing completed again in live environment
a. If the testing fails, raise a new Mantis
9. When the testing is successful, close the Mantis
Communication of Releases
Purpose and Scope
To describe the communication of BIC releases and updates.
Procedure
1. Mantis testing has been completed and passed

2. Download list of items for release from Mantis to excel.
3. Insert additional information as required to clarify
4. RSS Created and Updates communicated to Partners
5. FAQs updated and FAQ Release notes written
6. List of items relevant for client communication sent to Marketing.
7. Marketing Releases BIC News and sends out email with notes written
8. FAQ and Release notes published
Support
Purpose and Scope
To describe the procedures/processes for responding to support queries.
Procedure
1. Query received from Client

2. Make contact with client and supply information as required
3. Update support query in BIC with Module details, owner and a summary of the
communication - such that it may be a useful resource for the client if they refer back to it at
a later stage.
4. If the support query requires further development, convert Support request to a Dev
Request
5. Close support query and archive If support query has been addressed
6. Report produced monthly on support queries received
Implementation
Purpose and Scope
To describe the Implementation processes.
Procedure
1. Client signs up to BIC

2. Make contact with client to welcome them to BIC and supply upload spreadsheets
3. Create Implementation kit
4. Upload information to client account as information sheets are returned
5. Arrange implementation date(s)
6. Complete implementation following the Client Implementation Guide
7. Create Action list of items to be addressed by client and/or BIC and document on Post
Implementation Action List
8. Create monthly event to follow up with client until implementation is secure or the client no
longer requires regular contact
9. Archive Event and file client details
10. Transfer client information to NAS Drive
References:
ISO 9001 ISO 14001 ISO 45001
8.4, 8.5, 8.6
Operations - Supplier Evaluation and Control

Purpose and Scope
To describe the process and method by which the company’s suppliers (the term also includes
contractors and subcontractors) are evaluated, selected and controlled.
Suppliers Module.
Supplier Evaluation Form
Procedure
1. The selection criteria for suppliers is as follows:

a. Ability and preparedness to meet IMS requirements.
b. Ability and capability to meet legislative obligations and relevant industry and
government standards and codes.
c. Qualifications, experience and capability within the scope they are contracted for.
d. Quality, consistency and reliability of product or service provided.
e. Delivery performance.
f. Price of product or service including commercial arrangements.
g. Quality, environmental, health and safety management systems.
h. Past performance including health, safety and environmental record.
2. Suppliers are classified on the basis of the potential risk their products or services may pose
to:
a. Products or services.
b. Workplace health and safety.
c. The environment.
3. Consideration needs to be given to whether:
a. Failure of the supplier to deliver agreed products or services will impact upon
profitability?
b. Failure of the supplier to deliver agreed products or services will result in failure to
meet any contractual, legislative and statutory obligations for delivery of products
and services?
c. Supplier will introduce or potentially introduce any high risk hazards or significant
environmental impacts to the workplace?
4. Suppliers that are identified as having the potential to significantly affect activities, products
or services are deemed “critical” and must undergo a thorough documented evaluation and
re-evaluation process. Non-critical suppliers are required to be evaluated but not necessarily
to the same extent as those deemed to be critical. Examples of critical suppliers would
include:
a. Suppliers of Hosting Services.
b. Suppliers of IT services.
5. The following rating system will be used for suppliers:
a. Critical
b. Approved
c. Approved and inducted
d. Back-up
6. Where applicable, Suppliers must have current and appropriate insurance arrangements in
place. Certificates of currency for required insurances are to be provided as part of the
formal evaluation process.
7. Products and services essential to meet contract requirements shall only be purchased from
qualified and approved suppliers.
8. The details of suppliers are specified in the Suppliers Module, inclusive of their rating.
Supplier Induction
1. All Suppliers and their staff are to be effectively inducted, including training with respect to
specific site procedure requirements. Refer to the Training, Competence and Awareness
procedure for further details.
2. A record of the induction training conducted in to be retained in Supplier Employee Module.
Re-Evaluation
1. Once evaluated and approved, suppliers are to be subjected to formal periodic re-
evaluation. Re-evaluations are scheduled within the Supplier Module.
2. Re-evaluation is to take place at least once every two years or sooner if reasons apply. Some
reasons for early re-evaluation are:
a. Incidents and/or poor performance involving the supplier or contractor.
b. Change in circumstances or structure such as new ownership, or change of location
or key personnel.
c. Change in scope of services.
3. Re-evaluation is to follow the same process as for the initial evaluation.
References:
ISO 9001 ISO 14001 ISO 45001
8.4, 8.5, 8.6 8.1 8.3, 8.4, 8.5
Operations – Health and Safety

Hazard Identification, Assessment and Control
Purpose and Scope
The purpose of this procedure is to effectively and systematically identify, document review and
control actual and potential hazards onsite.
Risk Management Module
Procedure
1. Hazard Identification - On identification of a new hazard it will be entered into the Report a
Risk module along with the potential harm that the hazard is likely to cause.
2. Risk Analysis - The module will step you through the process of assessing and developing
appropriate controls based on significance.
3. Once the hazard has been entered and controls set, attach the new hazard to the
appropriate register.
4. Once attached, print off the updated register and circulate to the appropriate employees or
areas.
5. Register Review - BIC will notify the organisation when a register is due for review. The
organisation will review any changes that have a bearing on the health and safety of
employees to ensure that procedures can be updated or training arranged.
6. Monitoring of Hazards - BIC will notify the organisation when any hazard monitoring is
due. Examples of this include noise monitoring, atmospheric monitoring
Identification
1. Hazards may be identified by the following methods

a. Initial and routine plant inspections of the workplace.
b. Employee may raise the hazard concern at a meeting
c. Hazard is drawn to the attention of the Safety rep, Supervisor or Manager.
d. Accident and incident or critical event identifies a new hazard.
e. New equipment and tasks will be subject to a hazard review before use
Assessment
1. Hazards will be assessed for significance/ risk.

2. Risk assessment matrix and risk scores will be recorded for all new hazards reported and will
also be recorded in hazard registers.
Documentation and registers
1. Hazards that are significant are documented in the company hazard register
2. Task analysis (TA), Job safety analysis (JSA), Safe Work Statement Methods (SWMS) or Site
Specific Safety Plans (SSSP) may also be used to identify hazards and document the
associated controls.
Application of controls
Hazards that are significant will be controlled by applying all reasonably practicable steps. Controls
will be applied in the following order
1. Elimination
2. Substitution
3. Engineering controls
4. Administrative controls
5. Personal protective equipment
Induction and training of staff in relation to hazards
1. All new staff will be inducted and sign an induction record

2. The hazard reporting process will be explained
3. The expected work methods, standards and controls will be covered at induction
Induction of visitors, suppliers and sub-contractors
1. Visitors, suppliers and sub-contractors will typically sign in at reception and be inducted on
site.
2. The induction content typically relates to the hazards they will be exposed to during their
visit as a minimum general hazards and emergency procedures are covered.
Reviews
Review of hazards onsite will completed as follows:
1. On a determined frequency (annual as a minimum) the hazard register is reviewed and

updated if necessary. Review is documented in the Event Management Module in BIC.
2. Work sites are reviewed and records held
3. Vehicles are checked and records held
4. Workshops and offices are checked and records held
Critical events
1. Critical events are recorded on an accident, incident or near miss form.

2. The investigation and actions are recorded and these events are tabled at the safety
committee meeting for review.
3. The need for health monitoring may arise from a critical event and this monitoring will be
completed and results supplied to the employee.
Purchasing policy and associated reviews of new equipment and processes
1. The company shall assess and record at pre purchase and upon arrival or commissioning
stage the relevant H & S aspects of the plant, process or substances.
2. Refer to purchasing procedure.
Specialist advisors and external audits
1. Hazards that require specific specialist advice or monitoring then the Management
Representative may authorise these services.
2. A list of specialist advisors is held in the Documents module
3. External audits may be commissioned as requested by the Managing Director
Legal compliance and access to relevant information
1. The compliance module in BIC is used to record all legal compliance.

2. A review of compliance with relevant and new legislation or industry guidelines will be
conducted annually.
3. Access to relevant information and codes of practice can be sources from the following:
a. Documents folder
b. Legislation – www.legislation.govt.nz
c. Industry guidelines and approved codes - Worksafe NZ – www.worksafe.govt.nz
d. Industry publications: (add relevant standards or industry publications)
e. Other web sites – Chemwatch - http://www.chemwatch.net/
f. Consultants
Health monitoring
1. The control of hazards may involve the regular monitoring of employees or the workplace
e.g. noise levels and audiometry. The frequency and type of monitoring (including exit
testing) is detailed in the table below and typically established as an event within BIC.
2. Employees will be required to provide written and signed consent to the health monitoring
provider.
3. The health monitoring provider may release relevant health information to employer (PCBU)
so the employer can execute their duties under the Act and ensure that hazards are
adequately controlled to protect workers from harm.
4. Results for monitoring - Results for monitoring in the workplace will be made available to
employees.
5. Sub optimal or adverse results from monitoring will be reviewed and necessary controls
applied and employee's medical and vocational needs will be considered. See process flow
below.
Personal Protective Equipment
1. The company name will provide:

a. All PPE required to protect employees from hazards while at work.
b. The necessary PPE if worn out or expired and parts for basic maintenance.
c. The necessary training in respect to the wearing or operation of the PPE
2. The PPE provided will comply with all relevant standards
3. PPE issued is recorded on the:
a. Induction record
b. Human Resources module
4. An employee may provide PPE for their own use. This will be noted on the PPE issued record
and signed. If the PPE supplied by the employee is not of the required standard or worn out
the employee will be requested to replace it.
5. The hazard register or task analysis/ SWMS will detail the necessary tasks/ machinery
hazards that require PPE to be worn.
6. The company will take all practicable steps to ensure employees wear PPE.
7. Employees failing to wear PPE as instructed may be subject to the companies’ disciplinary
procedure.
8. Visitors will be issued PPE necessary for the hazards and area they will be visiting.
9. Contractors and subcontractors will provide and wear PPE appropriate to the task they are
completing.
10. A list of the standard issue of PPE is held in PPE module
Safety Data Sheets (SDS) previously known as (MSDS - Material Safety Data Sheets)
1. The Management Representative will obtain Safety Data Sheets from the relevant suppliers.
2. Controls outlined in the SDS will be incorporated into training, documentation and site
procedures where necessary.
3. Employees will be suitably trained.
4. MSDS will be filed in an appropriate documents folder.
5. Where requested by the Site Specific Safety Plan (SSSP), site owner or main contractor,
copies will be held on sites for reference.
References:
ISO 9001 ISO 14001 ISO 45001
8.1, 8.2
Accidents / Incidents
Purpose and Scope
The organisation will ensure an active reporting, recording and investigating all incidents and
accidents.
Accident / Incident Module
Return to work plans
Medical documentation
Procedure
1. All accidents, incidents or near misses (involving injury, illness, persistent or unusual pain)
will be reported early and promptly on the accident report form.
2. If necessary, the trained first aiders on site will attend to the accident.
3. The employee will forward all Medical documents to the Co-ordinator who will action and
file these as required.
4. All Notifiable events need to be advised to the Co-ordinator as soon as practical
5. The accident scene of a “Notifiable events” is not to be interfered with or disturbed until
given a clearance.
6. An accident investigation may be required (refer to below)
7. Rehabilitation plans will be established as outlined in the rehab procedure.
Accident Investigation
1. Only people with the appropriate skills and experience should investigate accidents.
2. Gather all the facts; all investigations will be initially recorded on an Accident / Incident
Module:
a. Interview witnesses and describe events in detail, using any photos, diagrams or
other exhibits that may be appropriate.
b. Have the prescribed agencies, been informed?
c. Be sure that you understand the sequence of events fully before any analysis takes
place.
d. Identify all the hazards involved.
e. Consider:
i. equipment,
ii. materials,
iii. work practices and procedures,
iv. work environment,
v. health issues,
vi. hazards
3. Assess the Hazard Controls in place. What controls were in place, and why didn't they work?
What is needed? Is there a need to train or inform employees?
4. Decide on Future Action. Describe fully what needs to be done to prevent further accidents
or incidents. Who should do what and by when?
5. Records of those who hold relevant investigation skills are recorded in Human Resources
module.
6. Inform all those affected. Inform everyone who needs to know, not only those directly
involved. Health and Safety meeting agenda will include the results of any findings and
actions to be undertaken.
7. Follow up. There must be checks to ensure that recommended changes have been made and
results achieved.
8. The Manager or Supervisor will implement any corrective actions or improvements that
arise from the accident investigation. Actions must be signed off as they are completed.
Injury Management and Return to Work
1. Medical documents and medical certificates are received. They will be filed as necessary.
2. Employee having more than 5 days off and/or the injury would benefit from rehabilitation.
3. Signed consent form is required by the employee to authorise the release of information
from the doctor.
4. Consult doctor or treatment provider as to possible duties the injured employee could
undertake.
5. Employee, Employee’s Manager/Supervisor and Co-ordinator meet and discuss possible
options and formalise the options in a rehabilitation plan. The employee may have a Union
or support person present.
6. A Third party rehabilitation provider may assist with the plan and monitoring of progress.
7. Rehabilitation plan and set milestones are monitored as agreed.
8. If rehabilitation milestones or the rehabilitation plan are not proceeding as agreed an
occupational health specialist or physician may be involved. Typical transitional duties
include:
a. Admin/ paper work e.g. electrical compliance certificates.
b. Non lifting site work
c. Reduced hours per day
d. Motor vehicle driving/ deliveries
9. Early intervention with a rehab programme is the best option. Remember that an employee
has a fitness level and muscle toning from the type of work they have been doing and the
longer they are out of the workforce the longer it will take them to get back to full fitness.
10. The threat of re-injury is also a serious possibility if the rehabilitation is not designed and
handled correctly.
11. Remember an employee may feel threatened by the meeting format and the desire for the
company to get them back to work earlier than they may be happy with.
12. Always offer the employee the option of having a support person or H & S rep present.
13. It is good policy to clearly explain to the employee that the companies aim is the smooth
reintroduction back into the workforce.
14. Remember that high achievers and very active people can also overdo their return to work
and reinjure themselves.
Employee Participation
Purpose and Scope
The organisation will ensure that employees have the opportunity to be fully involved in the
development, implementation and operation of safe workplace practices.
The organisation actively encourages employees to be involved in the Health and Safety meetings.
Health and Safety Meeting Minutes.
Event Management Module

Procedure
Meetings are scheduled in the Event Management module. When completed, the event will be
signed off and the minutes attached.
The following events may be used to facilitate participation:
Toolbox Meeting
1. The site foreman will chair and take minutes of site toolbox meetings.
2. The frequency of toolbox meetings is determined by the:
a. Main Contractor/ Principal
b. Site contract requirements
c. Company directive
3. All employees and contractors on the site at the time of the meeting MUST attend unless
excused by the foreman for an extraordinary reason.
4. Site foreman will record
a. Names of all attendees
b. Concerns or hazards raised
c. Accident reported
d. Concerns raised
e. A brief summary of specific topics covered or instructions given
5. Completed site safety toolbox meeting records shall be held in Adhoc Training Module.
Health and Safety Meeting
1. The Health and Safety Meeting is made up of representatives from all levels within the
organisation. The meeting can be a committee or it can be a full company meeting.
2. The meetings will be minuted with action points clearly identifying responsibility with target
date for completion. The following items will be discussed:
a. Previous minutes and actions taken
b. Reviews of policies
c. Correspondence, i.e. new laws and legislative requirements
d. Objectives achieved
e. Hazards/risk
f. New equipment and new work processes (including hazards associated with new
equipment or processes)
g. Training undertaken and training for next period
h. Accidents and incidents
i. Upcoming and overdue events from BIC j.
Changes that affect workplace safety
k. General business Excellence
Appointment of Employee Health and Safety Representatives
If required annual nominations will be asked from employees for representatives to be elected. If
more nominations are received for the positions available, an election will be held by ballot
Trained representatives have the following duties as outlined in the responsibilities section.
References:
ISO 9001 ISO 14001 ISO 45001
7.3, 7.4 7.3, 7.4 7.3, 7.4
Emergency Planning – Health and Safety

Purpose and Scope
The purpose is to ensure that the organisation has an emergency plan to manage and test all types
of potential emergencies.
Emergency Plans
Procedure
Emergency Plans
1. All potential emergencies will have document plans.

2. A copy of the emergency plan will be in a readily accessible location for all staff to refer to.
3. The emergency plan will incorporate all of the potential emergency situations that can affect
the site that the plan has been developed for, and how to respond to them.
Testing Emergency Plans
1. Trial Emergencies will be scheduled in the Manage Events module.

2. When completed, the event will be signed off and the evidence attached.
3. All emergency wardens will undertake in house training every 12 months in their role and
the emergency plan and procedures.
4. Training will be recorded on the individuals training record.
5. Any corrective actions or improvements will be recorded in the Improvement module in
BIC.
6. Tests will be conducted every 6 months.
7. Following each test the Chief Warden will review the drill and implement any actions
identified with the other wardens.
References:
ISO 9001 ISO 14001 ISO 45001
8.2 8.6
Operations – Environmental
Aspects and Impacts Identification, Assessment and Control
Purpose and Scope
The purpose is to describe the procedures for identifying, assessing and controlling the
environmental aspects and impacts.
Risk Management Module

Environmental Aspects and Impacts Register
Procedure
Aspects Identification
1. Ascertain the area(s) of the organization to be evaluated.

2. Identify environmental aspects via interviews, site reconnaissance, and document review for
the area or function defined.
3. Consider the following;
a. Waste streams (air, water, solid waste),
b. Energy exchange (energy used and energy released),
c. Resource consumption,
d. Community
e. Interested stakeholder input, and
f. Human and Ecosystem toxicity.
4. Identify those aspects that are significant
5. Identify all resource consents.
6. Record the identified aspects in Risk Management Module
Assessment and Control
1. The Risk Management module will step you through the process of assessing and developing
appropriate controls.
2. Once the aspect and impact has been entered and controls set, attach the new aspects to
the appropriate register.
3. Once attached, print off the updated register and circulate to the appropriate employees or
areas.
Review and Monitoring
BIC will notify the organisation when a review is due. This may be from a contractual
requirement (for example: resource consent) or an operational site review.
References:
ISO 9001 ISO 14001 ISO 45001
6.1
Environmental Incident Reporting, Recording and Investigations

Purpose and Scope
The purpose of this procedure is to ensure that environmental incidents are reported, recorded,
investigated and appropriate corrective and preventive action is performed.
Improvement module
Procedure
1. When an environmental incident is reported, an improvement will be raised in the

Improvement module.
2. The workflow in the Improvement module, as setup then ensures the environmental
incidents has corrective action assigned.
3. All actions will be recorded in the Improvement module.
4. When an environmental incident is reported, an improvement will be raised in the register.
Examples of environmental incidents include:
a. Discharge to air
b. Discharge to land
c. Discharge to water
5. Contain the environmental incident and prevent or minimise the risk of further
environmental harm. Contact the appropriate Environmental Protection Agency.
6. The environmental incidents has corrective action assigned.
7. All actions will be recorded
8. The preventive actions are verified in the Management review meeting to ensure they are
effective
References:
ISO 9001 ISO 14001 ISO 45001
10.2 8.6
Environmental Emergency Planning

Purpose and Scope
The purpose is to ensure that the organisation has an emergency plan to manage and test all types
of potential emergencies.
Emergency Plans
Procedure
1. All emergency situations will have an Environmental Emergency Plan

2. A copy of the environmental emergency plans will be in a readily accessible location for all
staff to refer to.
3. The emergency plan will incorporate all of the potential emergency situations that can affect
the site that the plan has been developed for, and how to respond to them.
Testing Emergency Plans
1. Trial Emergencies will be scheduled in the Manage Events module.

2. When completed, the event will be signed off and the evidence attached.
3. All emergency wardens will undertake in house training every 12 months in their role and
the emergency plan and procedures.
4. Training will be recorded on the individuals training record.
5. Any corrective actions or improvements will be recorded in the Improvement module.
6. Tests will be conducted every 6 months.
7. Following each test the Chief Warden will review the drill and implement any actions
identified with the other wardens.
References:
ISO 9001 ISO 14001 ISO 45001
8.2 8.6
Performance Evaluation
Monitoring, Measurement and Evaluation
Purpose and Scope
To describe how we will monitor, measure, analyse and evaluate the IMS in order to identify and
take suitable action to ensure the continual improvement of the management system.
Events Management Module.
BIC Reports.
Procedure
1. The company will determine:

a. The aspects of the IMS that will be monitored and measured.
b. The responsibilities, frequency and methods for monitoring, measurement, analysis
and evaluation needed.
c. The criteria against which we will evaluate its IMS performance.
d. When the monitoring and measuring:
i. Will be performed.
ii. Results will be analysed and evaluated.
2. The results of the analysis and evaluation conducted is to evaluate the:
a. Degree of customer satisfaction.
b. Conformity of products and services.
c. Performance and effectiveness of the IMS including the environment, health and
safety and quality.
d. If planning has been effectively implemented.
e. Effectiveness of actions taken to address risks and opportunities.
f. Performance of external providers.
g. Need for improvements to the IMS.
3. Appropriate documented information must be retained as evidence of the monitoring,
measurement, analysis and evaluation that is conducted.
Monitoring Arrangements
1. Generally, individual procedures within the IMS describe the specific monitoring,
measurement, analysis and evaluation requirements to be met.
2. Whenever required, an event will manage the process.
References:
ISO 9001 ISO 14001 ISO 45001
9.1 9.1 9.1
Internal Audit
Purpose and Scope
To describe the responsibilities and methods used to evaluate the effectiveness of the
implementation and maintenance of the IMS.
Audits and inspections are completed for the following purposes:
To identify the compliance status against the company policies, procedures, legal
requirements and other obligations including the ISO 9001,
To identify areas where IMS performance needs to be improved or changed.
To identify leading practice, so as such practices can be communicated and implemented in
other the company activities.
Internal and External Audit Reports.
Event Management Module.
Improvement Module.
Audit / Inspection Module.
Compliance module.
Procedure
The company will use the DIME matrix methodology for internal audits. This will be an audit of the
system based on the ISO clauses.
The company will audit using the Compliance Module to capture the records of DIME (documented,
implemented. monitored, evidence/effective).
1. An audit of the IMS will be conducted as per the schedule in Event Management Module.
2. An event will remind Management when the audit is due.
3. The Audit team will audit the assigned section of the IMS.
4. An auditor can’t audit a core function they are responsible for.
5. Once complete, the event will be signed off and a copy of the report uploaded.
6. An improvement will be raised for each non-conformance identified.
References:
ISO 9001 ISO 14001 ISO 45001
9.2 9.2 9.2
Management Review
Purpose and Scope
To ensure that the IMS is effectively reviewed on a regular basis with the purpose to:
Ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic
direction.
Consider relevant changes in external and internal issues, including changes to legislative
and other requirements.
Ensure all employees are aware of the current status of IMS performance and changes to
the IMS system and procedures.
Allow for all employees to provide suggestions, direction and resources for the continual
improvement of IMS performance.
Management Review Meeting Minutes.
Data in BIC.
Procedure
1. A formal review of the IMS is to be conducted every six weeks, all staff are invited and
expected to attend in person or via appropriate communication.
2. The agenda will be:
a. the status of actions from previous management reviews;
b. changes in external and internal issues that are relevant to the quality management
system;
c. information on the performance and effectiveness of the quality management
system, including trends in:
i. customer satisfaction and feedback from relevant interested parties;
ii. the extent to which quality objectives have been met;
iii. process performance and conformity of products and services;
iv. nonconformities and corrective actions;
v. monitoring and measurement results;
vi. audit results;
vii. the performance of external providers;
d. the adequacy of resources;
e. the effectiveness of actions taken to address risks and opportunities (see 6.1);
f. opportunities for improvement.
3. An event has been setup to ensure the Management Review happens.
4. The Management Representative will run, keep minutes and publish records in Event
Management module.
5. The Management review will follow the standard agenda format in the minutes.
6. Actions are assigned and recorded on the Management Minutes with agreed timeframes.
References:
ISO 9001 ISO 14001 ISO 45001
9.3 9.3 9.3
Improvement
Improvement and Corrective Actions
Purpose and Scope
To ensure that improvements, non-conformities and corrective actions are reported, recorded,
investigated and followed-up.
The procedure also ensures that non-conforming products or services are identified, reported,
recorded, investigated and controlled.
Improvement Module.
Procedure
1. Employees must report improvement opportunities, non-conformances, failures and any

other IMS issues.
2. Improvements can be initiated by any employee when any of the following issues are
identified:
a. To initiate a change to the IMS.
b. To initiate an improvement to the performance and effectiveness of the IMS.
c. When an innovation or improvement opportunity is identified.
d. When a non-conformance is identified at any time, (Software Bugs - non-
conformances are handled via Mantis software).
e. When a discrepancy, non-conformance or improvement is identified during auditing.
f. When a customer complaint or any significant customer feedback is received
(including compliments).
3. Improvements are to be retained in BIC including associated documents and records
with respect to the improvement
4. The improvement workflow will manage the improvement process
5. Findings will be reported to the Management Review meeting including their status.
References:
ISO 9001 ISO 14001 ISO 45001
10.1, 10.2, 10.3 10.1, 10.2, 10.3 10.1, 10.2, 10.3

Integrated Management System ManualQMS, EMS, OHSAS

Uploaded by

Copyright:

Available Formats

Integrated Management System ManualQMS, EMS, OHSAS

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Integrated Management System ManualQMS, EMS, OHSAS

Uploaded by

Copyright:

Available Formats

BASANT ICE CREAMS (REGD.) IMS MANUAL DOC. NO.

Integrated Management System

Partner Process .................................................................................................................................27

Context of the Organisation

External and Internal Issues

Consideration is given to the:

Positive and negative factors or conditions.

Vision, Mission and Values

Mission: Makes compliance enjoyable.

Values: Our customers’ are successful in compliance

Key Business Strategies

1. Ensuring that the:

The company’s IMS complies with:

The IMS consists of the following levels of documented information:

diagram of the structure of the IMS structure is presented below.

Forms, registers and records

They include the following:

Improvement Controls all reporting, investigation and corrective actions for

We are committed to:

Meeting legal requirements.

To achieve this we will:

We will measure our progress through:

We will enable this by:

Training our employees

The organisation is committed to environmental management and will:

Health and Safety Policy

Organisation Roles, Responsibilities and Authorities

Human Resources Module.

Access Rights Sub-Module.

The Management Team are to:

1. Ensure organisation-wide compliance to the IMS.

The Management Representative is to:

1. Ensure that the:

Employees are to:

Suppliers and Contractors are to:

Risk Management Module.

Events Management Module.

Human Resources Module.

Legal and Other Requirements

Means of Ensuring Compliance

Means of Verifying Compliance

Objectives, Targets and Plans

Management Review Minutes.

Objectives, Targets and Plans

Asset Register (BIC)

Plant and Equipment

Training, Competency and Knowledge Management

Human Resources Module.

Event Management Module.

1. Employee setup in Employee module

Initial Employee Assessment:

Further Assessment of Employee Competency and Training Needs

1. The employees manager is responsible for conducting:

1. Relevant suppliers must be inducted prior to commencement of work in accordance with

1. In-house training is to be conducted by appropriately skilled and competent trainers with

The following items are how we capture knowledge:

Monthly Company meetings

Communication, Consultation and Awareness