is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
The drive for compliance
02 Oct 2006
Topics: PAS 99
Toyota first took to the road in Britain back in 1965 with the launch of the Corona saloon. Fast forward to 2006 and the company is celebrating another milestone: its two-millionth UK vehicle sale. In the four decades since Toyota first put tyre to tarmac within the UK, the company has built a high-profile presence with an enviable reputation for quality.
Building a successful brand means focusing on customer needs: providing the right products and services are primary obligations. They're not the only obligations, though. Corporate compliance - the management of legal and regulatory responsibilities, including conformance to standards - is becoming increasingly important for business. And the automotive business is no exception.
In the UK, vehicle sales and marketing is handled by Toyota (GB) PLC. In the shorthand of the automotive industry, Toyota GB is an "NMSC" - a national marketing and sales company. As well as selling and marketing cars, the company is responsible for the import and "Port-of-Entry" enhancement of vehicles destined for the UK market.
What exactly does compliance mean for Toyota GB?
"In a nutshell, it's making sure that Toyota (GB) and its subsidiary companies comply with all legislation, regulations, standards and codes of practice," says Richard Burgess, manager of corporate compliance.
"As a company, we always seek to be at the forefront of best business practice and a good corporate citizen. If there's anything out there as a legal requirement or as a business rule, then we will make sure that the company complies with it across all of our operational sites.
"It's my job to make sure that we've got policies, procedures and processes documented and in place - and to make sure that all employees across the organization comply with those requirements."
It's hard to place a cash value on compliance, but so is calculating the potential cost of non-compliance: "Can I give you a definitive answer that says we contribute X amount to the bottom line?" asks Burgess. "No. It's an intangible, but if you get it wrong as a blue chip, you know the regulatory authority is going to come down hard on you."
Up to standard
Management systems are at the heart of the compliance mission. The systems needed to comply with the three HSEQ standards (which are health/safety, environment and quality) have a number of common elements. For this reason, it's possible to roll all three into a single management system - and more forward-looking organizations are taking this route.
In its simplest sense, an effective enterprise-level management system comprises just three elements: clearly defined obligations, the ability to communicate requirements effectively and a records system that can be audited. IT applications play an increasingly important role in this arena, particularly in relation to communication and record keeping. Official recognition that a standard or standards have been achieved - registration - is a fourth element, with certification provided by an accredited third-party assessor.
At Toyota GB, health, safety, environment and quality standards assessment is carried out by BSI Management Systems UK. Toyota uses the market-leading Entropy System™ for HSEQ task management and data capture as part of this process. The Entropy System™, produced by BSI Entropy International, a BSI Group acquisition in June 2006, is an essential ingredient in Toyota GB's compliance management strategy: "The Entropy System™ is very simple and because it's web-based, any updates to the system are dynamic - they're immediately reflected for everybody to see," explains Bill Coupe, client services manager (Europe) at BSI Entropy International. The Entropy System™ can also take care of training needs. "If knowledge of an operating procedure is required for a certain role at a facility this association can be made in the application, thus enabling email notifications to be sent to the individuals with that role and exception reports to be run for those people who have not yet been trained."
Toyota GB - which also uses other IT applications including Control-ES as part of its compliance strategy - purchased the Entropy System™ back in July 2001 following the decision to adopt an integrated management system.
"At the time, there was nothing else that would give us all three - health and safety, environment and quality - as one solution," says Burgess. "The system we'd used prior to that was great from the point of view of document management, which tied in with the quality management aspect, but we couldn't use it for carrying out risk assessments or environmental evaluations. Entropy was virtually the only thing in the marketplace."
Migration to the new system was made in record time - it took Burgess's team just three weeks to upload the relevant data. The task was complete by August 2001 and triple certification was achieved the following month.
"Entropy is a one-stop shop," says Burgess. "You can find exactly the information you want. You can carry out a risk assessment - and then go on to set up an action plan with a statement of who needs to do what, by when."
Having the right software is important. But for many organizations, getting people to use it is half the battle - particularly in an environment where employees use a range of applications, some of which might not ordinarily be needed on a daily basis. That's not a problem with Entropy because the system sends targeted email notifications automatically.
"That's helped hugely," says Burgess. "The Entropy System™ will send an email citing the task to be completed - the title of the task acts as a hyperlink, which will take you straight into the page so you can go and see what it was that was expected of you, where the documentation is and what you need to do to fulfil your requirements. Email notification has helped get people to remember and to be aware of their compliance requirements."
With approximately 400 employees spread over five operational sites across the UK, keeping track of compliance issues using a traditional paper-driven system would be almost impossible for Toyota GB.
"One of the reasons I put a lot of trust and faith in software is the simple fact that I can't be everywhere all the time" says Burgess. "With the Entropy System™, I can look at what the issues are, what non-conformances have been raised, what action plans there are, what incidents they've had and whether they have completed the audits in time. I don't have to be there. I can review Entropy via the corporate intranet and get a flavour of issues, concerns or incidents that have happened."
It's getting better all the time
The hunger to seek out better ways of doing things is embedded in Toyota's corporate philosophy: the "Toyota Way". Kaizen, which means continuous improvement, is one of the cornerstones of that philosophy.
A similar concept - continual improvement - is a key element of BS EN ISO 9001:2000 Quality management systems - Requirements. For the automotive sector, compliance with the first versions of this standard - which appeared back in the nineties - was essential to satisfy the demands of vehicle fleet operators. For Toyota GB, which was already doing most of the things described in the standard, achieving compliance was a straightforward matter.
Quality management has also provided a platform around which other compliance activities have crystallized over the last decade. In 1999, Toyota GB's parent company - Toyota Motor Corporation of Japan - announced the requirement for all sites to comply with the environmental standard, ISO 14001. The same year saw the introduction of the occupational health and safety specification OHSAS 18001, also adopted by Toyota GB.
On the face of it, health and safety, environment and quality do not appear to have much in common. Dig down, though, and a number of common elements emerge. Identification of these provided the catalyst for Toyota GB's move to an integrated management system in 2001.
"What you tend to find is that there's a lot of shared aims between these three silos of management," says BSI Entropy International's Bill Coupe. "Rather than repeating the exercise three times, it makes more sense to look for the integration points. There's a lot of commonality there."
Toyota GB's assessment and certification to HSEQ standards is done by BSI Management Systems. From a business perspective, there's more to certification than just maintaining the badge on the wall and Toyota demands high levels of commitment from its partners: "I expect a lot from our certification body," says Burgess. "What BSI brings to the party is the whole concept of having a third-party pair of eyes that can look at the business. They review the operational procedures and processes that we've developed and will make sure we comply, but at the same time, it's having somebody who can step back from the day-to-day job."
The last five years have seen compliance issues increasingly dominate the business agenda and the ability to steer a course through the changing legal and political landscape has never been more important. Corporate compliance requirements are diverse.
"With 9/11, we were asked to develop a Business Continuity Plan. We have been challenged by topics such as the Insurance Mediation Directive [which is intended to create a single market in insurance via a ?passport' for EU retail insurance intermediaries] and Vehicle Type Approval: even the most modest vehicle modifications carried out to fine-tune models for the UK market, come under stringent European type-approval regulations," explains Burgess. "Corporate compliance as a department has evolved and has grown to reflect the fact that blue chip organizations need to look at how they comply with legal requirements. We make assurances to the board to confirm that we have internal audit processes in place and that we regularly monitor the business, not just from a process perspective but more importantly, from the perspective of compliance with legislation."
And what's next on the compliance roadmap?
"Sarbanes-Oxley is going to be a focal point for my department over the next 12 to 18 months," says Burgess. "We're also working on the Regulatory Reform (Fire Safety) Order which came into force this month and carrying out fire risk assessments across all of our sites to make sure we comply with all of the requirements. There will always be changes in legislation. It's a hugely diverse area, we've never failed yet - and I don't intend to in the future!"
For more information about the Entropy System™, please visit:
www.bsi-entropy.com
To learn more about the Integrated Assessment service solution, please visit:
www.bsi-global.com/oct06integrated
>CASE STUDY: Putting it all together
The primary management system standards - for quality (BS EN ISO 9001), environment (BS EN ISO 14001) and the occupational health and safety specification (OHSAS 18001) - contain many common elements. These standards are sometimes generically described as HSEQ requirements - health/safety, environment and quality. Each standard can be managed independently, but a growing number of organizations, such as Toyota (GB), are reaping the benefits of adopting a three-in-one approach, with a single integrated management system covering all three spheres. Providing a blueprint for integration is the role of a new publicly available specification - PAS 99: Specification of common management system requirements as a framework for integration. Launched in September 2006, PAS 99 is the world's first integrated management requirements specification and provides clear guidance on how companies can gather existing management systems under a single umbrella. It provides an over-arching framework for integration - it does not replace the primary standards.
For more on PAS 99, see:
www.bsi-global.com/oct06integrated
>CASE STUDY: Toyota in perspective
Toyota Motor Corporation (TMC), founded in 1937, is the world's second-largest vehicle maker. Toyotas are now built in 27 countries, for sale in 160 markets, and the company employs more than 280,000 people worldwide. In the first six months of this year, it produced more than four million vehicles. In Britain, where annual sales in 2005 were 138,500 (excluding Lexus), sales and marketing of passenger cars and commercial vehicles are handled by Toyota (GB) PLC, a wholly-owned subsidiary of TMC. With 17 Toyota and six Lexus models, Toyota offers the widest product range of any manufacturer in the UK.
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
A clear case for carbon neutrality
"Carbon neutral" sounds good on paper, but what does it really mean? Organizations are making claims about carbon neutrality for everything from products to travel, events, projects and buildings. The problem is that no one quite agrees what "carbon neutral" means or how far it extends.
A little bit extra for Kitemark® bodyshops and garages
It's all well and good for an automotive bodyshop to earn the Thatcham BSI Kitemark® for Vehicle Body Repair, but it won't have as much impact if potential clients don't know about it. As a consequence, BSI decided to offer an Extras marketing toolkit to bodyshops and garages that have earned the Kitemark.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
Sapphire earns a standards hat-trick
Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.
As part of its evolving governance, risk and compliance strategy, BSI has acquired the Supply Chain Security Division of First Advantage Corporation.
Question: What impact do you think BCM could have on business insurance in the future?
It is essential that any business suffering a disaster is able to continue as near normal trading in the shortest possible time period to survive. To achieve this, an organization should implement a comprehensive well-tested business continuity plan (BCP) as a first step. Insurance should be viewed as an extension to the BCP process, not an alternative.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
