You are on page 1of 131

Doc. No.

: SISCOL-IMS-MANUAL
Integrated Management System EFF.
Page 1 of xx
DT.
Rev. No.: 00
: 1stJune, 2011
Eff. Dt.: 6th February, 2018
DOC NO: LNTP/IMS REV NO: 00

INTEGRATED MANAGEMENT SYSTEM


(IMS) MANUAL
(QMS, EMS & OHSAS and ISMS)

MANAGEMENT
PREPARED BY REVIEWED BY APPROVED BY
SYSTEM

QMS

Vinod Srinivasa V K Bansal V K Bansal


EMS & OHSAS

ISMS
31.01.2018 03.02.2018 05.02.2018

AUTHORISED BY
Ravi Uppal
Chairman & Managing Director
06.02.2018
Head Office: 806, Kailash Building, 26 K G Marg, New Delhi - 110 001, INDIA
Manufacturing Setup: Bhilai, Chattisgarh, INDIA and Design Office: Bangalore, INDIA
IMS MANUAL Page 2 of 118
Eff.: 6th Feb, 2018
AMENDMENT HISTORY Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.2

AMENDMENT HISTORY

Rev. No. Date Remarks


A 31.01.2018 Issued for Review/Comments
00 06.02.2018 Issued for Implementation

UNCONTROLLED DOCUMENT IF PRINTED



IMS MANUAL Page 3 of 118
Eff.: 6th Feb, 2018
TABLE OF CONTENTS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.3

Chapter Page
Content
No. No
0.1 Cover Page 01
0.2 Amendment History 02
0.3 Table of Contents 03
0.4 Manual Authorization 04
0.5 Abbreviations 05 – 06
0.6 Mapping of Clauses 07 - 10
1 Introduction 11 – 13
2 Administration of Manual 14 – 15
3 IMS Policy 16
4 Context of the Organization 17 – 20
5 Leadership 21 – 25
6 Planning 26 – 32
7 Support 33 – 41
8 Operation 42 – 60
9 Performance Evaluation 61 – 68
10 Improvement 69 – 72
Annexure A List of Documented Information 73 - 74
Common Processes
B.1. Control of Documented Information (LNTP-CP-01) 75 – 79
B.2. Risk and Opportunity Identification, Assessment,
80 – 84
Implementation and Reviewing effectiveness (LNTP-CP-02)
Annexure B B.3. Internal Audit (LNTP-CP-03) 85 – 89
B.4. Non-Conformance & Corrective Action (LNTP-CP-04) 90 – 95
B.5. Competence Development (LNTP-CP-05) 96 – 99
B.6. Management Review Meeting (LNTP-CP-06) 100 – 104
B.7. Objective Setting (LNTP-CP-07) 105 – 108
Annexure C Terms & Definitions 109 - 118

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 4 of 118
Eff.: 6th Feb, 2018
AUTHORIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.4

IMS Manual Authorization


SISCOL is engaged in the design, engineering, manufacturing, logistics, erection and project
management of structural steel based solutions for varied infrastructural sectors. To meet the
customer’s requirements and ensure systematic working, guidelines have been described in
this manual. This Integrated Management System (IMS) Manual bears the authorization of the
undersigned.

This IMS Manual describes the Quality, Environment, Occupational, Health & Safety and
Information Security Management Systems’ requirements adopted by SISCOL and has been
formulated as per the requirements of ISO 9001:2015, ISO 14001:2015, OHSAS 18001:2007
and ISO 27001:2013.

All Directors and Functional Heads are responsible for ensuring compliance with the
requirements mentioned in this manual. They have the authority to form an appropriate
organization for discharging their functions, responsibilities and resolving non-conformities
within their departments.

Chairman & Managing Director designates Head – Quality, EHS & Training as Management
Representative (MR) for IMS. The MR has the organizational freedom and responsibility to:

 Implement and maintain this manual with the objective of continual improvement and
to prevent non-conformities
 Assess the compliance through internal audits and identify non-conformities, to initiate
necessary corrective action with the involvement and support of all the relevant
functions, monitor and verify the same; for ensuring improvement in organizational
processes
 Provide feedback to the Management about the performance of the Integrated
Management System
The Management Representative has the authority to stop any work which is not in accordance
with this manual and/or the specified requirements.

New Delhi
Date: 06.02.2018

Ravi Uppal
Chairman & Managing Director


UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 5 of 118
Eff.: 6th Feb, 2018
ABBREVATIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.5

ABBREVATIONS

Systems, Spirit, Simplicity &


4S MRM Management Review Meeting
Speed
ALARP As Low As Reasonably Practicable MS Management Systems
Business Development &
BD&M MSDS Material Safety Data Sheet
Marketing
BOM Bill of Materials NC Non Conformity
CA Corrective Action NCR Non Conformity Report
CFT Cross Functional Team OCP Operating Control Procedure
CMD Chairman & Managing Director ODC Over Dimensional Cargo
CP Common Process OEM Original Equipment Manufacturer
CTQ Critical to Quality OFI Opportunity for Improvement
D&D Design & Development OH&S Occupational Health and Safety
Occupational Health and Safety
D&E Design & Engineering OHSAS
Assessment Series
Occupational Health & Safety
DCP Department Control Procedure OHSMS
Management System
DI Documented Information PDCA Plan-Do-Check-Act
DRM Department Review Meeting PMG Project Management Group
EAI Environmental Assessment Impact PO Purchase Order
EHS Environment, Health & Safety PR Purchase Requisition
Environmental Management
EMS PRM Project Review Meeting
System
Ext. External QA Quality Assurance
FH Functional Head QAP Quality Assurance Plan
FQAP Field Quality Assurance Plan QC Quality Control
FTR Field Trouble Report QHSE Quality Health Safety Environment
GRN Goods Receipt Note QMS Quality Management System
Responsible-Accountable-Support-
H&S Health & Safety RASCI
Consult-Inform
Hazard Identification and Risk
HIRA RCA Root Cause Analysis
Assessment
Rev.
HLS High Level Structure Revision Number
No.
HOD Head of Department ROAM Risk & Opportunity Assessment Model
HR Human Resource SCM Supply Chain Management
IMS Integrated Management System SDR Site Deviation Report
Incl. Including SIPOC Supplier-Input-Process-Output-Customer
Int. Internal SISCOL Steel Infra Solutions Pvt. Ltd.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 6 of 118
Eff.: 6th Feb, 2018
ABBREVATIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.5

IS Information Security SoA Statement of Applicability


Information Security Management
ISMS SOP Standard Operating Procedure
System
International Organization for
ISO SPoC Single Point of Contact
Standardization
IT Information Technology TM Top Management
ITP Inspection & Test Procedure TPIA Third Party Inspection Agency
JD Job Description TSA Technical Service Agreement
KMS Knowledge Management System UoM Unit of Measurement
KPI Key Performance Indicator VoC Voice of Customer
MDL Master Document List w.r.t with respect to
MoM Minutes of Meeting WI Work Instruction
MR Management Representative

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 7 of 118
Eff.: 6th Feb, 2018
MAPPING OF CLAUSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.6

MAPPING OF CLAUSES
ISO ISO OHSAS ISMS
Clause Description
9001:2015 14001:2015 18001:2007 27001:2013
Understanding the
organization and its 4.1 4.1 4.1 4.1
context
Understanding the needs
and expectations of 4.2 4.2 4.1 4.2
interested parties
Determining the scope of
the integrated 4.3 4.3 4.1 4.3
management system
Integrated management
4.4 4.4 4.1 4.4
system and its processes
Leadership and
5.1 5.1 - 5.1
commitment
Leadership and
5.1.1 5.1.1 4.1 5.1
commitment (General)
Leadership and
commitment (Customer 5.1.2 5.1.2 4.3.2 5.1
focus)
IMS Policy 5.2 5.2 4.2 5.2

Establishing the IMS Policy 5.2.1 5.2.1 4.2 A.5


Communicating the IMS
Policy
5.2.2 5.2.2 4.2 A.5
Organizational roles,
responsibilities and 5.3 5.3 4.4.1 5.3
authorities
Actions to address risks
6.1 6.1 4.3.1 6.1
and opportunities
Environmental
Assessment Impact (EAI) - 6.1.2, 6.1.4 4.3.1 -
and HIRA
Legal and other
- 6.1.3 4.3.2 -
requirements
Information Security Risk
Assessment
- - - 6.1.2/8.2
Information security risk
treatment
- - - 6.1.3/8.3
Objectives, targets and 6.2 6.2 4.3.3 6.2


UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 8 of 118
Eff.: 6th Feb, 2018
MAPPING OF CLAUSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.6

programs (planning to
achieve them)
Planning of changes 6.3 6.3 4.3.3 -
Resources (General,
People, Infrastructure,
7.1 7.1 4.4.1 7.1
Environment for the
operation of processes)
Monitoring and measuring
resources
7.1.5 - - -
General 7.1.5.1 7.1 4.4.1 -
Measurement traceability 7.1.5.2 7.1 4.4.1 -

Organizational knowledge 7.1.6 - - -

Competence 7.2 7.2 4.4.2 7.2

Awareness 7.3 7.3 4.4.2 7.3


Communication (General,
Internal, External, 7.4 7.4 4.4.3 7.4
Reporting etc.)
Documented information 7.5 7.5 4.4 7.5

General 7.5.1 7.5.1 4.4.4 7.5.1

Creating and updating 7.5.2 7.5.2 4.4.5 /4.5.4 7.5.2


Control of documented
information
7.5.3 7.5.3 4.4.5 7.5.3
Operational planning and
8.1 8.1 4.4.6 8.1
control
Requirements for
8.2 4.4.6 4.4.6 -
products and services
Customer communication 8.2.1 7.4 4.4.3 -
Determining the
requirements related to 8.2.2 8.1 4.4.6 -
products and services
Review of requirements
related to products and 8.2.3 8.1 4.4.6 -
services
Changes to requirements
for products and services
8.2.4 8.1 4.4.6 -
Design and development 8.3 8.1 4.4 8.1


UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 9 of 118
Eff.: 6th Feb, 2018
MAPPING OF CLAUSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.6

of products and services


General 8.3.1 8.1 4.1 8.1
Design and development
8.3.2 8.1 4.4.6 8.1
planning
Design and development
8.3.3 8.1 4.4.6 8.1
inputs
Design and development
8.3.4 8.1 4.4.6 8.1
controls
Design and development
outputs
8.3.5 8.1 4.4.6 8.1
Design and development
changes
8.3.6 8.1 4.4.6 8.1
Control of externally
provided processes, 8.4 8.1 4.4 8.1
products and services
General 8.4.1 8.1 4.4.6 8.1
Type and extent of control
(Purchasing Process and 8.4.2 8.1 4.4.6 8.1
controls)
Information for external
providers 8.4.3 8.1 4.4.6 8.1

Production and service


provision 8.5 8.1 4.4.6 8.1

Control of production and


service provision
8.5.1 8.1 4.4 8.1
Identification and
traceability
8.5.2 - - -
Property belonging to
customers or external 8.5.3 - - -
providers
Preservation 8.5.4 8.1 4.4.6 -
Post-delivery activities 8.5.5 8.1 4.4.6 -
Control of changes 8.5.6 8.1 4.4.6 7.5.3
Release of products and
8.6 8.1 4.4.6 / 4.5.1 -
services
Control of nonconforming
8.7 8.1/10.1 4.4.7 / 4.5.3 10.1
outputs
Emergency Preparedness - 8.2 4.4.7 -


UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 10 of 118
Eff.: 6th Feb, 2018
MAPPING OF CLAUSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.6

& Response
Monitoring,
measurement, analysis 9.1 9.1 4.5 9.1
and evaluation
Internal Audit 9.2 9.2 4.5.5 9.2
4.2 / 4.3.3 /
Management Review 9.3 9.3 9.3
4.5.3/4.6
4.2 / 4.3.3 /
Improvement (General) 10.1 10.1 10
4.6
Nonconformity and
10.2 10.2 4.5.3 10.1
corrective action
Incident investigation - - 4.5.3.1 -
4.2 / 4.3.3 /
Continual improvement 10.3 10.3 10.2
4.6


UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 1

INTRODUCTION
IMS MANUAL Page 11 of 118
Eff.: 6th Feb, 2018
AUTHORIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 1

1.1 PURPOSE

This manual has been developed keeping in view the requirements of


International Standards: ISO 9001:2015, ISO 14001:2015, OHSAS 18001:2007
and ISO 27001:2013 management systems. This is an Integrated Management
System Manual. The objective of this manual is to map the requirements of
these International Standards vis-à-vis SISCOL’s business processes. The
requirements specified in this manual are primarily focusing on the following:
 Achieving customer satisfaction by providing all the deliverables as per their
requirements
 Ensuring process approach for establishing, implementing, maintaining and
continually improving above management standards
 Continually improving SISCOL’s business processes
 Endeavouring to achieve business excellence through process standardization
& innovation, benchmarking and continual improvement of our people,
products and services
 Establishing a systematic approach to risk management
 Designing of environmental friendly products and solutions to minimize the
impact of the product/solution/service on the environment throughout their
life cycle and to meet new environmental challenges through conservation of
natural resources, technological innovation and continual improvement
 Complying with all the applicable legal, regulatory and other provisions
related to environment, health & safety and information security
 Ensuring confidentiality, integrity and availability of business information
and information processing assets
 Committed to the prevention of injury and ill health of our employees by
ensuring compliance with the safe working practices and procedures
established by the organization

1.2 OVERVIEW OF COMPANY


Steel Infra Solutions Pvt. Ltd. (SISCOL) is a unique firm with comprehensive
capability for providing end-to-end structural steel based solutions covering
complete value chain of activities ranging from design, engineering, fabrication,
installation at site and project management for the diverse infrastructural
projects across the globe. SISCOL visions to be India’s largest supplier of steel
based infrastructure solutions. More on: http://www.siscol.in

SISCOL pioneered by a group of visionary & experienced veterans of India’s Steel


and Construction industry has entered into a Technical Service Agreement (TSA)
with Yongnam of Singapore to provide state-of-art and complete end-to-end
solutions as a part of value proposition. A strong customer-focused approach

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 12 of 118
Eff.: 6th Feb, 2018
AUTHORIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 1

and constant quest for top-class quality enables SISCOL to remain competitive
and sustain leadership position.

SISCOL has integrated following as its strengths from Design to Delivery:


- Architectural & structural design
- Design & detailed engineering
- Manufacturing & logistics management
- Erection & projects management,
to offer single point responsibility under stringent delivery schedules and is
committed to demonstrate the best project management practices,
environmental friendly technologies and ensuring health & safety of all people.
To carry out the above functions in the most efficient manner, following
organization structure and overall process will be deployed:

SISCOL Organization Structure

UNCONTROLLED DOCUMENT IF PRINTED



Market Comments/
Deviation from Continual Improvement
Identification of business related fns (ex.QM,
EHS,LTSL,JVs etc)
opprtunity or Receipt of
Review by
Tender/Enquiry/Business Marketing
Information/Request for offer by & Proposal
FEM/M&P

Preparation of offer Corrective and Preventive actions

Letter of Award/Letter of Commn. to Industry by


Intent Corp. Commn Dept

Performance
monitoring/
Contract Review/
internal audits/
Signing data analysis

D&D Planning,
Review, V&V
IMS MANUAL

Customer Feedback

Cusomer Requirements
AUTHORIZATION

Enabling
Overall Processflow

Risk Functions/Support
Engineering SCM QM & EHS Construction Commissioning

UNCONTROLLED DOCUMENT IF PRINTED


Mgmt. Processes (HR,
F&A, Admin, IT)
Doc. No.: SISCOL-IMS-MANUAL

Delivery to
Planning Product/
Source & In-process Final customers
& Service/ Installation &
Procurement Receipt inspection inspection and After
Resource Project Comissioning
inspection Sales
allocation Realization
Service

DOC NO: LNTP-IMS-FC-000; Rev. No. 00; Eff. Date: 30.06.2011


Rev. No.: 00
Chapter No. 1
Page 13 of 118
Eff.: 6th Feb, 2018
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 2

ADMINISTRATION OF
MANUAL
IMS MANUAL Page 14 of 118
Eff.: 6th Feb, 2018
ADMINISTRATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 2

2.1 INTRODUCTION
This IMS Manual describes the Quality, Environment, Occupational Health &
Safety (OH&S) and Information Security Management Systems requirements
adopted by SISCOL. This manual lists down the procedures and measures
stipulated for ensuring the quality of products and services through use of safe
and environmental friendly work practices. This manual includes policies,
processes, broad risk assessment methodology and controls for ensuring
information security.

The Integrated Management System has been formulated on the basis of ISO
9001, ISO 14001, OHSAS 18001 and ISMS 27001. This section titled “IMS
Manual Administration” explains the Structure, Issue, Updating and Approval of
the Integrated Management Systems Manual. This manual and the information
incorporated herein are the property of SISCOL. It must not be reproduced in
whole or in part or otherwise, disclosed without prior consent in writing from
SISCOL.

2.2 STRUCTURE OF THE MANUAL


All the chapters are arranged sequentially as per the High Level Structure (HLS)
of ISO. The respective requirements of QMS, EMS, OHSMS and ISMS are
embedded into these clauses at relevant locations. This manual is available in
English language only.

2.3 MANUAL ISSUE PROCEDURE


Head – Quality, EHS & Training has been designated as Management
Representative for IMS (QMS, EMS, OHSAS and ISMS) and is authorized by the
Chairman & MD to carry out the activities related to preparation, issue,
deployment, maintenance and updating of this Manual.

This Manual is available as PDF/ XPS file at all the relevant locations. No hard
copy of the manual is being distributed unless otherwise required, as this
manual becomes uncontrolled document if printed.

Note: If this manual is revised or updated, then the older version gets
superseded

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 15 of 118
Eff.: 6th Feb, 2018
ADMINISTRATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 2

2.4 MANUAL REVISION, UPDATION & AMENDMENT


PROCEDURE
The IMS Manual is reviewed when management systems standards get
revised/updated or as-and-when the organization needs a change to its
management systems by the Management Representative in consultation with
Leadership Team; and authorization by Chairman & MD of SISCOL. No revision
is implemented unless it has been approved and formally issued.

When revisions take place, the revisions are indicated by the revision number
in the document and recorded in the Amendment History (Chapter 0.2) of this
manual. As suitable, the manual may be re-issued when sufficient no. of
amendments have been made in it or on account of major changes to the
requirements of the standards in Quality, Environment, OH & S and ISMS
Management Systems.

2.5 APPROVAL OF MANUAL


This manual is approved by the CMD designated MR of SISCOL. No part of this
manual shall be reproduced in any form without the prior approval from the
concerned MR.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 3

IMS POLICY
IMS MANUAL Page 16 of 118
Eff.: 6th Feb, 2018
IMS POLICY Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 3

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 4

CONTEXT OF THE
ORGANIZATION
IMS MANUAL Page 17 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4

4.1 PURPOSE
To describe a system for understanding the organizations and its context along
with needs and expectations of interested parties and identification of internal
& external issues, that can impact on the planning of the quality management
system & operations.

4.2 SCOPE
Covers all activities under the scopes of the following Management Systems:
a) Quality Management System (QMS)
b) Environment Management System (EMS)
c) Occupational Health and Safety Assessment Series (OHSAS)
d) Information Security Management System (ISMS)

4.3 OVERALL RESPONSIBILITY


Top Management
Management Representative
Concerned Head of the Departments (HODs)

4.4 Context of the organization

4.4.1 Understanding the organization and its context


ISO 9001 (4.1), ISO 14001 (4.1), OHSAS 18001 (4.1) & ISO27001 (4.1)
SISCOL shall determine, monitor and review external and internal issues that
are relevant to its purpose and its strategic direction and that affect its ability
to achieve the intended result(s)/outcome(s) of Integrated Management System
(IMS) through:

‐ Annual General Body Meetings (AGMs)


‐ Board Meetings
‐ Strategic Meetings
‐ Objective Setting Workshops
‐ Periodic Reports issued by Marketing & Business Development
‐ Management Review Meetings
‐ Project Review Meets
‐ Sustainability/CSR Review Meets
‐ Investors Meet

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 18 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4

‐ Statutory and Regulatory Bodies


‐ Customer meetings
‐ Employee engagement platforms & initiatives
‐ Business Associates meetings and feedback
‐ Customer Survey etc.

The issues arising from (but not limited to):


‐ External: legal, technological, competitive, market, cultural, social and
economic environments, whether international, national, regional or
local and
‐ Internal: values, culture, people, knowledge and performance of the
organization; constitute our approach.

4.4.2 Understanding the needs and expectations of interested parties


ISO 9001 (4.2), ISO 14001 (4.2), OHSAS 18001 (4.1/4.4.4) & ISO27001 (4.2)

SISCOL continuously identifies interested parties that effects or have potential


effects on ability to consistently provide products and services that meet
SISCOLs legal, regulatory and customer’s requirements, which are:
‐ Customers (Internal/External)
‐ Shareholders/Investors
‐ Corporate Functions
‐ Lenders
‐ Statutory and Regulatory body
‐ Business Associates (incl. Suppliers, Contractors, Service Providers)
‐ Employees
‐ NGOs
‐ Society at large etc.

The requirement related to these interested parties are being determined,


monitored and reviewed during various meeting as mentioned in 4.4.1 of this
manual.

4.4.3 Determining the scope of the integrated management system


ISO 9001 (4.3), ISO 14001 (4.4.4), OHSAS 18001(4.1/4.4.4), ISO 27001 (4.3)

This manual describes the core elements of Management Systems & their
interaction and provides directions to the execution of various processes.
The manual includes:
a) Scope, boundaries and exclusions including justifications for the same

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 19 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4

b) Reference to documented common processes established for the Quality,


Environment, Occupational Health & Safety and Information Security
Management Systems, including the interaction between the processes
(List of DACPs as per Annexure-A and Common Processes as per Annexure-
B and overall flow chart as per Chapter-1)

While determining the scope & boundary of Integrated Management System in


SISCOL, the organization considers the external and internal issues (referred in
4.4.1 of this manual), the requirements of relevant interested parties (referred
in 4.4.2 of this manual), for the products and services of SISCOL.

4.5 Integrated Management System and its processes


(SYSTEM DESCRIPTION)
4.5.1 General Requirements
ISO 9001 (4.4), ISO 14001 (4.4), OHSAS 18001 (4.1/4.4.4) & ISO27001 (4.4)

4.5.1.1 All the applicable major processes under the ambit of SISCOL have been
identified and their interaction is depicted in the overall flow chart (Chapter - 1).

4.5.1.2 SISCOL determines the inputs required and the outputs expected, assigning
of responsibilities and authorities, addressing the risks and opportunities for
each of the processes (by defining SIPOC, RASCI, ROAM etc. as one of the
methods) in its DCP and allied documents

4.5.1.3 Criteria for operation & control of these processes are defined in various
DACPs, Flow Charts, Operation Control Procedures, Work Instructions,
Control Objectives, SOPs as applicable at relevant stages of the processes

4.5.1.4 During the complete life cycle of the manufacturing and project
management/execution, relevant information and adequate resources are
ensured, so that these processes are carried out & monitored in a controlled
manner

4.5.1.5 To ensure that all the identified processes continue to remain effective,
these are monitored through regular process/project/product/system audits
& reviews as per the responsibilities defined in IMS manual, DCPs,
Procedures, SOPs etc.

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 20 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4

4.5.1.6 As per the organizational mandate and business requirements, time bound
key performance indicators (KPIs) are identified and monitored for their
realization.

4.4.2 Documented Information


ISO 9001 (4.4.2), ISO14001 (7.5), OHSAS 18001:2007 (4.4.4), ISO 27001 (7.5)

IMS
Manual
(Level-1)

Department Control
Procedures - DCPs
(Level - 2)

SOPs, WIs, OCPs, Checklists,


Formats (Level-3)

3-tier documented information structure in SISCOL

4.4.2.1 Integrated Management System documentation includes:


a) IMS Policy, Objectives and Deployment Programmes
b) IMS Manual
c) DCPs, SOPs, Work Instructions, Quality Plans, OCPs, KPIs, MSDS,
Directives, Forms & Guidelines, Control Objectives, Risk identification,
analysis and mitigation plans, on site emergency Preparedness plan,
Statement of Applicability etc.
d) Common processes and Standard Operating Procedures (SOP) applicable
throughout the organization are referred in the Manual
e) Documented information required demonstrates the evidence of
operation and control of processes and as per requirements of these
standards.

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 5

LEADERSHIP
IMS MANUAL Page 21 of 118
Eff.: 6th Feb, 2018
LEADERSHIP Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 5

5.1 PURPOSE
To describe the Leadership engagement, accountability & commitment for
establishing, implementing, sustaining, creating awareness & continually
improving the Quality, EHS and Information Security Management Systems
and integrating the requirements of the management system into core
business to achieve its intended outcomes.

5.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1 of this document.

5.3 OVERALL RESPONSIBILITY


Top Management
Leadership Team
Concerned Head of the Departments (HODs)

5.4 SYSTEM DESCRIPTION


5.4.1 Leadership & Commitment

5.4.1.1 General
ISO 9001 (5.1.1), ISO 14001 (4.1), OHSAS 18001 (4.1) & ISO27001 (5.1)

Top Management of SISCOL is committed and accountable for the development,


implementation, involvement and continual improvement of the integrated
management system by:
a) Involvement in preparation, review, approval and authorization of IMS
Manual by Chairman & MD
b) Involvement in review and approval of IMS Policy in reference to the
context and strategic direction of the organization
c) Various management committees comprising of functional heads/HODs and
other senior management have been constituted to review the status of
various management systems
d) Ensuring the integration of Management Systems’ requirements into the
organization’s processes
e) Communicating all the employees the importance of meeting customer
requirements, project requirements, EHS requirements, information
security related requirements and applicable statutory & regulatory

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 22 of 118
Eff.: 6th Feb, 2018
LEADERSHIP Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 5

requirements through regular training programmes, emails, display of


documents, in-house magazines, web sites, in-house circulars and meetings
f) Encourage and ensure that all the persons in the workplace adhere to the
management systems requirements and have process & risk based approach
at their work place
g) Communicating documented IMS/Corporate policy to all the stakeholders
and ensuring compliance at all relevant functional levels
h) Ensuring that IMS objectives (KPIs) are established, reviewed and achieved
at organizational and functional levels, relevant to delivering the
process/product/services to achieve customer satisfaction
i) Ensuring the availability of resources (people, finance, infrastructure, IT,
communication, transportation, canteen, etc.) to establish, implement,
operate, monitor, review, maintain and continually improve IMS
j) Defining roles, allocating responsibilities & accountabilities and delegating
authorities to demonstrate leadership and facilitate effective
implementation of IMS in the organization
k) Deciding the criteria for accepting risks and the acceptable levels of risk &
review of identified risk and its mitigation plan and ensure the risk-based
approach at all levels
l) Ensure timely conduct of IMS/Management System specific internal audits
and management reviews
m) Appointment of HoDs and people from senior management team as IMS
representatives whose additional responsibility will be to establish,
implement and maintain IMS in accordance with various International
Standards requirements.
n) Ensures the implementation of Voice of Customer (VoC), customer
feedback process & address the customer issues
o) The top management and leadership team is committed to encourage and
release their team members for development of processes, taking
improvement initiatives in day to day activities, to conduct audits (which
bring forth gaps for improvement) and giving employees space and time to
develop and improve existing processes. TM has ensured PDCA approach is
engrained in each of the processes mapped in DCPs/SOPs.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 23 of 118
Eff.: 6th Feb, 2018
LEADERSHIP Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 5

5.4.1.2 Customer Focus


ISO 9001 (5.1.2), ISO14001 (5.1.2), OHSAS 18001:2007 (4.3.2), ISO 27001 (5.1)

SISCOL’s Top Management is committed to customer focus and ensures that all
the requirements of the customers & other interested parties are determined,
understood & consistently met with respect to Quality, EHS and Information
Security MS, including all the applicable legal & other requirements and these
requirements are fulfilled with the aim of enhancing their satisfaction. While
reviewing the requirements, the implied needs and expectations of the
customer and interested parties are also identified. The same are
communicated to the respective functions in the organization for ensuring their
compliance and to determine how these requirements apply to system

Marketing/Business Development/Sales/Proposal team at the time of bidding


identifies all the requirements related to the project/product/ services. These
requirements may relate to the following:
a) Scope of the work including technical parameters
b) Delivery requirements including logistics
c) Applicable statutory and legal requirements
d) Quality control and assurance related requirements
e) Installation and commissioning requirements
f) Procurement or supplier requirements
g) EHS related requirements
h) Information security related requirements
i) Performance, warranty and post warranty requirements
j) Risk & opportunities which may reflect the conformity of products &
services etc.

Operations/project management/execution team ensures that above identified


requirements are met while execution of the projects, and same is reviewed
during project review meets / department review meet etc. by Top
Management; team conducts VoC (at least once a year) and surveys to
determine the customer satisfaction level; develop action plans on the areas
that need improvement in order to focus on enhancing customer satisfaction.

5.4.2 Policy
ISO 9001 (5.2), ISO 14001 (5.2), OHSAS 18001 (4.2), ISO27001 (5.2)

5.4.2.1 Developing-Establishing the IMS Policy


ISO 9001 (5.2.1), ISO 14001 (5.2.1), OHSAS 18001 (4.2), ISO27001 (A.5)

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 24 of 118
Eff.: 6th Feb, 2018
LEADERSHIP Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 5

Chairman & MD of SISCOL has established, implemented & maintained the


Integrated Management System Policy (Chapter 3 of this manual), and ensures
that this Policy:
a) Is appropriate to the purpose, context, strategic goals of the organization,
nature & scale of OH & S risks, environmental impacts, information security
risks of the company and its activities, products or services
b) Provides the top management’s vision on Quality, EHS and ISMS for the
organization
c) Includes objectives or provides the framework for setting IMS objectives
d) Includes a commitment to comply with requirements and continually
improve the Effectiveness and performance of the Quality, Environment,
Health & Safety and Information Security Management Systems
e) Includes a commitment to prevention of pollution, prevention of injury and
ill health
f) Considers legal or statutory requirements related to product; EHS and
contractual security obligations
g) Provides commitment for designing products considering the Environmental
aspects
h) Provides a frame work for establishing and reviewing IMS objectives and
targets
i) Is periodically reviewed for continuing suitability and appropriateness to the
Organization during Management Review Meetings

5.4.2.2 Communicating the IMS Policy:


ISO 9001 (5.2.2), ISO 14001 (5.2.2), OHSAS 18001 (4.2), ISO27001 (A.5)

Top Management ensures that IMS Policy is made available as documented


information and communicated to concerns by following practices:
a) Is made available to the public & other interested parties
b) The IMS policy has been displayed at the strategic locations and being
shared/ communicated with all the stakeholders
c) Is communicated to all the persons working under the control of the
organization & understood at all levels of the company through
posters/intranet/awareness/training programmes/awareness campaigns

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 25 of 118
Eff.: 6th Feb, 2018
LEADERSHIP Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 5

5.4.3 Organizational roles, responsibilities & authorities


ISO 9001 (5.3), ISO 14001 (5.3), OHSAS 18001 (4.4.1), ISO27001 (5.3)

To execute various management systems effectively, Top Management


along with HR as defined roles, responsibilities, accountabilities and
authorities and same has been referred as documented information in the
respective DCP/ SOP and being communicated. The Organization chart of
SISCOL is depicted in Chapter 1 of this manual. The management of the
company has defined RASCI matrices of those personnel within the Quality,
Environmental, Health & Safety and IS Management Systems whose work
affects the Quality, Environment, Occupational Health & Safety and
Information Security. The ultimate responsibility for Quality & EHS rests
with Head-Quality, EHS & Training and for Information Security
responsibility lies with IT along with all the concerned HODs.

Concerned functionaries with management responsibility demonstrate their


commitment to the continual improvement, ensure conformity with
management system, reporting on the performance of IMS. The roles &
responsibilities and authorities of key personnel in relation to IMS have been
documented. These are readily available in the respective departments as
well with the HR. However specific RASCI are defined in the applicable
SOPs/DCPs which is prepared by respective departments under the
leadership of HoDs; the DCPs & SOPs covers the necessary risk &
opportunities for improvement.

The team for conducting internal audit are identified by Top Management
along with MR who conducts periodic audit of IMS and further the audit
observations are reviewed by top management in project / department /
management review meeting to ensure that conformity and integrity of the
IMS are maintained as planned. The issues related customer are prioritized
and tracked by top management for early resolution. If required necessary
changes are made in the system and communicated for implementation. A
review mechanism is put in place to have an effective management system
approach.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 6

PLANNING
IMS MANUAL Page 26 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6

6.1 PURPOSE
To describe the approach of organization to plan, implement the actions, to
address risk & opportunities and establishment of IMS objectives and planning
to achieve it. To define a system for planning and implement the changes in
IMS.

6.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1

6.3 OVERALL RESPONSIBILITY


Leadership Team
Concerned Head of the Departments (HODs)

6.4 SYSTEM DESCRIPTION


6.4.1 Actions to address risks & opportunities
ISO 9001 (6.1), ISO 14001 (6.1), OHSAS 18001 (4.3.1) & ISO 27001 (6.1, 6.1.1)

SISCOL’s Top management is committed to implement and promote a culture of risk


based thinking throughout the organization, to determine and address the risks and
opportunities associated with providing assurance that the IMS can achieve its
intended result(s); provide conforming products and services, enhance customer
satisfaction; promote desirable effects and continual improvement; and prevent, or
mitigate, undesired effects. The risk management information is also used making
strategic decisions and continual improvement.

SISCOL has identified the risk and opportunity pertaining to all the process and
mentioned as documented information in DCPs, which may be revised based on
necessary changes proposed or derived while executing the process.

The DCP of Operations/Project Management constitutes the detail plan and


approach to identify & address the risk. However, while identifying and addressing
the risks & opportunity, following approach (as applicable) is considered:

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 27 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6

 Identification of each potential risk


 Description of potential outcome of the risk
 Identification of potential cause(s) of risk outcome
 Rating the consequence or severity of the outcome
 Rating the likelihood of the cause occurring
 Rating the probability of early detection of the outcome
 Establishment of risk tolerance criteria
 Categorization of each risk into critical, high, medium or low based on
using a combination of severity, occurrence, detection ratings and other
relevant factors to establish an overall risk score to all risks listed
 Use the risk score to establish priority in addressing identified risks
 Identification and determination of the adequacy of any existing control to
address the identified risk
 Determination of appropriate controls to respond to each identified risk
(process control plans)
 Various tools such as cross-functional teams, flow charts, checklists, risk
analysis diagrams are used to brainstorm and facilitate risk identification,
analysis and evaluation

SISCOL has integrated the actions to address these risks and opportunities
into its IMS processes using the PDCA cycle (SISCOL-CP-02). Based on risks
identified, SISCOL is committed to address following:

 Avoiding the risk, where the only option is not to go forward with an
activity or to withdraw from it
 Taking risk, where risks have desirable potential consequences
 Altering risk, to optimize potential opportunities and minimize threats
 Transferring risk by measures including insurance, contractual
arrangements, partnerships and joint ventures
 Retain risk, where no worthwhile controls actions are feasible and the risk
is within the organization’s risk tolerance
 Removing the source of the risk by using alternate or new methods /
technologies

6.4.2 Environmental Assessment Impact (EAI) and HIRA


ISO 14001 (6.1.2, 6.1.4), OHSAS 18001 (4.3.1)

The planning is done for identification of environmental aspects, OH&S risks


and IS risks applicable to the company’s activities, products, projects or
services that can have significant impact on Environment or H&S or
Information Security performance

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 28 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6

Procedure for Hazard Identification and Risk Assessment (HIRA) &


Environment Aspect & Impact (EAI) has been developed by EHS and considers:
routine & non-routine activities including activities of all personnel having
access to the work place, facilities at the work place (whether provided by
the company or others), human behaviour, capabilities, infrastructure,
equipment and material at work place, changes or proposed changes in the
organization, its activities or materials, modifications in OHSMS including
temporary changes and their impacts on operation, processes and activities
and the design of work areas, processes, installations, machinery,
equipment’s and operating procedures

Suitably EAI, OH&S and IS risk assessment is carried out for implementation of
necessary control measures. The results of these assessments identified
significant impacts & risks and controls are considered in setting its IMS
objectives. The information on the assessments is documented and kept
updated through on-going processes of impact/risk assessment.

The company’s methodology for identification of hazard & environmental


aspects:
 Is defined with respect to its scope, nature and timing to ensure it is
pro-active rather than reactive
 Risk assessment methodology is commensurate with OH&S hazards
Environment aspects, business information security and applicable
legal & statutory requirements.
 Criteria for accepting the risks and acceptable level of the risk has
been established in the SOPs
 Provides for classification of risks and identification of those that are
to be eliminated or controlled based on significance
 Is consistent with operating experience & the capabilities of risk
control measures employed
 Provides input in determining facility requirements, identification of
training needs and /or development of operational controls.

6.4.3 Legal and other requirements


ISO 14001 (6.1.3), OHSAS 18001 (4.3.2)

All the applicable legal and other requirements related to EHS have been
identified at relevant areas by Head EHS. Legal register has been prepared by
Head EHS based on these identified requirements. Legal register is a
comprehensive document containing brief description of the requirements

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 29 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6

SISCOL subscribes, required parameters, current status, responsibility and


compliance evaluation frequency and outputs.

6.4.4 Information security risk assessment:


ISO 27001 (6.1.2/8.2)

 Establish the risk acceptance criteria


 Identify the risks associated with the loss of confidentiality, integrity
and availability for information and assets within the scope of the
ISMS and the owner of these assets
 Identify the risk owner
 Describe the threats of an asset & determine its values
 Describe the vulnerability for each threats of an asset and determine
its values
 Arriving the impact value based on the Impact Analysis Matrix
 Determine the likelihood of occurrence for each threats
 Evaluating the risk value
 Developing and establishing the appropriate risk control
 Verifying the controls
 Evaluating the residual risk level

When determining controls after risk assessment, consideration is given to


reducing the risks according to the following hierarchy:
 Risk Elimination
 Risk Substitution
 Engineering Control
 Administrative control
 PPE (for EHSMS)

6.4.5 Information security risk treatment:


ISO 27001 (6.1.3/8.3)
 The control objective and controls are mentioned in Annex-A of ISO
27001
 Appropriate control objectives and controls shall be selected from
Annex-A of ISO 27001 and implemented to meet the requirements
identified by the risk assessment. This selection shall take account of
the criteria for accepting risks as well as legal, regulatory and
contractual requirements.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 30 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6

 Selected controls shall reduce the risk value. This may be in terms of:
o Increasing the security
o Stricter controls
o Transferring the risk
o Procurement of new hardware/software
o Or any other appropriate mechanism
 Obtain risk owner’s approval for risk treatment plan before
implementation
 Statement of applicability (SoA) has been prepared which includes the
following:
o Control objectives and control selected
o The control objective and controls currently implemented
o The exclusion of any control objectives and control and
appropriate justification for their exclusion

6.4.6 Quality, Environment, Health & Safety and Information Security


Objectives and Planning to achieve them:
ISO 9001(6.2), ISO 14001 (6.2), OHSAS 18001 (4.3.3), ISO 27001 (6.2)

Top management ensures that IMS objectives and targets, including those
needed to meet requirements for SISCOL business requirements (Products,
Projects, Services and Solutions) are established at relevant functions, levels &
process within the organization.

In the beginning of every financial year, a workshop/ brainstorming session is


being organized to identify the Thrust Areas, based on the market evolution,
organizational focus, SISCOL priorities, competitor analysis, organization’s
strategic goals etc.; while customer satisfaction remains the core in all of these.
Subsequently, based on these thrust areas, SISCOL’s Objectives are identified
and communicated to stakeholders by HODs.

While establishing & reviewing these objectives, the organization considers its
legal & other requirements, its significant environmental aspects, its OH&S risks,
its technological options, its financial, operational & business requirements,
information security risks, and the views of interested parties. The objectives
are measurable consistent with IMS policy, including the commitment to
continual improvement and prevention of hazards/risks & pollution.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 31 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6

All functions identify their own measurable objectives based on SISCOL’s


Objectives. The objectives are set and monitored for their achievement
periodically. Review of the quality objectives is part of our management review
meeting (MRM) process.

After the review the quality objectives are updated as appropriate. The
progress on the achievement of these objectives is monitored at MRM/DRM/PRM
etc and if required same is updated as appropriate.

Based on the project/organizational needs, EHS programmes are developed


which include specific responsibilities/authorities, resources and the milestones
with defined time frames. These programmes are reviewed at appropriate level
in safety committee, monthly meetings, management review meetings etc.
Where necessary, the management programmes are amended to address
changes to the activities, products, services, operating conditions or new
developments/new or modified activities including project management.

When planning how to achieve the IMS objectives, the Top Management has put
in place a system for defining, implementing, reviewing the objectives at
various levels in the organization; in which what will be done; resources
needed; who will be responsible; when it will be completed; how the results
will be evaluated gets encapsulated.

6.3.1 Planning of changes


ISO 9001 (6.3), ISO 14001 (6.3), OHSAS 18001 (4.3.3)

The continuity and effectiveness of IMS is maintained substantially in the event


of significant changes in the IMS generated due to customer feedback, customer
complaint, product failure, employee feedback, innovation, determined risk,
determined opportunity, internal audit results, management review results,
identified nonconformity etc. These changes are carefully planned so as not to
disrupt ongoing capability and responsibility to effectively meet customer and
regulatory requirement. In such instances, following points are considered:

 Careful planning of the nature and timeline for the changes


 Determining the impact or outcome of such changes
 Ensuring adequate resources are available to implement the change
 Top management authorization
 Change deployment and follow-up
 Allocation/re-allocation of RASCI

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 32 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6

 Review of the IMS by top management after changes are effected

SISCOL follows well defined steps to implement changes which include following
in brief:

 Defining the specifics of what is to be changed


 Planned (tasks, timeline, responsibilities, authorities, budget, resources,
needed information, others)
 Engagement of other people as appropriate in the change process
 Development of communication plan (appropriate people within the
organization, customers, suppliers, interested parties, etc. may need to be
informed)
 Using a cross functional team review the plan to provide feedback related to
the plan and associated risks
 Training of people
 Measurement of the effectiveness

Prior to making a change, the review committee considers unintended


consequences. After making the change the Top Management monitor the
change to determine its effectiveness and to identify any additional problems
that might be created. The integrity of the IMS is maintained by MR, when
changes to the management systems are planned and implemented. As and
when, any change in any documentation is envisaged, the other concerned
documents are also modified as per procedure for Documented Information.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 7

SUPPORT
IMS MANUAL Page 33 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

7.1 PURPOSE
To describe the Leadership involvement, accountability, commitment &
support for ensuring resources for establishing, implementing, sustaining,
awareness & continually improving the Quality, Environment, OH&S and
Information Security Management Systems.

7.2 SCOPE
Applicable to the implemented Quality, Environment, Occupational Health &
Safety and Information Security Management Systems covering various
activities as per scope given in Chapter 1 of this document.

7.3 OVERALL RESPONSIBILITY


Top Management
Leadership Team
MR
Concerned Head of the Departments (HODs)

7.4 RESOURCES
ISO 9001 (7.1), ISO 14001 (7.1), OHSAS 18001 (4.1) & ISO 27001 (7.1)

7.4.1 General, People


ISO 9001 (7.1.1, 7.1.2), ISO 14001 (7.1), OHSAS 18001 (4.4.1), ISO 27001(7.1)

At SISCOL, top management ensures the availability of resources essential to


establish, implement, operate, monitor, review, maintain and continually
improve the Integrated Management Systems. Requirements of resources,
essential for the implementation, control and improvement of the IMS are
determined by various HODs and after approval from competent authority,
provision is made in the budget. The provision includes: human resources
people & specialized skills, software, hardware, technology, financial resources,
infrastructure and environment for the operation of process.

SISCOL has a mechanism that evaluates/determines the


capabilities/competencies/constraints of the internal resources and external
providers, on regular intervals at Corporate, Project, Department levels; which
will be considered while reviewing the resources for the implementation of IMS.

At the time of selection, the concerned HOD ensures that the employee’s
competence level is mapped with the competency criteria defined by the

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 34 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

organization on the basis of educational qualifications, relevant experience,


training, skills & professional qualifications. It is also ensured that any person
performing work that have potential to cause a significant environmental
impact or H&S risks or quality deviation or IS related risks are competent. As
part of continual business improvement, as and when there are any changes in
organizational processes, the competency requirements are also reviewed by
HODs along with HR and efforts are made to provide the competent personnel
for effective execution of these jobs.

Competency Matrices of the personnel in SISCOL gets mapped, being driven by


HR and implemented by HoDs at individual levels; which brings out the gaps
and competencies/expertise for their deployment (in projects/business
activities etc.) for the effective implementation of IMS and for the operation
and control of the processes.

7.4.2 Infrastructure
ISO 9001 (7.1.3), ISO 14001 (7.1), OHSAS 18001 (4.4.1)

As a part of resource management process and to achieve conformity of


products and services, the requirements for infrastructure related to office and
project sites are determined & maintained by the Head-Operations and Head-
Field Services along with Industrial Infrastructure team, with the approval of
CMD. The infrastructure covers following:
a) Building and work space (office as well as project sites)
b) Utilities such as, electricity, water, fuel gases, power backup etc. at
office & sites
c) Process equipment’s required at the manufacturing & project sites
d) Service, Logistics, Maintenance, Safety, Security, Transport, Information
& Technology (IT), Communication resources required at site and offices

7.4.3 Environment for the operation of processes


ISO 9001 (7.1.4), ISO 14001 (7.1), OHSAS 18001 (4.4.1)

The requirements for maintaining the environment for the operation of process
needed to ensure the conformity of the product & services throughout the
realization & subsequent processes; are determined as part of resource
management process. The environment for operation is maintained in
accordance with process or project requirements/specifications. It ensures that
the safe, hygienic, ergonomically (worker movement, fatigue, manual effort
and loads, etc.), workplace location, heat, light, humidity, airflow, noise,
vibration, hygiene, cleanliness, pollution, adequate facilities (lockers,
lunchroom, cafeteria, washrooms etc.); health and safety regulations;

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 35 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

cleanliness of premises and environment friendly working conditions are


provided at the office, manufacturing and project sites.

As and when required SISCOL conducts survey to access the satisfaction level of
employees as evidence for social & psychological status and data for further
continual improvement of the people. SISCOL has a team for devising &
implementing numerous Employee Engagement initiatives thru’ Business
Managers across the organization that ensures the upkeep of employee’s morale,
human and physical factors; that creates the conducive environment for the
effective operations. Additionally, behavioural training programs are devised by
HR/Head-QHSE & Training related to emotional, de-stressing to have a calm and
composed mind-set to implement IMS.

7.4.4 Monitoring & measuring resources

7.4.4.1 General
ISO 9001 (7.1.5.1), ISO 14001 (7.1), OHSAS 18001 (4.4.1) & ISO 27001 (7.1)

SISCOL determines the resources needed for valid and reliable monitoring and
measuring results (where monitoring or measuring is used for evidence of
conformity of product & services to specified requirements), and ensures that
the resources provided are:
a) Suitable for type of monitoring and measurement activities being undertaken;
b) Maintained to ensure continued fitness for their purpose, while conducting
regular audits & checks. The calibration status of all the monitoring &
measuring resources are mapped electronically to ensure compliance to the
requirements. SISCOL retains appropriate documented information as evidence
of continuing fitness for purpose of monitoring and measurement activities,
where measurement traceability is:

a) Statutory or regulatory requirement, or


b) Customer or relevant interested party expectation; or
c) Considered by the organization to be an essential part of providing
confidence in the validity of measurement results; as a minimum

7.4.4.2 Measurement traceability


ISO 9001 (7.1.5.2), ISO 14001 (7.1), OHSAS 18001 (4.4.1) & ISO 27001 (7.1)

Appropriate system has been developed to ensure that all the measuring
devices/gauges/templates being used at shop floor and the project sites
including the measuring devices under the control of sub-contractors are
calibrated during their use. For all the outsourced items, during selection &
evaluation of the supplier it is ensured that their monitoring & measuring

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 36 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

devices are calibrated with traceability to National/International standards.


Additionally, the monitoring & measuring devices used for measuring and
monitoring the safety/environmental parameter are also covered under
calibration control system.

The measuring equipment is identified based on the controls over Product &
Services and process characteristics. It is ensured that the supplier or sub-
supplier/contractor has prepared the master list of measuring instruments
incorporating the instrument details, frequency of calibration, permissible error
etc. It is ensured that the measuring devices are:
a) Calibrated or verified at specified intervals or prior to use, against
measurement standards traceable to international or national
measurement standards. Where no such standards exist, the basis used
for calibration or verification is kept as documented information.
Traceability of calibration to national/international standards is
subsequently ascertained. In case there is no national/ international
measurements standards exist, the basis of calibration is defined in the
respective calibration procedure.
b) Adjusted or re-adjusted if found to be out of calibration, as necessary
c) Identified to enable calibration status through status stickers or
calibration documented information
d) Safeguarded from adjustments, as applicable, that would invalidate
the measurement result
e) Protected from damage and deterioration during handling,
maintenance
f) Storage by imparting training to the users of such devices
g) All the software being used for designing or other purposes are being
validated before their use through some alternate mechanism and
documented information of the same is maintained.

7.4.5 Organizational Knowledge


ISO 9001 (7.1.6)

SISCOL’s top management is committed to determine the knowledge necessary


for the operation of its processes and to achieve conformity of products and
services. Under the Knowledge Management System (KMS), SISCOL TM has
deployed Knowledge Management Policy make SISCOL a knowledge driven
organization. Standard documented information has been made to effect for
implementation of SISCOL’s Knowledge Management Policy.

Electronic/Server platform is the pivot of Knowledge Management System and


repository of all the shared learning and the other documents listed in standard
documented information. This platform serves as a single point interface for

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 37 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

dissemination of all knowledge management documents. This platform also


captures Lessons Learnt, Structured Knowledge, Good/Bad Practices, Ideas etc.,
which have been made accessible to all employees to capture, integrate,
preserve, secure and share latest developments on SISCOL’s quest to build the
knowledge base.

Knowledge Management System at SISCOL is envisaged to be a consolidated,


comprehensive and robust system comprising database of all project learning
which are attained during any point of project life cycle and captured in the KM
platform. The database is readily accessible to all stakeholders in SISCOL. The
objective of KM platform is to ensure that the experiential knowledge acquired
during execution/ operations is captured, shared and then effectively utilized in
other/new projects further to improve systems and processes of SISICOL.
Additionally, knowledge sharing sessions are organized in time-bound
manner/regularly to share amongst team members (incl. from other
projects/new projects) to take cue and implement. HoDs have processes to
manage the organizational knowledge, with the association of Business
Managers and HR. External Trainings are also arranged to keep SISCOL updated
on the latest trends in the industry. SISCOL personnel also attends various
conferences, meetings, assessments to gather the knowledge from customers &
external providers.

7.4.6 Competence
ISO 9001 (7.2), ISO 14001 (7.2), OHSAS 18001 (4.4.2) & ISO 27001 (7.2)

Depending upon the job requirements and the available competence among the
employees, the gaps in the existing competence are identified by the HODs
during objective setting (SISCOL-CP-08) and performance appraisal processes.
In order to fill up these gaps, actions such as providing training or any other
actions are initiated by Head-QHSE & Training. The various training
requirements are identified by the HODs through the performance reviews, job
analysis, objective settings and annual appraisal system. Training needs are
identified by the employees themselves or by the departmental heads or
through any other feedback mechanism.

Based on the identified training needs, training planning is done by


Training/HR/HoD and training is imparted as per the training calendar released.
In some cases, unplanned training programmes are also conducted as per the
business needs. Through the procedure on competence, awareness & training
(SISCOL-CP-06), the company ensures that:
a) Necessary competence levels for personnel performing work affecting the
Product & Services/ project/system quality, environment, OH&S and IS
are determined

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 38 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

b) Training or other actions are taken to satisfy these needs


c) Effectiveness of the actions taken are evaluated
d) All personnel are aware of the relevance and importance of their
activities and how they contribute to the achievement of the Quality,
Environmental, H&S and IS objectives
e) Appropriate documented information of education, training, skills and
experience are maintained
f) Roles, responsibilities and abilities in achieving conformity to policy,
procedures, objectives, targets, control of risk/impacts including the
emergency preparedness and response are well defined

7.5 AWARENESS
ISO9001 (7.3), ISO14001 (7.3), OHSAS 18001 (4.4.2), ISO27001 (7.3)

Employees are made aware of benefits from improved quality, environment,


occupational, health and safety, information security performance for the
interested parties and the organization. SISCOL ensures that persons doing work
under the organization’s control are aware & made aware of:
a) the corporate / IMS policy
b) relevant IMS objectives
c) their contribution to the effectiveness of the IMS, including the benefits
of improved performance
d) the implications of not conforming with the IMS requirements in
numerous avenues such as:
i. while conducting the induction to IMS
ii. HoDs ensure the IMS requirements are communicated
iii. Promotional events further deep-root the awareness amongst
persons under SISCOL’s IMS control

7.6 COMMUNICATION
ISO 9001 (7.4), ISO 14001 (7.4), OHSAS 18001 (4.4.3) & ISO27001 (7.4)

SISCOL ensures that appropriate communication processes are established


within & outside the organization and communication takes place regarding the
effectiveness of the IMS. The specific communication channels (email,
newsletters, announcements, CMD address etc.) established for dissemination of
pertinent information on Quality, Environmental aspects, Occupational, Health
& Safety risks, IS risks and other information needed as per various management
systems.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 39 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

The communication modes include departmental level formal or informal


meetings, top management level review meetings, circulars or memos,
displays on notice, IMS policy boards, e-mail, intercom, intranet, magazines,
personal contacts, reports etc. The communication from top to bottom and
vice versa is ensured for effectiveness of the implemented integrated
management system. Appropriate procedure has been established to
communicate supplier about any requirement related to quality, environment,
health & safety and IS. To ensure Health & Safety of visitors visiting
offices/manufacturing premises/project sites, procedure has been implemented
at appropriate locations. For any external communication (incl. media etc.)
protocol is already in place within organization and project level that what, who,
when, how, with whom communication is to be made.

7.7 DOCUMENTED INFORMATION


ISO 9001 (7.5), ISO 14001 (7.5), OHSAS 18001 (4.4) & ISO27001 (7.5)

7.7.1 General
ISO 9001 (7.5.1), ISO14001 (7.5.1), OHSAS 18001 (4.4.4), ISO 27001 (7.5.1)

SISCOL has the following documented information structure that caters to the
requirements of QMS, EMS, OHSMS and ISMS along with any additional
documented information determined by the organization as being necessary for
the effectiveness of IMS.

IMS
Manual
(Level-1)

Department Control
Procedures - DCPs
(Level - 2)

SOPs, WIs, OCPs, Checklists,


Formats (Level-3)

3-tier documented information structure in SISCOL

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 40 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

Integrated Management System documentation includes:


a) IMS Policy, Objectives and Deployment Programmes.
b) IMS Manual
c) Department’s Procedures
d) Work Instructions, Quality Plans, OCPs, KPIs, MSDS, Directives, Forms &
Guidelines, Control Objectives, Risk identification, Aspect & impact
register analysis and mitigation plans, on site emergency Preparedness
plan, Statement of Applicability etc.
e) Common procedures and Standard Operating Procedures (SOP) applicable
throughout the organization are referred in the Manual
f) Documented information required demonstrating the evidence of
operation and control of processes and as per requirements of these
standards

The IMS manual describes the core elements of Management Systems & their
interaction and provides directions to the execution of various processes. The
manual includes:
a) Scope and exclusions including justifications for the same
b) Reference to documented common procedures established for the Quality,
Environment, Health & Safety and Information Security Management
Systems, including the interaction between the processes (Department
Processes as per Annexure A and Common Processes as per Annexure-B
and overall flow chart as per Chapter - 1)

7.7.2 Creating & Updating


ISO 9001 (7.5.2), ISO 14001(7.5.2), OHSAS 18001 (4.4.4/4.4.5), ISO27001 (7.5.2)

SISCOL ensures the following practices while creating and updating documented
information:

a) Identification: documented information have titles, document numbers,


which indicates their identity and are unique to
Department/Project/Customer/Function. Common documents are made
by the central teams with proper identification/document numbers.
Document Number system are in place to ensure the identification and
description
b) Format: An appropriate format is created to the purpose of usability and
accessibility of users, the language used is in general is English, various
software’s used are compatible to each other, the size and scale of the
document to be printed are generally mentioned on the documents
specifically for drawings.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 41 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7

c) SISCOL has a system to identify that which document shall be under


approval or information category, the documents under approval
category has multi-tier level of approval and same is done by competent
authority either by email, initials, electronic signatures, MoM etc. Review
and approval does have suitability, adequacy, traceability and security.

7.7.3 Control of Documented information


ISO 9001 (7.5.3), ISO 14001(7.5.3), OHSAS 18001 (4.4.5), ISO27001 (7.5.3)

Documented information required as per Integrated Management system has


been controlled by means of documented information (SISCOL-CP-01) which
ensures:
a) Approval of documents by the designated authorities
b) Review and updating as necessary and re-approval
c) The identification of nature of changes, control and revision status
d) Distribution, access, retrieval and use
e) Availability of relevant latest versions at points of use/issue with
adequate protection as and when needed for that documented information
f) Legibility, traceability and readily identifiable
g) Identification of external origin documents and their distribution control
h) Documented information retained as evidence of conformity shall be
protected from unintended alterations (loss of confidentiality, improper use,
or loss of integrity)
i) Prevention of unintended use of obsolete documents and their storage/
preservation for future reference/use including legal obligations, if any
j) Transfer, storage and disposition of the documents in accordance with
the applicable procedure, as per the classification of documents

All the process owners ensure that the documented information remain legible,
retrievable, readily identifiable & traceable to activities involved during the
complete life cycle of the manufacturing and project execution. The master list
of documented information indicating the retention period is maintained by the
concerned process owner. Relevant documented information is maintained for
all the Health, Safety and information security incidents. During the project
closing cycle, all the important documents are archived by the PMG on the
electronic format so that same can be referred if required in the future. If
contractually required, the documented information is made available to the
interested parties. Access matrices of the location of placement of documented
information (in server, portal etc.) are defined and reviewed on periodic
intervals along with IT team; and cross verified during audits for ensuring the
effective implementation of IMS requirements.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 8

OPERATIONS
IMS MANUAL Page 42 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

8.1 PURPOSE
To describe the Leadership involvement, accountability & commitment in
planning & controlling end-to-end value chain (including design) for
establishing, implementing, sustaining, awareness & continually improving the
Quality, Environment, H&S and Information Security Management Systems.

8.2 SCOPE
Applicable to the implemented Quality, Environment, Occupational, Health &
Safety and Information Security Management Systems covering various
activities as per scope given in Chapter 1 of this document.

8.3 OVERALL RESPONSIBILITY


Top Management
Leadership Team
MR
Concerned Head of the Departments (HODs)

8.4 SYSTEM DESCRIPTION

8.4.1 Organizational Operational Planning & control


ISO 9001 (8.1), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

8.4.2 Planning of Product Realization


ISO 9001 (8.1), ISO 14001 (4.4.6), OHSAS 18001 (4.4.6), ISO 27001 (8.1)

SISCOL has put in place multi-disciplinary approach for planning the


project/product/service realization. The Process Flow Charts/DCPs/SOPs/
WIs/Formats have been prepared by the concerned process owners along with
the control points and their acceptance criteria at the relevant points of usage.
These documents also identify such characteristics/indicators for products and
services which need to be constantly monitored to meet the specified objectives.
These documents are developed at the system, projects and products levels
during the different phases of manufacturing and project execution.

Based on the contractual requirements, critical to quality (CTQ) aspects and


inputs are identified by design & engineering and subsequently these inputs are
taken into consideration while developing various QA/QC requirements.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 43 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

Product, process and projects’ regulatory requirements are also identified by the
concerned process owners and given due consideration during the development
and preparation of relevant process control documents. Resources,
infrastructure, work environment and competency of required personnel are
identified by the concerned HODs along with HR.

8.4.2.1 The following functions in SISCOL shall collaborate during process, product
and project realization:
a) Business Strategy
b) Business Development & Marketing
c) Sales
d) Contracts
e) Operations
f) Vendor Development & Procurement
g) Production
h) Logistics & Delivery
i) Industrial Infrastructure
j) Design & Engineering
k) Field Services
l) Corporate Relations
m) Key Account Management
n) Project Planning & Monitoring, Execution and Control
o) Stores (Incoming and Final product)
p) Plant Maintenance
q) Quality Assurance
r) Environment Health & Safety
s) Training
t) Information Technology
u) Human Resource & Administration
v) Finance & Accounts

8.4.2.2 Following are considered, as appropriate, at the time of development,


updating/modification for improvement in the existing process by process
owners in due consultation with concerned team head:
a) Identified quality objectives and requirements for the product
b) The need to establish processes, documents, and provide resources
specific to meet the requirements of the product
c) Required verification, validation, monitoring, inspection and test
activities specific to the products processed at relevant stages of
processes and the criteria for the product acceptance
d) Records needed to provide objective evidence that the realization
processes and resulting products fulfil requirements

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 44 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

The output of this planning in the form of quality plan, process monitoring
instructions, material arrangements, inspection arrangements, review and
validation of processes are made and provided at the relevant stages of
processing for its implementation.

8.4.2.3 EMS, OHSMS and ISMS Planning

Head EHS maintains the inventory of all the applicable environmental aspects
and Health & Safety risks, while list of information security related risks is
maintained by Head-IT. A procedure has been established to identify and
evaluate the environmental aspect/health & safety risks and IS risks. Based on
the significance of these aspects/risks, control measures have been identified
and being implemented throughout the organization. It has been ensured that
these significant aspects, Health & Safety risks and IS risks are considered while
developing IMS at SISCOL.

SISCOL has established and maintains a procedure to identify and have access to
legal and other requirements to which SISCOL subscribes to.

To fulfil the commitments established in IMS Policy and achieve other


organizational goals, IMS objectives, targets and programmes are established by
the concerned HODs at the beginning of the year based on SISCOL annual
objectives/thrust areas.

The organization controls planned changes and reviews the consequences of


unintended changes, takes action to mitigate any adverse effects, thru’ the
implementation of the common process: Risk and Opportunity Identification,
Assessment, Implementation and Reviewing effectiveness (SISCOL-CP-02) as
necessary. Teams during the execution phase also identifies, reviews, monitors,
mitigates the risks/changes in planned intervals.

Whenever there is any outsourced process that affects product conformity to the
requirements, adequate controls are exercised by the relevant functions. The
type and extent of control on such outsourced processes depends upon criticality
of the characteristics or extent of control exercised by the supplier. All the
statutory and regulatory requirements of the product/project work being
outsourced are discussed with the supplier and their compliance is ensured
through periodic inspections and audits.

All those activities of supplier or contractors which can be significant with


respect to our environment, health and safety systems are identified by Head
EHS, during environmental aspect and risk identification and are well addressed
in the purchase order or purchase contract. Regular monitoring of supplier’s

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 45 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

activities is done to ensure compliance to these requirements by QA, EHS,


Operations/PMG and SCM/Procurement.

8.5 REQUIREMENTS FOR PRODUCTS & SERVICES


ISO 9001 (8.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6)

8.5.1 Customer Communication


ISO 9001 (8.2.1), ISO 14001 (8.1/7.4), OHSAS 18001 (4.4.3)

Before award of the project, Business Development/Marketing/Sales department


are responsible for establishing any communication with the customers or
responding to the queries from customers. After award of the work, Head-
Operations/Design & Engineering/Project Management Group or as nominated by
CMD will be responsible for all the communications on the behalf of SISCOL.

The product/ project information is communicated through various means like


brochures, catalogues, website, in-house magazines etc. Customer feedback
including customer complaints are reviewed and analysed for root cause of the
problems by the respective HoDs. The decisions are taken for corrective and
preventive actions including further improvements in the products, processes
and services. Needful communications with regard to handling and/or controlling
customer properties are taken care at pre-order and post-order stages.

Whenever required, Head- Business Development/ Marketing/ Sales/ Operations/


Design & Engineering/Project Management Group or as nominated by CMD will
communicate customer the specific requirement for contingency.

8.5.2 Determination of Requirement Related to the Product, Project and


Services
ISO 9001 (8.2.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6)

Head Business Development & Marketing identifies the customer requirements


before submitting the bid. It is ensured that financial viability, technical viability
and risk assessment is completed before submission of the bid/offerings. All the
customer’s requirements are considered including supplies, installation and
commissioning, project management, transportation & logistics, quality, health
& safety, contracts management, site management, handing over,
legal/statutory & regulatory clearances, trainings, warranty, insurance etc. as
per the scope of the project or services.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 46 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

SISCOL has established various processes at appropriate levels to determine:


a) Requirements specified by the customer, including the requirements for
environment, EHS, delivery and post-delivery activities
b) Requirements not stated by the customer but necessary for the
application of product.
c) Statutory and regulatory requirements related to the product, processes &
systems for environmental / OH & S performance, and
d) Implied needs and expectation or any additional requirements required by
the organization
e) Contract or order requirements differing from those previously expressed

8.5.3 Review of requirements related to the Product & Services


ISO 9001 (8.2.3), ISO 14001 (8.1), OHSAS 18001 (4.4.6)

Nominated Business Development & Marketing team along with other


stakeholders like strategy, engineering, operations, manufacturing, quality,
project management, EHS, insurance etc, review the requirements related to
the product, project and services. This review is conducted prior to submission
of the bid documents, to ensure that customer requirements including their
product specifications, delivery schedules, packing, logistics, commissioning,
installation and post commissioning requirements are clearly defined. Any
specific environmental, H&S & IS performance required during project execution
is also appropriately reviewed. Where the customer provides no documented
requirements, the customer requirements are agreed with suitable division of
responsibilities etc. Whenever it is felt that if some client requirements are not
met the same is communicated to the client through deviation statement and
concurrence obtained for the same.

8.5.4 Changes to requirements for products and services


ISO 9001 (8.2.4), ISO 14001(8.1), OHSAS 18001 (4.4.6)

During finalization of the contract, Head - Business Development & Marketing/


Sales ensures that there are no differences in the bid documents vis-à-vis
contract documents. In case any deviation is found the same is recorded and
resolved with the client. Records of contract review and actions arising from the
review are maintained by Head - Business Development & Marketing. These
requirements are communicated to the Operations/Design & Engineering/Project
Management or suitable function for compliance, planning and execution of the
subsequent product/service realization processes.

As and when any amendment to product/project requirements are received from


the customers, the responsible project/operations team ensures that the same
are reviewed for their ability to supply and the relevant documents are amended

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 47 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

accordingly. These modified documents are conveyed to relevant functions by


the process owner for making all stakeholders aware of the changed
requirements for immediate compliance.
8.6 DESIGN & DEVELOPMENT OF PRODUCTS & SERVICES
ISO 9001 (8.3), ISO 14001 (8.1), OHSAS 18001 (4.4) & ISO 27001 (8.1)

8.6.1 General
ISO 9001 (8.3.1), ISO 14001 (8.1), OHSAS 18001 (4.1/4.4) & ISO 27001 (8.1)

SISCOL has established, implemented and maintains a design and development


process that is appropriate to ensure provision of products and services.

8.6.2 Design and development planning


ISO 9001 (8.3.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

Planning for all the activities under the ambit of design & engineering is being
done by Head-Design & Engineering. During D&D planning, the Head-Design &
Engineering and nominated personnel from a specific project determine:
a) the nature, duration and complexity of the design and development
activities based on the scope and technical specifications vis-à-vis
organization’s capabilities
b) Design and development stages, considering all the interfaces
c) The controls (review, verification and validation) that are appropriate
to each D&D stage
d) Responsibilities and authorities for design & development being spelt
in DCPs and other associated documents
e) the internal and external agencies that have to be involved for the
design and development of products and services
f) The level of control expected for the D&D process by customers and
other relevant interested parties on a continuous basis and ensure the
effective planning to manage it.

All the interfaces between various stakeholders involved in D&D process are
managed adequately by the concerned Director - Operations or Project /
Nominated Personnel, to ensure effective communication and clear assignment
of responsibilities. As the D&D progresses, the planning outputs are updated, as
appropriate.

SISCOL has a structured approach to ensure the necessary documents are


incorporated to demonstrate that D&D requirements have been met:
a) Periodic review with suppliers/vendors/contractors/service providers

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 48 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

b) Periodic review and/or meetings with customers/customers


representatives/statutory bodies
c) Internal reviews and internal audits to verify the incorporation of the
documented information
8.6.3 Design & Development Inputs
ISO 9001 (8.3.3), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

Before undertaking any D&D activity, all the design inputs are identified by the
Head-Design & Engineering. These inputs may include:
a) Customers’ needs
b) Applicable statutory and regulatory requirements
c) Policies and objectives of the organization
d) Timeline for deliverables
e) Standards or codes of practice
f) Functional and performance requirements of the product
g) Information derived from previous designs, if applicable
h) Testing and acceptance requirements
i) Potential consequences of failure based on the review-sharing of
earlier/similar project data, holding knowledge sharing initiatives,
having numerous test scenarios being simulated/reviewed by CFT

These inputs are reviewed for their adequacy by the Head-Design & Engineering
and any incomplete or conflicting requirements are resolved. Records of design
inputs are maintained by Head-Design & Engineering.

8.6.4 Design and development controls


ISO 9001 (8.3.4), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

SISCOL applies necessary controls (reviewing/verifying/validating) to the design


and development processes.

8.6.4.1 Design & Development Review


To assess the ability of the results of D&D process to meet the product/project
requirements, systematic review of various design activities including the
interfaces is done as per the design review plan by the Head-Design &
Engineering along with internal associated stakeholders. Cross functional team
for the review of D&D is nominated at the planning stage.

D&D reviews are carried out in a systematic manner, in accordance with the
planned arrangements:
a) To evaluate the ability of the results of design & development to meet
requirements
b) And to identify any problems and propose necessary actions

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 49 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

Records of the results of the reviews and any necessary actions are maintained.

8.6.4.2 Design & Development Verification


D&D verification is done by Head-Design & Engineering along with the nominated
operations/project team as per the D&D planning to ensure that outputs are
meeting the design inputs. Records of the results of design verifications are
maintained. It is ensured that all the deviations found during D&D verifications
are resolved before progressing to the next stage of D&D.

8.6.4.3 Design & Development Validation


D&D validation is done as per D&D planning to ensure that resulting product is
capable of meeting the requirements for the specified application or intended
use. Wherever practicable, validation shall be completed prior to the delivery or
implementation of the product. Validation of the product may be done in
presence of the customer or at customer’s premises as per the contractual
requirements. Records of D&D validation are maintained appropriately.

8.6.5 Design& Development Outputs


ISO 9001 (8.3.5), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

The D&D outputs are documented and provided in suitable form (Drawings/
Technical Specifications/Calculations/Prototype/BOM/Data Sheets etc.) enabling
verification against D&D inputs. The design outputs are verified, reviewed and
approved before release by Design & Engineering. D&D outputs shall:
a) Meet the D&D input requirements
b) Provide appropriate information for purchasing, production, operations,
manufacturing, erection, commissioning, testing and acceptance of the
product/services along with adequacy for the subsequent processes
c) Contain or reference monitoring and measuring requirements and
product acceptance criteria
d) Specify the characteristics of the product/services which are essential
for its safe and proper use

8.6.6 Design & Development Changes


ISO 9001 (8.3.6), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

SISCOL has established procedures to identify D&D changes at all the stages of
D&D. On identification of any change or request for any change in design, the
same is reviewed, verified and approved before implementation by the CFT.
During review of D&D changes, all the stake holders are taken into consideration

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 50 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

including all the interfaces likely to be affected by the change including the
parts already delivered.

SISCOL shall retain the following documented information:


a) Design and development changes
b) The results of reviews
c) The authorization of the changes
d) The actions taken to prevent adverse impacts

8.7 CONTROL OF EXTERNALLY PROVIDED PROCESSES,


PRODUCTS & SERVICES
ISO 9001 (8.4), ISO 14001 (8.1), OHSAS 18001 (4.4) & ISO 27001 (8.1)

8.7.1 General and Type & Extent of Control


ISO 9001 (8.4.1, 8.4.2), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

In SISCOL, procurement activities are managed through a dedicated function:


Procurement, equipped with specialist team of buyers for various equipment’s.
Stringent supplier selection and evaluation criteria have been established to
ensure that the output product/services delivered by the suppliers meet the
customer requirements. Prior to selection of the supplier, SISCOL team
comprising Procurement/Vendor Development, Quality and
Engineering/CFT/Expert may visit the supplier and completes the assessment
based on pre-defined checklist and supplier selection procedure.

The type and extent of control applied to these suppliers and the purchased
product depends upon the criticality of the purchased product/services on
subsequent product/service realization or the final product including packaging
of material.

Potential suppliers are being assessed by Procurement/Vendor Development and


selection of suppliers is based on their ability to supply product in accordance
with the organizations’ requirements. Criteria for selection, evaluation and
periodical re-evaluation have been established considering quality,
environmental, safety and delivery rating. Records of the results of evaluations
and any necessary actions arising from the evaluation at company or supplier end
are maintained.

Orders for long delivery/critical equipment are placed early in the project to
ensure timely deliveries by suppliers. The core activities of Logistics are handled
by Logistics team and physical transportation activities may be outsourced to one
or several freight forwarders depending on the project/operation requirements.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 51 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

For ODC consignments/heavy lifts, a detailed route survey is undertaken in close


co-ordination with the freight forwarder by Logistics team.

Whenever there is any outsourced process that affects product conformity to the
requirements, adequate controls are exercised by the relevant functions. The
type and extent of control on such outsourced processes depends upon criticality
of the characteristics or extent of control exercised by the supplier. All the
statutory and regulatory requirements of the product/project work being
outsourced are discussed with the supplier and their compliance is ensured
through periodic inspections and audits.

All those activities of supplier or contractors which can be significant with


respect to our environment, health and safety systems are identified by Head
EHS, during environmental aspect and risk identification and are well addressed
in the purchase order or purchase contract. Regular monitoring of supplier’s
activities is done to ensure compliance to these requirements by QA, EHS,
Operations and Procurement/Vendor Development.

SISCOL has established procedures for source or in-coming inspection as per the
applicable QAP, drawings and technical specification to ensure that the
purchased products meet the specified purchase requirements including that for
environment/H&S. QA ensures that through these plans the products are verified
at source and during receipt at the project site. In case, if any deviation is found,
non-conformity is raised and communicated to the concerned (Procurement/PMG,
Operations/D&E or Supplier) for initiating root cause analysis, corrective and
preventive actions along with assessing the impact/potential impact. If required
the services of TPIAs can be utilized by QA for conducting source/receipt
inspection. For selection, evaluation and re-evaluation of these TPAIs procedures
have been documented.

If contractually agreed, the company also allows its customers or their


representatives to witness the manufacturing processes/purchased materials at
supplier end for ensuring product/materials conform to the specified
requirements. When it is proposed to verify the purchased product at the
supplier's premises by either customer or company’s representatives, the
verification arrangements and the method of product release are specified in the
purchase order.

8.7.2 Information for external providers


ISO 9001 (8.4.3), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO 27001 (8.1)

SISCOL has established criteria for detailing adequate purchasing information in


the purchase documents for the products/services to be procured. To start with,

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 52 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

the buyer/requisition department prepares the purchase requisition (PR)


containing all the relevant details of the product or the services (Critical to
quality parameters, delivery requirements, etc) to be procured.

The purchase order (PO) being raised contains complete information related to
the product like: specification, acceptance criteria, logistics, packaging, delivery
time, inspection requirements, performance evaluation process/parameters,
reference to QAPs, verification or validation activities by SISCOL &/or its
customers, or other acceptance criteria etc. The product/service details are
described in purchase documents or other means, including where applicable:
a) Requirements for approval of product, services procedures, processes,
and equipment
b) Requirements for qualification/competency of personnel, and
c) Quality (ISO 9001), Environment (ISO 14001), Health & Safety (OHSAS
18001) and Information Security (ISO 27001) management system
requirements

The purchase personnel review the purchase information to ensure the adequacy
of specified purchase requirements prior to their communication or issue to the
suppliers. Communication mechanism / protocol between SISCOL and the
external providers gets defined during the ordering phase.

It is ensured that for all the chemicals or hazardous substances being purchased,
MSDS of the same is obtained from the supplier and necessary trainings are
imparted to the end users for storage and handling of such substances.

8.8 PRODUCTION & SERVICE PROVISION


ISO 9001 (8.5), ISO 14001 (8.1), OHSAS 18001 (4.4.6) & ISO27001 (8.1)

8.8.1 Control of Production & Service Provision


ISO 9001 (8.5.1), ISO14001 (8.1), OHSAS 18001 (4.4/4.4.6) & ISO 27001 (8.1)

SISCOL plans and carries out project and manufacturing/operations execution


under controlled conditions which includes the following, as applicable (but not
limited to):
a) The concerned HODs ensures that all the relevant technical
requirements including special features are taken care while
developing the drawings, engineering specifications, SOPs, Work
Instructions etc. as per the contractual requirements, that defines:
the characteristics of the products to be produced, the services to be
provided, or the activities to be performed; and the results to be
achieved

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 53 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

b) Quality Assurance develops the QAPs, FQAPs, ITPs & QA programme as


per the customer and regulatory requirements
c) Vendor Development & Procurement coordinates for all the
outsourced material and vendor approval/assessment/re-
evaluation/development
d) Operations/project team develops the project planning & project
execution procedures; prepares documented information and ensures
the use of suitable infrastructure and environment for the operation
of processes; Logistics & Delivery
e) The availability of job/work instructions at the point of use
incorporating the controls exercised for EHS/IS performances are
ensured by Head EHS and Head IT
f) It is ensured that the equipment being used are suitable for the
relevant processes including their environment friendly set up & safe
performance
g) QA and D&E ensures the availability and use of appropriate monitoring
and measuring devices for control of identified characteristics
h) Head EHS ensures that measuring devices used for monitoring EHS
performance are being calibrated at the defined frequency
i) Monitoring and measurement of all the identified parameters with
respect to quality, environment, OH&S and IS are done as per the
defined frequency and methodology. In case any deviation is found,
necessary corrective and preventive actions are taken by the
concerned process owner
j) QA gives the despatch clearance after ensuring completion of the
required operations/inspection/testing
k) QA forward the inspection records as per the applicability to the
nominated SPOC for further submission to the customer
l) Field Services ensures the product, service, solutions’ deliverance by
erection & commissioning to the requirements agreed upon
m) Post-delivery activities are identified with respective stake-holders
and their involvement are agreed-upon during contract finalization
and the actual implementation are ensured

All the special processes required for the production, project and service
requirements are validated and revalidated as per the laid down guidelines.
Welding, painting, brazing, heat treatment etc. have been identified as special
processes whose resulting output cannot be fully verified by subsequent
monitoring or measurement.

Special processes have been pre-qualified for their sets of operating parameters
suited to various class and types of products by QA/D&E/Operations/PMG.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 54 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

The qualification records and subsequent process monitoring records are


maintained by QA/D&E/Operations/PMG. The qualification considers the
following issues, as applicable:
a) Defined criteria for review and approval of the processes
b) Approval of equipment and qualification of personnel
c) Use of specific control measure and procedures
d) Requirement of process monitoring records
e) Whenever there are any changes to the process equipment/new
process equipment is procured or a new category/class of product is
to be manufactured, these processes are re-validated as per need.
Additionally, if the process results (in terms of product quality) are
not found satisfactory, the relevant process may be revalidated to
ensure product complying with the requirements through
readjustment of qualified process control parameters

SISCOL emphasises on the competency building via numerous training


mechanisms/drills ably supported by the infrastructure facilities/environment;
putting in place systems in order to prevent human error. The key characteristics
of the operation that can have significant environmental impacts/risks are
identified in the relevant OCPs and are being monitored at the defined
frequency.

8.8.2 Identification & Traceability


ISO 9001 (8.5.2)

The organization has established various systems for product identification and
traceability, at the various stages of the project, product and service execution
to ensure that the products/assemblies/sub-assemblies/components are
identifiable throughout their life cycle.

Identification:
Raw materials and bought out components are received by stores from suppliers
along with the details of material containing the supplier information. After
receipt, the store in-charge raises the GRN and offers the receipt material to QC
for incoming inspection. The inspection and test status of incoming bought out
items are identified based on supplier’s certificate and inspection lot. QA /
nominated person inspects the material as per QAP/FQAP/relevant reference
document and if found acceptable, the material is cleared for storage at the
designated location. From the store, the material is issued to the project
team/manufacturing/operations divisions as per their requirements.

During all the stages of the project/production execution, it is ensured that all
the assemblies/sub-assemblies are identified by means of tags/stickers/locations.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 55 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

The inspection and test status of items is identified through identification


stickers, inspection records, identified storage space etc as applicable. These
are then stored at designated locations.

Separate areas have been identified and marked for accepted and non-
conforming items throughout the life cycle of the project/product.

Traceability:
Whenever required (Customer requirements, legal requirements, contractual
requirements) traceability for the products/assemblies/sub-assemblies are
maintained through drawings, receipt vouchers, inspection reports, lot numbers
or any other unique number. QA indicates the status of the material,
components, and sub-assemblies by use of inspection tags.

All the non-conforming products/assemblies/components are suitably identified


through red tags, ‘Rejected’ tags, stickers, punch, marking and location and they
are quarantined to avoid the inadvertent use of these materials. Components
and the products at the dispatch stage are identified with respect to the
dispatch documents. With these systems in place, the traceability back to the
origin is traced back.

8.8.3 Property belonging to customer or external providers


ISO 9001 (8.5.3)

Customer or external providers’ property received by the organization


(drawings/specifications/materials) are suitably identified at the point of receipt
as per the contractual requirements. During the time of receipt, same is verified
against our requirements, if found unsuitable returned to the customer/ external
provider; otherwise adequately stored. Proper storage is done for all the
customer/ external providers’ property and in case of any loss and damage same
is reported to the customer/ external provider and records are maintained.

8.8.3.1 Preservation
ISO9001 (8.5.4), ISO 14001 (8.1), OHSAS18001 (4.4.6)

SISCOL has established procedures for preserving the product quality from
receipt of materials through internal processing up to the handing over of
project site/product/service to the customer. Concerned HODs ensure that
adequate care is taken during handling of material, components and
products/outputs to avoid any damage. Though specific responsibilities are
defined in the relevant DCP/SOP, yet every employee is responsible for safe
handling of the products at various stages of operations/manufacturing/project
execution. Various SOPs have been developed for preserving the product/service

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 56 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

at various stages of value chain. Suppliers/OEMs manuals are being referred for
storage of equipment at shop floor and site.

8.8.3.2 Handling and Transportation:


It is ensured by the concerned HOD that the handling and transportation of
products are controlled to prevent damage, deterioration or loss. When
necessary, for particular items, special instructions/work instructions are
issued/displayed and monitoring is carried out to check satisfactory
implementation. The appropriate handling of products is followed to avoid any
deterioration of quality of product and any damage during
handling/transportation within the plant. Appropriate instructions are provided
to the suppliers of goods and services for safe packaging, transportation and
loading/unloading – as applicable.

8.8.3.3 Storage:
Appropriate storage facilities are provided at production facilities and project
site for materials and products for their safe upkeep, prevent damage and
deterioration of the product quality including suitable preservation wherever
necessary. Condition of product in the store is assessed at appropriate interval.
Receipt and issue from stores is approved by authorized personnel. All materials
having limited shelf life are issued on First In First Out (FIFO) basis, as applicable.
Appropriate storage areas are provided for finished goods to prevent any damage
or deterioration of these products. The stored products are periodically assessed
for any deterioration or shelf life expiry.

Safe handling/loading/unloading/storage instructions have been issued to the


stores personnel from environmental/H&S view point.

8.8.3.4 Packaging & Despatch:


Production/Operations hands over only cleared components and products to
Logistics for packaging and dispatch as per the packaging list issued by D&E.
Logistics/Transporter takes adequate precautions to avoid any damage or
deterioration during packing and shipping. For all those products that
has/envisaged to have contamination into it gets controlled with EHS Team with
inputs from MSDS, Vendor etc. Regular audits also ensure the compliance to the
controls established to this regard.

8.8.4 Post – Delivery activities


ISO9001 (8.5.5), ISO14001 (8.1), OHSAS18001 (4.4.6)

Post-delivery activities are identified with respective stake-holders and their


involvement are agreed-upon during contract finalization and the actual

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 57 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

implementation are ensured. Head-Business Development & Marketing takes the


necessary inputs from the customers/prospective customers related to any of the
post-delivery contractual deliverables (not limited warranty, maintenance
services etc.). These requirements are passed on to the internal
team/functions/business associates in SISCOL for deliberation, planning,
implementation when necessitated.

SISCOL while ensuring the post-delivery activities, considers (when applicable):


a) All the applicable statutory and regulatory requirements
b) Potential undesired consequences associated with its products and
services
c) The nature, use and intended lifetime of its products and services
d) All the customer requirements being mutually agreed upon
e) Customer’s feedback

BD&M in consultation with Contracts reviews all the post-delivery related


agreements before signing-off with Customers. The agreed post-delivery
requirements are communicated to the Operations/PMG/relevant stakeholders
for ensuring these requirements are met.

8.8.5 Control of changes


ISO 9001 (8.5.6), ISO 14001(8.1), OHSAS 18001 (4.4.6), ISO 27001 (7.5.3)

SISCOL has established procedures to identify changes at all the stages of


production and/or service provisions (if necessitated). On identification of any
change or request for any change in production and/or service provisions, the
same is reviewed, verified and approved before implementation by the CFT.
During review of production and/or service provisions changes, all the stake
holders are taken into consideration including all the interfaces likely to be
affected by the change including the parts already delivered.

Records of the production and/or service provisions changes, authorising the


changes and actions emanating from the review are maintained appropriately.
Change Notes, Field Trouble Reports (FTRs), Site Deviation Reports (SDRs) etc
are few of the ways of controlling the changes in production and/or service
provisions. For ISMS there is a procedure to control the planned changes.
Change Management Request is maintained with appropriate approvals and risks
being evaluated for planned changes.

8.9 RELEASE OF PRODUCT & SERVICES


ISO 9001 (8.6), ISO 14001 (8.1), OHSAS 18001 (4.4.6/4.5.1) & ISO 27001 (8.1)

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 58 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

SISCOL has defined the characteristics for the different outputs to be achieved
at appropriate stages of the project realization (receipt, in-process, final
inspection and despatch clearance) for meeting the customer requirements. All
these characteristics are monitored and measured by responsible personnel in
respective departments in order to ensure that the product/service (output)
requirements meet internal as well as external customer requirements including
all the regulatory requirements. These characteristics have been defined by
respective HODs, in their DCPs, OCPs, SOPs, QAPs etc. as applicable to the
relevant stages of the processes.

For all identified characteristics, the acceptance criteria for the evidence of
conformity have also been defined. Source, incoming, in-process and final
inspections are conducted by SISCOL inspector or SISCOL approved TPIAs to
ensure/compliance evidence of the same.

In-process inspection and testing is carried out at various stages of


manufacturing and project execution. FQAPs have been developed to monitor
and measure the critical parameters during site execution. No project/ product
stage is allowed for further execution until it has been inspected and tested by
QA/nominated representative as per QAP/TS/FQAP/applicable requirements.

SISCOL ensures that all Quality Plans/OCPs/Inspection requirements are planned


& implemented and that their inspection records are maintained to verify that
at each stage of process, the characteristics conform to applicable instructions,
procedures, inspection plans and / or specifications, as applicable.

The final product/service is verified for conformance to the specified


requirements as per procedures / inspection standards / Quality Plan and is
handed over to the customer. The relevant records clearly indicating the
conformance / non-conformance of the product and authority for releasing the
product are maintained by QA.

All the applicable legal and other requirements related to EHS have been
identified at relevant areas by Head EHS. Legal register has been prepared by
Head EHS based on these identified requirements. Legal register is a
comprehensive document containing brief description of the requirements
SISCOL subscribes, required parameters, current status, responsibility and
compliance evaluation frequency and outputs.

8.10 CONTROL OF NON-CONFORMING OUTPUTS


ISO 9001 (8.7.1), ISO 14001 (8.1/10.1), OHSAS 18001 (4.5.3/4.4.7) & ISO 27001
(10.1)

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 59 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

8.10.1 Control of non-conforming outputs


SISCOL has established documented information (SISCOL-CP-04) to ensure that
Quality, Environment, Occupational, Health & Safety and Information Security
related non-conformities are suitably identified and controlled throughout the
life cycle of the product and project (including post-delivery). The related
responsibilities and authorities and ways for dealing with such non-conformities
have also been defined in the relevant DCPs/SOPs, which include handling and
investigation of incidents, accidents, nonconformities under normal/abnormal
conditions.

The controls include prioritizing the non-conformance, analysing them and


taking immediate action, correction, segregation, containment, return or
suspension of provision of products and services, based on their criticality,
authorizing use, release or acceptance under concession by operation/project
authorized personnel and, where applicable the concession may also be taken
from the customer. Based on the decision, the non-conformances are suitably
disposed-off. The final product characteristics are re-verified by QA/designated
team for ensuring conformance to the requirements before being despatched to
the customer.

The records indicating the nature of non-conformities including the concessions,


if any, and the subsequent actions taken for reducing and eliminating them are
maintained by QA or other responsible function. The actions on accidents,
incidents, safety non-conformances are reviewed through risk assessment
process, prior to implementation by Head EHS. The trends of non-conformance
are periodically reviewed for further deciding continuous improvements in the
product and process.

In case the nonconforming products/outputs found during any stage of


manufacturing or project execution, are corrected (i.e. reprocessed or re-
worked), the products / information is re-verified by QA/Nominated Team for
the requirements in which these were found to be nonconforming in order to
demonstrate the conformity to the requirements. In case the non-conformance
in the product is detected after the same have been delivered to the customer
or their use has started, organization examines the criticality of such
characteristics. Such non-conformance which are critical and major in nature
are informed to the customer and if required, the same are withdrawn from
usage. The potential effects of the nonconformity are also analysed and
appropriate actions are taken.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 60 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8

8.11 EMERGENCY PREPAREDNESS & RESPONSE / INCIDENT


INVESTIGATION / INFORMATION SECURITY RISK

8.11.1 Emergency Preparedness & Response


ISO 14001 (8.2)
All the potential emergencies related to EHS have been identified in
“Emergency Plans” being maintained at relevant manufacturing/projects sites.
Emergency Plan is a detailed document describing the various responsibilities of
emergency coordinator, emergency communication team, emergency relief
team etc. This plan describes how to respond to actual emergencies and
prevent or mitigate associated environmental aspects and Health & Safety risks.
In planning its emergency, SISCOL shall take account of the need of interested
parties & neighbouring industries.

The efficiency/response action of this emergency plan is demonstrated through


regular mock drills (where practicable) twice in year respective to EMS & OHSMS
planned by EHS and results of the mock drills/ occurrence of emergency
situations are used to review & modify emergency preparedness plan & the
planned response actions, if required.

SISCOL shall provide relevant information and training related to emergency


preparedness and response, as appropriate, to relevant interested parties,
including persons working under its control. (employees, workmen, sub-
contractors working at SISCOL’s premises)

8.11.2 Incident Investigation


OSHAS 18001 (4.5.3.1)

Head-EHS shall devise the incident investigation procedure that shall record,
investigate and analyse H&S incidents. The corrective and risk-based
thinking/actioning procedures also includes mechanism for incident
investigation so that all H&S deficiencies are identified, after having root
causes analysis, necessary corrective (and preventive) actions are identified
including opportunities for improvements. The results emanating from the
investigations shall be documented and communicated to all the stakeholders.
Head-EHS shall ensure the investigations are conducted time-bound.

8.11.3 Information security risk assessment & treatment


ISO 27001 (8.2, 8.3)

Requirements and SISCOL’s approach are defined in 6.4.4 and 6.4.5 of


Chapter-6 of this document.

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 9

PERFORMANCE
EVALUATION
IMS MANUAL Page 61 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

9.1 PURPOSE
To describe the organizational process for monitoring, measurement, analysis
and evaluation (incl. Internal Audits, MRMs etc.) for establishing, implementing,
sustaining, awareness & continually improving the Quality, Environment, H&S
and Information Security Management Systems.

9.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1 of this document.

9.3 OVERALL RESPONSIBILITY


Top Management
Leadership Team
MR
Concerned Head of the Departments (HODs)

9.4 MONITORING, MEASUREMENT, ANALYSIS & EVALUATION


ISO 9001 (9.1), ISO 14001 (9.1), OHSAS 18001 (4.5) & ISO27001 (9.1)

9.4.1 General
ISO 9001 (9.1.1), ISO 14001 (9.1.1), OHSAS 18001 (4.5) & ISO27001 (9.1)

SISCOL has determined who, what, how & when the processes needed to be
monitored, measured, analysed and evaluated and it’s implementation to
demonstrate conformance to product & service requirements and conformity to
QMS, EMS, and OHSMS & ISMS and continually improve their effectiveness.
Measurement & monitoring system is based on data and it’s analysis for which
various analytical tools are being used.

SISCOL has defined the measurable parameters for the different processes/
products and services /projects to ensure meeting the customers and regulatory
requirements. While preparing the project schedules & plans and product
delivery schedules, all the processes which have to be measured are identified
by the concerned process owners/HODs.

These process parameters are monitored, measured and its results are analysed
& evaluated at the specified frequency as per the responsibilities defined in
QAPs/FQAPs/Flow Charts/SOPs to ensure that these processes achieve the

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 62 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

planned results. When planned results are not achieved, the non-conforming
outputs (products/services/information) are corrected (repaired/reworked/re-
processed) and the suitable corrective actions, as applicable are taken by the
concerned HODs, to ensure conformity of the products (outputs). The
compliance to these identified process parameters are ensured during
inspection or system audits. Appropriate documented information are
maintained.

Those processes or operations having significant environmental impact/


significant risks are suitably monitored by respective process owners/HoDs in
order to ensure all the customer requirements (internal & external customers)
are met. OCPs/SOPs has been defined by Head EHS, to control these significant
environmental aspects and Health & Safety risks.

Head EHS has established a procedure to monitor and measure EHS performance
on regular basis by deploying:
a) Qualitative and quantitative measures appropriate to the organizational
needs
b) Monitoring of the extent to which EHS objective are met
c) Monitoring the effectiveness of EHS controls being exercised at different
manufacturing locations, offices and project sites
d) Proactive measures of performance that monitor conformance with EHS
programmes, controls and operational criteria
e) Reactive measures of the performance like monitoring of ill health,
incidents, and other historical evidence of deficient EHS performance
f) Recording of data and results of monitoring and measurement to facilitate
subsequent corrective and risk analysis.

Monitoring includes various operational parameters like water, stack/ambient


air, noise levels and progress on management programmes, objectives & targets,
compliances to relevant legislations & regulations, near-misses, incidents,
accidents and ill health.

The Head-IT has established a procedure to:


a) Monitor and review IT related controls to promptly detect errors, identify
attempted and successful breaches and incidents, enable management to
determine whether the security activities delegated to people or
implemented by IT are being performing as expected, help detect security
events and thereby prevent security incidents by the use of indicators and
determine whether the actions taken to resolve a breach of security were
effective

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 63 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

b) Undertake regular reviews of the effectiveness of the ISMS taking into


account the results of security audits, incidents, results from effectiveness
measurements, suggestions and feedback from all interested parties
c) Measure the effectiveness of controls to verify that security requirements
have been met

Review risk assessment at planned intervals and review the residual risks
and the identified acceptable levels of risk, taking into account changes to
the organization, technology, business processes, identified threats,
effectiveness of the implemented controls and external events like any
changes to the legal or regulatory environment, changed contractual
obligations and changes in social climate

d) Undertake security plans to take into account the findings of monitoring


and reviewing activities
e) Conduct internal audits and MRM as per the planned schedules
f) Documented information actions and events that could have an impact on
the effectiveness or performance of ISMS

9.4.2 Customer Satisfaction


ISO 9001 (9.1.2)

SISCOL has established & implemented a system for measuring customer


satisfaction (Voice of Customer - VoC) on transactional basis.
Marketing/Business Development/Sales/Business Excellence captures the voice
of customers based on the project progress/product deliveries on regular basis
and forward the output to Quality or the concerned department for analyzing
the feedback. Customer feedback (incl. complaints, pain areas & their opinion)
are also being captured by the concerned Project Management Team during
their regular interaction with the customers. For timely responding to the
customer complaints and issues, detailed action plan is developed and
subsequently KPIs are identified at relevant functions and monitored & reviewed
regularly.

Data on customer satisfaction is compiled and presented in the top management


review meeting by MR along with the effectiveness of the actions being taken by
SISCOL.

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 64 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

9.4.3 Analysis & Evaluation


ISO 9001 (9.1.3), ISO 14001 (9.1.2), OHSAS 18001 (4.5.1) and ISO 27001 (9.1)

SISCOL determines, collects and analyses appropriate data to demonstrate the


suitability and effectiveness of the IMS and evaluate for deciding the continual
improvement of these systems. The data is collected at the specified periodicity
and by the designated personnel. The data is compiled and trends are made to
indicate the comparison, trend along with targets. This data are analysed during
the review meetings to decide the further improvements & action point are
listed to address risks & opportunities. The “Analysis of Data” includes:

a) The data generated as a result of process/project monitoring and


measurement-project delays, project cost, project non-conformances,
customer complaints, rejections, rework, delivery issues, cost of quality
etc.
b) Data on the external providers evaluation/performance
c) Customer Satisfaction Levels
d) Key Performance Indicators (KPIs) of each department
e) The achievement of the planned activities
f) effectiveness of actions taken by functions in SISCOL to address risks and
opportunities identified
g) The data collected from other relevant sources, e.g. Bench Marking Data
from relevant association or from the customers.
h) Data on Environmental and OH&S and IS performance – accidents/
incidents/near miss, status of EMP/OHSMP, spillage or leakages at site,
mock drill data, security violations etc.

Sl No. Indicative data to be analyzed Responsibility


1. Project win loss analysis Marketing/BD
2. Project delays, project cost, project risks PM
3. Non-conformance, rework QM
4. Customer complaints PM/Quality
5. Customer perception (VoC) Mktg./BD/Quality
6. External provider performance Quality/SCM/MM
7. In process non-conformance Quality
8. EHS Incident, near miss and accident EHS
9. Information security violations/incidents IT
10. System non-conformance MRs
11. Employee engagement, attrition HR

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 65 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

12. Training feedback & effectiveness HR


13. Process KPI monitoring All function HODs

All the applicable legal & other requirements with respect to IMS have been
identified in the legal register. These requirements are periodically reviewed as
per designated persons for their compliance. Documented information of these
reviews are maintained at appropriate levels as per the responsibilities defined
in the legal register.

9.4.4 Internal Audit


ISO 9001 (9.2), ISO 14001 (9.2), OHSAS 18001 (4.5.5) and ISO 27001 (9.2)

SISCOL has established a documented information (SISCOL-CP-03) to ensure that


all the activities which can have an influence, changes affecting the
organization on the quality / environment / occupational, health & safety/
information security are subjected to internal audits bi-annually. The procedure
defines the responsibilities and requirements for planning (audit programs),
conducting/implementing, reporting & recording the audits.

Internal audits are planned at six monthly frequency considering the audit
criteria, scope, frequency and methods. Audit criteria include international
standards, IMS manual, IMS policy, applicable legal requirements, objectives,
targets, management programme, department procedures, SOPs, etc. The
frequency of audits can be increased depending on the severity of Quality,
Environment, Occupational, Health & Safety and Information Security risks and
the non-conformances observed during previous audits or operations. Frequency
of these internal audits can also be increased in case of customer complaints,
process or product rejections and service failures.

SISCOL has a well-documented information for training of internal auditors.


Auditors are trained based on education, experience, skills and their
performance in the written examination. The auditors are selected in a manner
to ensure objectivity and impartiality of the audit process. Annual audit plan is
being prepared by the respective MRs. Audit schedule is prepared based on the
status and importance of the process and results of earlier non-conformances
observed. Audits are also scheduled based on results of risk assessments and
changes affecting the organization. It is ensured that Auditors do not audit their
own work activities.

The audit results/reports are the documented information, which are shared
with all the concerned stakeholders. These reports form the basis of taking
suitable corrective actions (CA) by the concerned HODs after suitable root cause
analysis (RCA). The HoDs take the required corrective action (CA) without any

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 66 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

undue delay. Other non-conformances are prioritized and accordingly actions


are started to avoid their recurrence.

Follow-up activities include the verification of the corrective actions taken


either by actual verification at site or by verifying the related documentation,
depending upon the criticality of the non-conformances. The results of the
action taken are reviewed and discussed in Management Review Meeting. Apart
from the scheduled audits, other audits can also be initiated based on the
importance of activities and change in processes or services.

9.4.5 Management Review


ISO 9001 (9.3), ISO 14001 (9.3), OHSAS 18001 (4.6), ISO 27001 (9.3)

9.4.5.1 General
At SISCOL, management review happens at various levels:
a) Management review meeting to review the effectiveness of IMS
b) Project Review meetings/Departmental review meeting
c) Risk Review Meeting etc.

9.4.5.2 Management Review Meeting


CMD reviews the company’s IMS, at planned intervals (at least once in a year),
to ensure its continuing suitability, adequacy, effectiveness and alignment with
the strategic direction of the organization. The review meeting interval can
change considering the changing business conditions. At SISCOL implemented
IMS is reviewed in the MRM which comprises of Senior Team Members under the
leadership of CMD.

Review includes, assessing risks & opportunities for improvement and the need
for changes to the IMS, including the SISCOL policy and objectives. Documented
information of management reviews including the minutes of Management
Review Meeting (MRM) are maintained by CMD’s office/MR; for projects by
Project Planning Team/PMG.

9.4.5.3 Review Input


ISO 9001 (9.3.2), ISO 14001 (9.3), OHSAS 18001 (4.6), ISO 27001(9.3)

The input to management review in the form of agenda for Management Review
Meeting includes information for the period under review on all elements of ISO
9001, ISO14001, OHSAS 18001 and ISO 27001. The specific agenda items relevant
to each of these standards are given in the common procedure on MRM (SISCOL-
CP-07). However, more focus is laid down on the following:

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 67 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

a) Status of actions from previous management reviews


b) Changes in external and internal issues relevant to IMS, including
strategic direction
c) Review the context of the organization
d) Review the needs & expectations of interested parties
e) Review the scope of IMS
f) Information on IMS’s performance, including trends and indicators for:
o Nonconformities and corrective actions
o Monitoring and measurement results
o Audit results
o Customer satisfaction
o Feedback from relevant interested parties
o performance of external providers
o process performance and conformity of products and services
o the extent to which IMS objectives have been met
g) Issues concerning external providers and other relevant interested parties
h) Adequacy of resources required for maintaining effective QMS
i) Process improvement and conformity of products and services
j) Effectiveness of actions taken to address risks and opportunities, result of
risk assessment and status of risk treatment plan
k) New potential opportunities for continual improvement

Specifically, to EHS; the review addresses the possible need for changes to
policy, objectives and other elements of the environment/OH&S Management
Systems in the light of EMS/OHSMS audit results, changing circumstances and
the commitment to continual improvement of EHS performance.

9.4.5.4 Review Output


ISO 9001 (9.3.3), ISO 14001 (9.3), OHSAS 18001 (4.6), ISO 27001 (9.3)

The minutes of the management review meeting are recorded and maintained
for a specified period. The output of the management review shall include any
decisions and actions related to:
a) Opportunities for improvement
b) Need for change in IMS including resources
c) Update of the risk assessment and risk treatment plan

The outputs from MRM shall also include any decisions and actions related to
possible changes to:
a) Business requirements and security requirements,
b) IMS performance
c) IMS Policy and Objectives

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 68 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9

d) Any changes in the context of the organization


e) Any changes in the needs & expectations of interested parties
f) Any changes in the scope of IMS
g) Regulatory or legal requirements and contractual obligations
h) Levels of risk and criteria for accepting risks
i) Improvement of product related to customer requirements

The output of the management review meeting is communicated by CMD’s/MR’s


office to all the stakeholders for initiating time bound actions and regular follow
up is maintained for completion.

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

CHAPTER - 10

IMPROVEMENT
IMS MANUAL Page 69 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10

10.1 PURPOSE
To establish a system for identification of improvement opportunities of the
various process identified in documented QMS, EMS, OHSAS & ISMS, to
demonstrate the reduction in undesired effects and achieve continual
improvement of SISCOL business processes.

It includes various processes like continual improvement, incident investigation,


non-conformity & corrective action.

10.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1 of this document.

10.3 OVERALL RESPONSIBILITY


Senior Leadership team
Head of the Departments (HODs)

10.4 SYSTEM DESCRIPTION

10.4.1 Improvement (General)


ISO 9001 (10.1), ISO 14001 (10.1), OHSAS 18001 (4.2/4.3.3/4.6), ISO 27001 (10)

SISCOL leadership is committed to create, determine, select opportunities &


facilitate a culture of continual improvement in the organization. The
leadership team encourages the continual improvement efforts put forth and
reviews the implementation of improvement plans and evaluate their
effectiveness to meet customer requirements and enhance customer
satisfaction.

SISCOL has established the processes with the best of intentions, focusing on
performing the task at hand, with the resources at hand, in the environment
where they exist. A structured approach to understand the existing conditions,
generate improvement ideas, and then implement the changes to see the
betterment has been made part of SISCOL’s systems and processes.

Various improvement programmes are identified by Leadership team across the


value chain of operations. In addition HoDs drives various improvement
initiatives; all aiming to improve products and services; while meeting
requirements as well as to address future needs and expectations.

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 70 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10

SISCOL in every process puts efforts in correcting, preventing or reducing the


undesired effects associated with it; in order to improve the performance and
effectiveness of the established IMS.

10.4.2 Non-conformity & corrective action


ISO 9001 (10.2), ISO 14001 (10.2), OHSAS 18001 (4.5.3), ISO 27001 (10.1)

SISCOL has established documented information (SISCOL-CP-04) to react and


ensure that Quality, Environment, Health & Safety and Information Security
related non-conformities are suitably identified and controlled throughout the
life cycle of the product & services and project. The related responsibilities
and authorities and ways for dealing with such non-conformities have also
been defined in the relevant DCPs/SOPs, which include handling and
investigation of incidents, accidents, nonconformities under normal/abnormal
conditions. The controls include prioritizing the non-conformance, analyzing
them and taking immediate action, based on their criticality, authorizing use,
release or acceptance under concession by project authorized personnel and,
where applicable the concession may also be taken from the customer. Based
on the decision, the non-conformances are suitably disposed-off.

The final product & services characteristics are re-verified by QA for ensuring
conformance to the requirements before being despatched to the customer.

The documented information indicating the nature of non-conformities


including the concessions, if any, and the subsequent actions taken for
reducing and eliminating them are maintained by QA or other responsible
function. The actions on accidents, incidents, safety non-conformances are
reviewed through risk assessment process, prior to implementation by Head
EHS. The trends of non-conformance are periodically reviewed for further
deciding continuous improvements in the product and services and process.

In case the nonconforming products & services and services found during any
stage of design, manufacturing or project execution, are corrected (i.e.
reprocessed or re-worked), the products & services / information are re-
verified by QA/competent personnel for the requirements in which these were
found to be nonconforming in order to demonstrate the conformity to the
requirements. In case the non-conformance in the product is detected after
the same have been delivered to the customer or their use has started,
organization examines the criticality of such characteristics. Such non-
conformance which is critical and major in nature is informed to the customer
and if required, the same are withdrawn from usage. The potential effects of
the nonconformity are also analyzed and appropriate actions are taken.

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 71 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10

Based on non-conformity observed, the risk related to the NC shall be


identified and updated in ROAM related to the concerned process.

Corrective Action
The company has established a documented information (SISCOL-CP-04) for
taking actions to eliminate the cause of non-conformities in order to prevent
recurrence of significant problems by analysis of non-conformance
documented informations, product rework/ rejection data, external provider
performance documented informations, project execution documented
information etc. SISCOL ensures Corrective actions are appropriate to the
effects of the nonconformities encountered, which are monitored to have cent
percent compliance.

Through this documented information it is ensured that controls are exercised


for:
a) Reviewing the non-conformities (including customer complaints)
b) Determining the causes/analysing non-conformities
c) Evaluating the need for action based on criticality of the activities to
ensure that non-conformities do not recur
d) Determining, deciding the corrective action needed based on root cause
analysis and implementing the same
e) Determining if similar nonconformities exist, or could potentially occur
f) Maintaining the documented information of the results from the action
taken
g) Communicating the results of corrective actions to all the stakeholders
h) Reviewing effectiveness of corrective actions
i) Determining the cause of reoccurrence of similar NCRs
j) Update risks and opportunities determined during planning

All customer complaints, customer returns, rework, rejections, delays,


incidents are identified during the project execution life cycle by the
nominated persons. These deviations are analyzed, using various statistical
tools/problem solving methods and the corrective actions are taken to
eliminate the cause of non-conformities in similar areas. The effectiveness of
the corrective action is verified during subsequent product/processes/project
audits. Cross functional teams are constituted for the critical problems related
to Quality, EHS and IT. Integrated management system is made richer by
changing the way of operations/processes to incorporate the learnings from
the non-conformities.

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 72 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10

10.4.3 Continual Improvement


ISO 9001 (10.3), ISO 14001 (10.3), OHSAS 18001 (4.2/4.3.3/4.6), ISO 27001
(10.2)

Continual improvement is of paramount importance for SISCOL. The


organization aims to utilize the analysis of product/project/process related
data and continually enhance, improve the suitability, adequacy and the
effectiveness of the Quality, Environment, Health & Safety and IS management
systems. Continual improvement programmes/KPIs for Quality, Environment,
H&S, IS are identified by use of Policy, Objectives & Targets, market analysis,
results of risk assessments, environmental aspects evaluation, feedback for
improvements through audit results, analysis of data, customer feedback,
applicable legal requirements, significant environmental aspects, H&S risks, IS
risks, corrective action and the discussions held in management reviews.

The continual improvement programmes are identified based on the results of


analysis and evaluation (defined in Chapter 9, but not limited to), outputs
emanating from management review meets; by the concerned HODs, using
following indicators (naming a few, indicative):
a) Customer Dissatisfaction e.g. complaints or project delays
b) Inventory Management improvement
c) Delivery Problems from External providers
d) On time delivery of projects to the customers
e) Integrated Management Systems improvement
f) Improvement in external provider Rating
g) Reduction in consumption of natural resources
h) Training feedback and effectiveness
i) Improving housekeeping at manufacturing/project site
j) Cost of quality
k) Reducing environmental impacts through innovative product design
l) Achieving stretched goals
m) Analysis of data related to accidents, incidents, near misses
n) Sharing the lessons learnt from the projects across SISCOL

UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

ANNEXURE - A

LIST OF
DOCUMENTED
INFORMATION
IMS MANUAL Page 73 of 118
Eff.: 6th Feb, 2018
LIST OF DOCUMENTED INFO. Rev. No.: 00
DOC NO: SISCOL/IMS/MANUAL Annexure - A

ANNEXURE A:
SAMPLE LIST OF DOCUMENTED INFORMATION (DI)

Sr.
DI No. Details Scope of Standards
No.
1 SISCOL-CP-01 Documented Information QMS+EMS+OHSAS+ISMS
Risk and Opportunity
Identification, Assessment,
2 SISCOL-CP-02 QMS+EMS+OHSAS+ISMS
Implementation and Reviewing
effectiveness
3 SISCOL-CP-03 Conduction of Internal Audits QMS+EMS+OHSAS+ISMS
Control of Non-conformance and
4 SISCOL-CP-04 QMS+EMS+OHSAS+ISMS
Corrective Action
5 SISCOL-CP-05 Competency Development QMS+EMS+OHSAS+ISMS

6 SISCOL-CP-06 Management Review Meeting QMS+EMS+OHSAS+ISMS

7 SISCOL-CP-07 Objective Settings QMS+EMS+OHSAS+ISMS

8 DCP-1

9 DCP-2

10 DCP-3

11 DCP-4

12 .

13 .

14 .

15 .

16 .

UNCONTROLLED DOCUMENT IF PRINTED



IMS MANUAL Page 74 of 118
Eff.: 6th Feb, 2018
LIST OF DOCUMENTED INFO. Rev. No.: 00
DOC NO: SISCOL/IMS/MANUAL Annexure - A

17 .

18 .

19 .

20 .

21 .

22 .

23 .

24 .

25 .

26 .

UNCONTROLLED DOCUMENT IF PRINTED



IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

ANNEXURE - B

COMMON
PROCESSES
 
IMS MANUAL Page 75 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1

1.1. Documented Information


1.1.1. Process Flow

 
 
IMS MANUAL Page 76 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1

1.1.2. Process Notes


P1. All the documented information required for the activity/ function should be
identified well in advance and to be reflected in the functional DCPs/ Manual / MDL.
P2. As identified in MDL, all the documented information to be prepared and identification
of the owner of the DI & retention period to be done, all the documents to be prepared as
per reference national, International standards, contract document, customer
requirement, SISCOL and applicable legal & statutory requirement in the standardized
format/ template structure only.
D1. Before approving the documents, review should be done comprehensively for all the
applicable processes with respect to QMS, EHSMS, ISMS, Customer, SISCOL and applicable
legal & statutory requirements.
P3. The approved DI shall be circulated / distributed in controlled manner, and shall be
stored in protected way to avoid any loss of data, to ensure that only the authorized users
are having access to these documents, the access is controlled through IT.
P4. The documents approved shall be updated in MDL, the updated master list of
documents should be available with concerned process owners along with the current
revision no. The master list of drawings/specifications should be available with the
nominated person.
P5. 1. The reason for the change should be justified in the change request.
2. In case the change is affecting more than one function/project, the issue to be
discussed with the other interested parties before implementing the change
P6. Modify/amend the document. The changed part of the document should be
identifiable through italics/ bold/ underline/ font colour / Box with Rev. No.
D2. The document should be approved by the same or higher level as in original document.
P7. The revision number to be incremented after the change and master list of documents
of internal origin reflected in DCPs should be modified.
P8. The revised document to be communicated to all the original recipient or additional
persons as per the business requirements.
P9. Obsolete documents to be discarded as per the prevailing practices and should not be
available at the point of use. One copy of obsolete document should be archived for future
reference.

1.1.3. SIPOC
Trigger – Ensure the Control of Document Information
Frequency – Ongoing
Supplier Input P Output Customer
Engineering/ National, International Process
Stakeholders/ standards, contract document, Owners,
MDL, DCP, Manual
Vendors/Client/ customer requirement, SISCOL Client,
Manufacturing and applicable legal & External

 
 
IMS MANUAL Page 77 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1

Team/ Project statutory requirement Providers


Team
DCP/Procedure/SOP/
Engineering/
QAPs/Engineering Process
Stakeholders/
Deliverables/ Owners,
Vendors/Client/
MDL OCP/manual/Work Client,
Manufacturing
Instructions/Formats/ External
Team/ Project
guidelines/flow Providers
Team
chart/plans etc.

1.1.4. RASCI
Activity Responsible Accountable Support Consult Inform
P1. Identification of Process
needs for Documented IMS Team, Owner,
Process Stake
Information (DI) HOD External Client,
owner holders
required for effective Providers External
Management Systems Providers
Engineering
P2. Preparation of DI, team, Client,
Process Stake External
identification of owner HOD External
owner holders Providers
and its retention period Providers,
stake holders
Client,
D1. Review & approval External
Process
of documents; HOD - - Providers,
owner
Approved? Engineering
team
Client,
P3. Circulation/
External
Distribution/ Storage/ Process
HOD IT team - Providers,
Protection of DI + owner
Engineering
team
  Client,
External
P4. Updating MDL of Process
HOD IT team Providers,
internal origin owner
Engineering
team
External
P5. Receipt of change Process Providers,
request or need for owner/ cross Process
HOD -
change of document and nominated functional Owner
its review person team
members
Process
P6. Amendment/
owner/ External
modification in the HOD Client Stakeholders
nominated Providers
documents
person

 
 
IMS MANUAL Page 78 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1

D2. Approval of Process External


HOD - Stakeholders
documents; Approved? owner Providers
Process
P7. Update issue No/ owner/ External
HOD - Stakeholders
revision No. and MDL nominated Providers
person
Process
P8. Circulation/
owner/ External
Distribution/ Storage/ HOD - Stakeholders
nominated Providers
Protection of DI
person
P9. Retention, archival Concerned External
HOD - Stakeholders
& disposition of DI user Providers
Note: Internal/IMS related documents may not be meant for Client/External Provider

1.1.5. ROAM
 

Probable/ Sl. Possible Mitigation Plan/


Description
Envisaged No. Most-likely Benefits
Missing of identification of
1 critical document in the
Document Management process 1. Availability of all
Missing important references/standards for
elements/parameters of the identification of documents
2 processes/products to be 2. Higher level and CFT review
RISK captured in the document as per
requirement
Non-conformities due to non-
Communication of
communication of
3 approved/modified documents to
approved/modified documents to
all concerned stake holders
concerned
4 Theft or loss of data Strict compliance to ISMS

Security of documents with Avoid access of sensitive


1
sensitive information information to competitors
To adopt and implement a
OPPORTUNITY Centrally controlled repository of structured method to establish,
2
documents update and communicate
controlled documentation
Use of Standard Improvement in operational
3
templates/Formats across effectiveness
 

 
 
IMS MANUAL Page 79 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1

1.1.6. KPIs
KPI Objective Formula UoM
To identify internal origin Within 30 days of receipt of
Identification of document required for contract/Within 15 days of
Days
document effective Integrated change or revision of
Management System process

To prepare, review &


Preparation, Review approve document required 15 days in advance start Days 
& Approval document for effective Quality of processes
Management System

To communicate
Communication of document/amendments/mo Within 2 days after Days 
documents difications to all concerned approval
departments
 

 
 
IMS MANUAL Page 80 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2

1.2. Risk and Opportunity Identification, Assessment,


Implementation and Reviewing Effectiveness
1.2.1. Process Flow

 
 
IMS MANUAL Page 81 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2

1.2.2. Process Notes


The objectives of the ‘Risk Management’ process is to ensure that the project/
manufacturing/proposed project periodically goes through a comprehensive risk
management process by:

● Assessing and quantifying all risks associated with the project/proposed project 
● Developing risk mitigation/treating plans that can be followed through, using the
review mechanism 
● Ensuring that top management is kept abreast with the overall risk profile of the
project/manufacturing/proposed project with focus on the most critical risks 

P1. The assessment shall be performed in line with SISCOL risk guidelines. For the
proposal project, risk assessment & treatment shall be performed before technical/price
bid submission. For ongoing or under execution projects/manufacturing, risk assessment &
treatment shall be performed once in a quarter.
a) Risks and Opportunities to be identified at various stages of the manufacturing and
project life cycles through proactive monitoring of various process parameters/
acceptance criteria, product non-conformities and internal/external audits.
b) Risks and opportunities to be proportionate to the potential impact on the
conformity of products.
P2. Determine/Identify the sources, causes/ processes/ activities in Risk and Opportunity
form
P3. CFT/team/person constituted by the concerned HOD for risk assessment
P4. Nominated team/person will assign probabilities to each risk element based on past
experience and current project expectations, segregates risks based on their impact on
either delay liabilities or cost escalation. Severity calculated based on estimated delay
and/or cost implication as per norms of the SISCOL Risk Policy. Nominated team/person
will identify risk treatment plan and submit it for competent authority.
D1. Approval from competent authority to be obtained before implementation of
Mitigation/Contingency plan
P5. In case any modification suggested by competent authority, same shall be
incorporated
D2. After incorporating the changes, nominated team/person will identify any
modification in system/process/document (DCP/SOP/QAP etc.)
P6 In case of any modification same shall be obtained from competent authority/process
owner.
P7. Treatment/Mitigation and Contingency plan to be implemented within defined time
frame. The record is maintained in risk register.

 
 
IMS MANUAL Page 82 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2

P8. Review/evaluation of effectiveness of implementation to be completed within defined


time frame as per Mitigation/ Contingency Plans and maintained in risk register.

1.2.3. SIPOC
Trigger - Risk and Opportunity Identification, Assessment, Implementation and Reviewing
effectiveness
Frequency – As per SISCOL Policy
Supplier Input P Output Customer
Process monitoring/ knowledge
sharing/Audits/Non-
Process Conformities/external &
owner internal issues w.r.t context of Nominated
the organisation/ requirement Risk register Team/
of interested parties person
Risk Register from pre-bid (for
BD&M
project/manufacturing)

Nominated Competent
Mitigation / Contingency Plan Risk Register & record note
Team/person authority

1.2.4. RASCI
Activity Responsible Accountable Support Consult Inform
P1. Identification of
Risks and Process
Leadership Nominated
Opportunities owner/ Process PMG/Functional
Team/Functional Team/ person/
throughout the life Nominated owner Head
Head Functional Head
cycle of the Team/person
Project/Process.
P2. Determine the
Process
Sources, causes/ Leadership
owner/ Nominated Functional Nominated
Process/ activities for Team/Functional
Nominated Team/person Head Team/ person
the Risk and Head
Team/person
Opportunity
P3. Nomination of the
Functional
Risk and Opportunity Leadership Leadership Functional Nominated
Head/
Assessment Team Team Head/HR Team/ person
HR/Contracts
person/team
P4. Identification of
risks, areas of
impacts, events &
their causes and their
potential Nominated
Process
consequences. Then Leadership Team/ person/
owner/ Nominated Functional
carry out Team/Functional Leadership
Nominated Team/person Head
Risk/Opportunity Head/Contracts Team/Functional
Team/person
assessment Head/Contracts
considering the
Probability and
Severity. After that
assign category for

 
 
IMS MANUAL Page 83 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2

the same. Prepare


the Mitigation and
Contingency plans for
identified Risk
D1. Seek approval
Nominated Nominated Functional Functional Competent
for implementation;
Team/person Team/person Head Head/Contracts Authority
Approved?
Functional Process owner/
P5. Modify the Nominated Nominated Functional Head/Contracts/ Functional
treatment plan Team/person Team/person Head Competent Head/Contracts/
Authority Leadership Team
Nominated
D2. Any Nominated
Nominated Team/person/
system change / Process Process Team/person/
Team/person/ Functional
process modification owner owner Functional
Functional Head Head/Contracts/
required Head
Leadership Team
Nominated
Nominated Team/person/
P7. Implementation Nominated
Process Process Team/person/ Functional
of Risk Treatment Team/person/
owner owner Functional Head/Contracts/
Plan Functional Head
Head Leadership
Team/
P8. Review and Nominated
record the Nominated Team/person/
Nominated
implementation and Process Process Team/person/ Functional
Team/person/
evaluate owner owner Functional Head/Contracts/
Functional Head
effectiveness of Risk Head Leadership
Control/Opportunities Team/

1.2.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Promote culture to identify the
risk/opportunity by anyone during the
Missing of risk/opportunity
1 identification
project cycle.
Getting wetted from Contracts in line
with SISCOL guideline
● Mitigation and contingency plan to
RISK
be prepared by competent team/
person.
Ineffective mitigation and
2 contingency plan
● Mitigation and contingency plan to
be reviewed and monitored for the
implementation of effectiveness.
● Consultation with Contracts team
Will have least possibilities to miss out
Culture to identify risk/opportunity
1 by anyone during the project cycle
major risk/opportunity and its impact of
OPPORTUNITY organization/project
Effective implementation of Damage owing to risk will be arrested or
2 mitigation and contingency plan minimized
 

 
 
IMS MANUAL Page 84 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2

1.2.6. KPIs
KPI Objective Formula UoM
Identification of sources of risks,
areas of impacts, events & their
Risk assessment causes and their potential
and Opportunities consequences. Then carry out As per SISCOL risk guideline Numbers
in risk Risk/Opportunity assessment
considering the Probability and
Severity.
Risk Treatment Preparing plan within defined
Derive the treatment plan Days
Plan time frame
Effectiveness Evaluation of the effectiveness of
Number of change in plan Numbers
treatment plan mitigation and contingency plan

 
 
IMS MANUAL Page 85 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3

1.3. Internal Audit


1.3.1. Process Flow

 
 
IMS MANUAL Page 86 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3

1.3.2. Process Notes


P1.
1. Minimum criteria for Auditors shall be they must have valid Internal / Lead Auditor
certification in ISO Management Systems.
2. There shall be continuous process for identification of employees to be trained as
new internal Auditors / Lead auditor certifications.
P2. 1. All the projects/activities/manufacturing facilities of SISCOL to be audited at
minimum frequency of six months.
2. Internal audit schedule to be prepared at least 2 weeks before the date of
internal audit.
3. Auditor independence to be ensured while planning the audits
4. Tentative audit duration to be specified in the audit plan

P3. Circulation of audit plan to the concerned auditee, auditors & stakeholders at least 2
weeks before the internal audit.

P4. 1. The audit should be completed as per the internal audit plan.
2. The audit should be as per the defined scope, criteria and objectives

P5. Audit reporting & identification of OFIs to be done in specified format/platform by


auditor after discussion (in audit closing) with auditee within 3 days after conduction of
internal audit.

P6. Review of Audit reports and improvement areas by Audit committee and approval / for
circulation of Audit report / NCs/ OFIs to concerned auditee / functional head within 2
days of submission of reports by internal auditors.

P7.
1. Root cause analysis and proposed closure date of NC/OFIs shall be provided in NC
format/platform by Auditee / Process owner in consultation with stakeholders /
function heads within 1 week of release of audit report.
2. Correction / corrective action on the NCs / observations raised to be taken within 3
weeks of submission of internal audit report or within the date of agreed proposed
closure date.

D1. Audit committee to check and verify whether NCs / OFIs were vacated, within 2 days
of submission of implementation of corrective action by auditee/ process owner.

P8. Follow up audit (if required) to be conducted for verification of corrective action.

D2. All NCs to be resolved within 3 weeks after conducting internal audit including the
completion of corrective actions.

P9. The audit summary report to be prepared and presented to the concerned HOD within
3 weeks of the completion of internal audit and in quarterly meet to TM & MRM.

 
 
IMS MANUAL Page 87 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3

P10. During the top management meetings the input for continual improvement
programmes and updating of ROAM shall be derived.

D3. Review the effectiveness of the internal audits, upto what extent management
expectations are met by internal audit
1. Continuous process
2. Based on the review, further actions like refresher trainings to auditors etc. are
planned.

1.3.3. SIPOC
Trigger – Conducting IMS internal audit
Frequency – Six Months
Supplier Input P Output Customer
Functional
Heads / IMS Auditor List Audit Schedule IMS Team
Team
Auditee /
Audit schedule, DCP, Manuals,
Process owners,
Auditors Contractual / statutory Audit Reporting
Functional
requirements
Heads, IMS Team
Audit Summary
IMS Team NC / Audit report / RCA Top Management
report

1.3.4. RASCI
Activity Responsible Accountable Support Consult Inform
Identification of Reporting Auditors,
Head Quality / Functional
trained internal IMS Team Manager of Auditee,
EHS / IT Heads
auditors Auditors Stakeholders
Preparation & Auditors, Auditors,
circulation of Head Quality / IT HODs, Process
IMS Team
internal audit EHS / IT Department Process Owners,
schedule / plan Owners HODs
Auditee, IMS
Conducting Audit Team,
Auditor Auditor - IMS Team
& Reporting Functional
Heads
Vacating NCs/
Root Cause Auditee /
Analysis, Process Functional Head Stakeholders Auditor IMS Team
Corrective Owner
actions
Follow-up Audit
Functional
and verification Auditor IMS Team -  
Heads
of CA
Preparation of IMS Team, IMS Team, Leads Auditor, Auditor, Top

 
 
IMS MANUAL Page 88 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3

audit summary Leads Auditee Auditee Management


report &
presentation to
concerned HOD
Identification of
Continual
Improvement Functional
Functional Heads - - Stakeholders
programmes (CIP) Heads
and updating
ROAM
Review the
effectiveness of Functional Head Quality
Functional Heads IMS Team -
the internal Heads / EHS / IT
audits

1.3.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Proactive action for identification of
Non availability of enough no. of auditors and there training and
01 competent auditors for maintaining proportional ratio
conducting internal audit between total employees and
auditors
1) Schedule shall be made
thoroughly considering the project
schedule and commitment from top
Delay in conducting audits due to
management, HODs.
Non-availability of certified
02
internal auditors as per planned
2) Circulation of Audit plan well in
schedule
advance (Min. 2 Weeks) for auditors
RISK
and auditee to reserve there date
and time.
Improper reporting by auditors
(For e.g. the report is not clear to Second level review by IMS team
02
address the issue) leading to before releasing the report auditee
failure of finding right issue.
Closure of NCs by auditee without
IMS Team / Auditor shall conduct
03 ensuring proper root cause
verification audits for Major NCs
analysis
Top Management, Process owner
Repetition of similar NCs in
04 shall have analysis of audit results /
subsequent audit
NCs
Involvement of Top Management
1 Improvement in IMS effectiveness
/ HODs in to review process.
Gap analysis by process owner at
OPPORTUNITY 2 Improvement in IMS effectiveness
regular interval
To Identify hidden risk in the
3 Improvement in planning
process

 
 
IMS MANUAL Page 89 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3

1.3.6. KPIs
KPI Objective Formula UoM
Conduction of IMS internal
IMS Internal Audit audit minimum twice in a year Six Monthly Numbers
and as per planned schedule
% of Completed internal
Conduction of IMS internal
IMS Internal Audit audits in comparison to the %
audit as per planned schedule
internal audit planned
Timely reporting of internal The length of time for issuing
Audit Reporting days
audit observations / report internal audit reports
Creation of suitable
External Audit NCs/
observations w.r.t non-
Observations
Audit Reporting conformance in reference to Numbers
No. of Major audit findings &
standard, IMS Manual, DCP,
recommendations
OFIs, Good practices
Submission of corrective Within 3 weeks of audit /
Vacating NCs action & Closure of NCs with within time frame of Period
objective evidence proposed closure date
Presentation of audit summary
Audit summary
reports to HODs/Top Within 3 weeks of audit Period
report
Management
1) The progress in action
implementation of
Effectiveness of Evaluation of effectiveness of
audit recommendation %
internal audit Internal audit
2) Reduction in final
product rejections

 
IMS MANUAL Page 90 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4

1.4. Control of Non-conformance and Corrective Action


1.4.1. Process Flow
 

 
IMS MANUAL Page 91 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4

1.4.2. Process Notes

P1. Non-conformities, potential EHS risks and IS events will be identified during
manufacturing and throughout life cycle of the project through proactive monitoring of
various process parameters/ acceptance criteria, feedback from interested parties, risk
identification & analysis, customer voice, project review, internal and external
benchmarking and internal audits. NC may also be identified by the customer or relevant
interested parties.
P2. Incase of product NCs, the material, component, equipment shall be adequately
quarantined by placing at identified space/red tagging etc.(as applicable) in line with
correction requirement. In case of System NCs, EHS incident or IS events appropriate
action plan shall be taken based on proposed correction.
P3. Identify the appropriate corrections/containments action and nominated person/ team
considering impact of Non-Conformance/ incident/ IS events. The nominated person/
team will take appropriate corrections/containments action

P4. Relevant records of rework/ reject/ concessions/ risk mitigation to be maintained as


appropriate.

D1. Effectiveness of correction/ containments action verified by nominated person/ team.

P5. Team will be identified/ nominated for root cause analysis and bring out corrective
action plan.

P6. The nominated person/ CFT shall identify the root cause analysis within specified time
period.

P7. Nominated person/CFT shall identify/propose corrective action for avoiding


recurrence of in same or other site with in specified time period.

D2. Approval concerned head to be obtained before implementation of corrective actions.

P8. Corrective actions emerged out from root cause analysis to be implemented within
specified time interval based on the recommendation of nominated person/CFT.

P9 In case there is modification suggested by approving authority same shall be modified.

P10. The implementation of corrective action will be reviewed/evaluated also


effectiveness of the corrective plan checked.

P11. Effectiveness of corrective actions will be presented/reported to concerned


leadership team.

P12. The existing document will be updated incase same is necessitated (QA Plans, QA,
EHS & IT Risk assessment, Procedures, SOPs).

 
IMS MANUAL Page 92 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4

1.4.3. SIPOC
Trigger – Control of Non-conformance and Corrective Action
Frequency – Continuous
Supplier Input P Output Customer
Stakeholder feedback/
Process owner
process measurement/
Raise of Non through Vendor/
project review/ internal
conformity and contractor/ service
Interested parties audits/ Inspection, VOC/
quarantining product provider/SISCOL
NCR/ supplier or
from use project/functional
contractor evaluation,
incharge
deviation reports
Root Cause Analysis;
Nominated
Interested parties Non Conformity Report Correction; Corrective
person/CFT
Action
Effectiveness of
correction,corrective Leadership team/
Interested parties Non Conformity Report
action report/ Interested Parties
presentation

1.4.4. RASCI
Activity Responsible Accountable Support Consult Inform
Process
IMS Audit IMS Audit
owner/
Team/ Team/
P1. Identification MRs/HODs/ Executing
Interested Executing Executing
of Non Auditors Agency /
Parties Agency/PMG/ Agency/PMG/
Conformity Relevant
Field Services Field Services
Interested
Team Team
Party
P2. Immediate
segregation/
Process
quarantine the Functional
owner/
Non Conformity Process Team
Functional Executing
to avoid any Owner / Process members /
Team Agency /
unintended use Execution Owner Relevant
Members Relevant
of the same, as agency Interested
Interested
applicable (not Party
Party
applicable for
system NCs)
P3. Identification Process Execution
and containment Owner / Relevant agencies /
actions to be Execution Interested Process
Functional Functional
taken on the Non agency/ Party / Owner/
Head team members
Conformity along Concerned Execution Relevant
with nominated agencies Interested
responsibility. person Party
P4. Recording Process Functional Relevant Execution
Functional
status of action Owner/ Team Interested agencies /
Head
taken Execution Members Party / Process

 
IMS MANUAL Page 93 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4

(correction/ agency Execution Owner/


rework/reject/ agencies Relevant
concessions/risk Interested
mitigation) Party
Process
Owner/
D1. Verification
Execution Concerned Functional Functional
of correction Core /
agency/ nominated Team Team
taken as Central team
Concerned person/team Members members
effective?
nominated
person/team
P5. Nomination
of team/person
Process Process
for root cause Process
Owner/ Owner/
analysis of the Owner/
Execution Execution
identified non Functional Functional Execution
agency/ agency/
conformity Head/HOD Head/HOD agency/
Functional Functional
including EHS Functional
Team Team
Incident and IS Team Head
Members Members
events (As per
requirement)
Process Process
Process
Owner/ Owner/
Owner/
Nominated Nominated Execution Execution
P6. Root cause Execution
persons/ persons/ agency/ agency/
analysis of the NC agency/
team team Functional Functional
Functional
Team Team
Team Head
Members Members
P7. Identifying
Process Process
the corrective
Nominated Owner/ Owner/
actions to be
persons/ Nominated Execution Execution Process
implemented to
team / persons/ Agencies/ Agencies/ Owner/ other
avoid its
Process team Functional Functional stakeholder
reoccurrence in
Owner Team Team
the same or other
Members Members
projects
Process Process
Process Owner/ Owner/
Owner/ Execution Execution
D2. Seek approval
Nominated Execution Agencies/ Agencies/
for Functional
persons/ Agencies/ Functional Functional
implementation; Head/HOD
team Functional Team Team
Is approved?
Team Members/ Members/
Members Nominated Nominated
person/team person/team
P9. Functional Functional Functional
Process
Implementation Team Team Head/
Owner / Process
of output of RCA Members/ members / Process
Execution Owner
(Corrective Process Nominated owner/
agency
actions) Owner/ Person/team/ Executing

 
IMS MANUAL Page 94 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4

Execution Relevant Agency /


Agencies Interested Relevant
Party Interested
Party
Functional Functional
Functional
Team Team
Head/
P10. Modify Nominated Nominated Members/ Members/
Process
implementation persons/ persons/ Process Process
Owner/
plan team team Owner/ Owner/
Execution
Execution Execution
Agencies
Agencies Agencies
Functional Functional
P11. Review the Functional
Team Team
implementation Process Head/
Members/ Members/
and evaluate Owner / Functional Process
Process Process
effectiveness of Execution Heads Owner/
Owner/ Owner/
Corrective agency Execution
Execution Execution
actions Agencies
Agencies Agencies
P12.
Present/report Functional Functional
the effectiveness Team Team
Process
of corrective Members/ Members/
Owner / Functional HOD/Function
actions to Process Process
Execution Heads Heads
concerned HOD/ Owner/ Owner/
agency
PD/RCM/Leaders Execution Execution
hip team (as per Agencies Agencies
requirement)
P13. Updation of
existing Functional Functional
documents (QA Team Team
Plans, EHS, Risk Members/ Members/
Process Functional HOD/Function
assessment, IS Process Process
Owner Heads Heads
risk assessment, Owner/ Owner/
OCPs, Execution Execution
Procedures, Agencies Agencies
SOPs)

1.4.5. ROAM

Probable/ Sl. Possible Mitigation Plan/


Description
Envisaged No. Most-likely Benefits
NCs not identified during life All efforts to be done to identify and
1 cycle of project which results in raise NCs during life cycle of
failure of component/equipment project. Conducting periodic audits.
RISK Resolution of NCs kept on hold for All NCs shall be resolved with proper
2 longer time which delays progress corrective action within specified
of project or delivery schedule. time period
3 Irrelevant/ illogical or wrong RCA Support from experts to be taken for

 
IMS MANUAL Page 95 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4

done against NCs proper RCA


Correction/Corrective actions to be
Improper or ineffective corrective
4 verified for effective and proper
actions/correction
implementation.
Identification of NCs at right time
NCs can be resolved with proper
during execution of project or
1 corrective action and avoid failure
mfg. processes of
of component/equipment.
components/equipment
OPPORTUNITY
Benefit in smooth execution of New
2 Analysis of NCs
projects
Proper, logical RCA and effective
3 Arresting the recurrences.
implementation of CAs

1.4.6. KPIs
KPI Objective Formula UoM
Identification of
Within specified time by
Correction, 100% identification within Numbers of
Leadership Team/Functional
Corrective specified time days
Heads
Action, RCA
Within specified time by
100% identification within Numbers of
Resolution of NCs Leadership Team/Functional
specified time days
Heads
Arresting the cause of
Recurrence of
problem on account of same Zero recurrence Numbers
NCs
issue

 
IMS MANUAL Page 96 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5

1.5. Competency Development


1.5.1. Process Flow

 
IMS MANUAL Page 97 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5

1.5.2. Process Notes

P1. 1. The required job description for the position to be filled shall be identified by
Business Manager/HOD, prior to selection process.
2. The JD to be approved by Functional Head/HOD and sent to HR for further
processing
3. Competency Matrix Sheet gets generated, which captures the skill sets required
for all the process/levels/functions/personnel. This shall be made by HODs with
assistance from Training Team.
P2. During selection of the prospective employee, HR to scout and ensure personnel meets
the JD. Interview panel conducts the interview. Selection Process (in HR DCP) is also
referred to here.
P3. The gaps in the interview are captured in Interview Sheet, as well as during day to day
review and also during the appraisal process of the employee. Competency Matrix Sheet
gets filled for the function/level/process/personnel, and there by the gaps against the
required skill-sets gets emanated. This process shall be carried out prior to start of
financial year/issue of annual training calendar by Training Team; and as-and-when new
profile is necessitated.
P4. The gaps are the input for identification of training needs for the department/ of all
the personnel/profiles.
P5. The training needs are forwarded to Training Team for planning and execution of the
same. Updating the training needs in Records. Both the technical and behavioural training
needs to be identified.
P6. Training Team/HR/Ext. Agency conducts training programmes. Training feedback for
all the trainings to be obtained by Training Team and analysed for circulation to the
relevant interested parties.
D1. The effectiveness of the training imparted should be evaluated by Training Team along
with reporting manager within 3 months from the completion of training. Ref.: Training
Effectiveness Process of Training Team. Assess the gaps if the effectiveness is not up to
the mark for re-conducting the training (can be on-job/classroom
based/discussion/seminar etc.)
P7. Continuous/Regular/Periodic monitoring & updating the competence for re-mapping
and once-again the cycle begins.

1.5.3. SIPOC
Trigger – System for identifying the job requirements, job competence & identifying competency
gaps; obtaining training feedback, training effectiveness and subsequently enhancing the
competence of all the employees of SISCOL
Frequency – Continuous

 
IMS MANUAL Page 98 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5

Supplier Input P Output Customer


JD – Business
Managers;
Competence Existing and future
O1. Competency Department/
Reqmnt.: HR in business
Matrix Sheet Employees
discussion with requirement
DH/PDs/Business
Managers
Selection Process (in O2. Filled Interview HOD/FH/Training
Training Team
HR DACP) Sheet Team/HR
I1. Competency
I1. HOD/FH O3. Filled HOD/FH/Training
Matrix Sheet
I2. HR Competency Matrix Team/HR
I2. Interview Sheet
HOD/FH/Training Training Content/ O4. Training HOD/FH/Training
Team/HR Framework Feedback Team/HR
Training
O5. Training HOD/FH/Training
Training Team/HR Effectiveness
Effectiveness Report Team/HR
Framework

1.5.4. RASCI
Activity Responsible Accountable Support Consult Inform
P1. Identification of
various job profiles Head
Functional Training Top
along with detailed HOD Training/
Heads Team/HR Management
competence Head HR
requirements
P2. Selection of the Head
Functional Training Top
potential personnel for HOD Training/
Heads Team/HR Management
the identified job Head HR
P3. Identification of Head
Functional Top
gaps vis-à-vis HOD Employees Training/
Heads Management
competence required Head HR
P4. Identification of Head
Functional Top
training needs of all the HOD Employees Training/
Heads Management
personnel/profiles Head HR
P5. Forward the training
needs to HR for planning
Head
and execution of the Functional Top
HOD Employees Training/
same. Updating the Head Management
Head HR
training needs in
PODP/Records
P6. Conduct of training
programmes by
Training Top
Training/HR/Ext. HOD Faculty Employees
Team/HR Management
Agency and obtaining
training feedback
D1. Evaluation of Functional Head Top
Training Team Employee
effectiveness of training Head Training/ Management

 
IMS MANUAL Page 99 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5

Head HR
P7. Continuous/
Head
Regular/Periodic Functional Top
HOD Employee Training/
monitoring & updating Head Management
Head HR
the competence
Head
Functional Top
P8. Assess the gaps HOD Employee Training/
Head Management
Head HR

1.5.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Identify job and skill requirement
Selection of incompetent
1 and involve concerned personnel in
personnel
RISK selection process.
(What can go Wrong identification of required Proper identification of gap by
2
wrong?) gap senior people/HODs
Ineffective training to fill the Training effectiveness to be
3
gap evaluated
Selection of skilled and Improves the operational
1
competent personnel excellence
Proper / relevant gap identification
OPPORTUNITY 2 Competency gap identification
by HR with FHs
Evaluation of training Training to be ensured for
3
effectiveness effectiveness

1.5.6. KPIs
KPI Objective Formula UoM
Ensure the resource is
Selection of the
available for as per Prior to start of
potential personnel for Always
the JD (or close intended work
the identified job
match) requirement
Ensure the
Identification of gaps Competency Mapping
vis-a-vis competence is carried out and gaps 100% of the cases Always
required are identified in every
dept./project
As defined for
Increase in
the FY in the
Competency Levels of Pre and Post Training
Objective of % Increase
Personnel/Process/ interventions
HR/Function/
Function
Project
Conducting minimum
Training mandays per Training mandays
no. of mandays of Number
employee per employee
training

 
IMS MANUAL Page 100 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6

1.6. Management Review Meeting


1.6.1. Process Flow

 
IMS MANUAL Page 101 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6

1.6.2. Process Notes

P1.
1. MRM to be conducted on yearly basis
2. Project Review meetings/ Departmental review meeting
3. Quarterly Risk Review Meeting
4. MRM committee includes functional heads of SISCOL and for PRM etc. teams will be
constituted by respective Functional Heads.

P2. Information to be received at least one week prior to the MRM and it should include
various information related to projects & manufacturing like status of NCs / Audits,
Customer feedback, corrective action, internal reviews, ongoing progress etc.
P3.; P4 The agenda should be finalized based on the action points of last MRM, business
requirements, IMS requirements and shall be circulated to all concerned participants of
MRM committee one week prior to MRM, details for minimum MRM agenda point is
mentioned below.
P5. All the agenda points to be discussed during MRM.
P6. Discussion points to be noted during MRM and a minutes of MRM will be formed and
same needs to be circulated to MRM committee and relevant interested parties within 2
days of meet.
P7. IMS team will prepare action plan w.r.t points / issues discussed during MRM in
consultation with members of MRM committee and circulation of the same will be done to
all stakeholders for implementation.
D1. Completeness of the actions as per defined time frame.
P8. MRM committee member shall interact with stakeholders / process owner for
expediting of closure action plan taken.
P9. Recording of action take and Verification/effectiveness of points from previous MRM.
Minimum agenda for IMS Management Review Meeting:

● Status of actions from previous management reviews 


● Changes in external and internal issues relevant to IMS, including strategic
directions 
● Review of Context of the Organization
● Review of Needs & expectations of interested parties
● Information on IMS’s performance, including trends and indicators for: 
o Nonconformities and corrective actions 
o Monitoring and measurement results 
o Audit results 
o Customer satisfaction 
o Feedback from relevant interested parties 
o performance of external providers 
o process performance and conformity of products and services  

 
IMS MANUAL Page 102 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6

o the extent to which quality objectives have been met 


● Issues concerning external providers and other relevant interested parties 
● Adequacy of resources required for maintaining effective QMS 
● Process improvement and conformity of products and services 
● Effectiveness of actions taken to address risks and opportunities 
● New potential opportunities for continual improvement 

1.6.3. SIPOC
Trigger – Conduction of Management Review Meeting
Frequency – Once in a year
Supplier Input P Output Customer

● Status of actions from previous


management reviews 
● Changes in external and internal
issues relevant to IMS, including
strategic direction 
● Review of Context of the
Organization
● Review of Needs & expectations of
interested parties
● Information on IMS’s performance,
including trends and indicators for: 
o Nonconformities and
corrective actions 
o Monitoring and measurement
results 
o Audit results 
Functional o Customer satisfaction  Stake
o Feedback from relevant Agenda for
Heads, holders /
interested parties  MRM
Process intereste
o performance of external discussion
owner d parties
providers 
o process performance and
conformity of products and
services  
o the extent to which quality
objectives have been met 
● Issues concerning external providers
and other relevant interested parties 
● Adequacy of resources required for
maintaining effective QMS 
● Process improvement and conformity
of products and services 
● Effectiveness of actions taken to
address risks and opportunities 
● New potential opportunities for
continual improvement 

 
IMS MANUAL Page 103 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6

Process
Owner,
Quality / MOM and Functiona
EHS / IT Agenda For MRM Discussion  Action Plan of l Heads,
MRs MRM MRM
Participa
nts
Process
Owners /
MRs (QMS
Updated MRM Stakehold
/EHS / MOM and Action Plan of MRM 
Output ers
ISMS) /
functional
Heads

1.6.4. RASCI
Activity Responsible Accountable Support Consult Inform
Establish frequency
MR / MRM
for MRM and Top Process
Functional -   Committee /
constitution of MRM Management owner
Heads Stakeholders
committee
Receipt of
information from
various projects/
functions/
manufacturing Process
Process Functional MRM
facilities on Status of Owner / IMS HODs
Owners Heads Committee
NC/ audits/ customer Team
feedback/ Corrective
actions/ internal
reviews/ ongoing
progress etc.
Preparation Functional
Top MRM
Finalization of MR MR Heads / IMS
Management Committee
agenda for MRM Team
Circulation of agenda
to all the concerned MRM
MR MR IT Team -  
participants (MRM Committee
Committee)
Participants
Top Functional
Conduct of MRM MR -   of the
Management Heads
meeting
Preparation of
Top
minutes of MRM
Management MRM
including continual MR MR -  
/ MRM Committee
improvement issues,
Committee
Risk & Opportunities
Circulation of MR Top - Functional Stakeholder /

 
IMS MANUAL Page 104 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6

minutes of MRM for Management Heads Interested


implementation to all parties
the members
MRM
Top Top Functional
Review of actions - Committee /
Management Management Heads / MR
stakeholders
Recording of actions
Top Top Functional MRM
taken and review of -
Management Management Heads / MR Committee
effectiveness of MRM

1.6.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
● Agenda to be prepared in
advance by considering all
the important/critical issues
Missing of important/critical and an effective review to be
1
issues done before finalization. 
● Emergency MRM can be
RISK
organised in case of
exigency. 
MRM to be attended by all HODs
with defined agenda and all records
2 Ineffectiveness of MRM
to be kept for reference and action
plans
Platform to identify, review and Helps for smother execution of IMS
OPPORTUNITY 1
monitor important/critical issues and various business processes

1.6.6. KPIs
KPI Objective Formula UoM
Conduction of MRM to ensure
MRM As defined Period
healthiness of QMS/IMS
Review of all the agenda
All the agenda points to be
MRM points mentioned in MRM %
reviewed / discussed
agenda

 
IMS MANUAL Page 105 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7

1.7. Objective Setting


1.7.1. Process Flow
 

 
IMS MANUAL Page 106 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7

1.7.2. Process Notes


● P1. Thrust areas/Strategy map of SISCOL are identified at the start of FY 
● Mission & Vision statement, IMS Policy, context of the organization, market trends,
competitor analysis etc. will become the bare minimum input for this workshop. 
● P2. All the Thrust areas are communicated to Department Heads within 1 week for
identification and finalization of their departmental objectives. 
● P3; P4. Identification & Finalization of Departmental objectives and its approval by
leadership team shall be completed as per HR timelines. 
● P5. P6 Objective of Department once approved by Leadership team shall be shared
within the function and based on the objectives setting shall be carried out at sub
function levels as per HR timelines. 
● D1. Review of the objective setting shall be done by Functional Heads. 
● P7. Approval of Objective setting shall be done with identification of training
needs. 
● D2. Midterm review of objective shall be conducted by Reporting Manager/HODs  
● P8. Any changes and action plan shall be communicated and implemented. 
● P9. Update actions on regular basis as and when required. 
● Adequacy of resources required for maintaining effective IMS 

1.7.3. SIPOC
Trigger – Objective setting
Frequency – Yearly
Supplier Input P Output Customer
Top
Management Business
L&T Power Mission/ Vision/ Policy/
Front End Units &
market trends/ competitor analysis / Thrust Area
Marketing Functional
Results of KPIs / Context of Organization
Corporate Heads
Strategy
Thrust area
HR Head Functional
L&T Power Mission/ Vision/ Policy/ Departmental
Top Team
market trends/ competitor analysis / Objectives
Management members
Results of KPIs
Functional /
Functional
Department Process /
Approved Departmental objectives Team
Head individual
Members.
objectives

1.7.4. RASCI
Activity Responsible Accountable Support Consult Inform
Identification of Top Top Functional Business Functional
SISCOL’s Thrust Area Management Management Heads Strategy Heads
IT Top
Communication of Business
Head HR Head HR Departmen Management
Thrust Areas to HODs Strategy
t / Functional

 
IMS MANUAL Page 107 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7

Heads
Identification and
finalisation of
Functional
Department / Project Department Department
Team Head HR Head HR
objectives / KPIs of Head Head
Members
Functions Level /
Process
Approval of objective Top Top
HR HR HR
by leadership Management Management
Sharing/communication Functional
Department Department
of approved objective HR HR Team
Head Head
within the function members
Functional
Team
Objective setting by Functional in Department
HR Members / HR
Individual charge Head
Process
Owners
Review & Approval of
Department Department Functional
objectives by - HR
Heads Heads in charges
Department Heads
Functional
Midterm review of Department Department Functional
Team HR
objectives Heads Heads in charges
members
HR /
Functional
Updating of actions on Department Department Functional Functional
Team
regular basis Heads Heads in charges Team
members
Members

1.7.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Missing the link of objectives Objectives shall be approved by
1 among organization, departments assigned authorities, and link to be
and individuals. ensured by proper communication
Care to be taken by ensuring SMART
Possibility of identifying non-
RISK 2 objectives by approving KPI by
measurable objectives
assigned authorities.
Regular monitoring to be done by
Missing or failure of objectives by
3 individual and same is ensured
misdirecting the efforts/work
through MTR.
Establishing link among the
Efforts to be directed to achieve
1 organization, departments and
objectives
individuals
OPPORTUNITY Objectives will be effective and
2 Ensuring to take SMART objectives
beneficial.
Clear Guidelines / work
3 Better Employee Engagement
instructions in form of objective

 
IMS MANUAL Page 108 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7

1.7.6. KPIs

KPI Objective Formula UoM


To set measurable objectives for
Objective Setting Numbers days
SISCOL at start of FY
7 days from the
To set measurable objectives for
Objective Setting formation of SISCOL’s days
Departments
objectives
14 days from the
To set measurable objectives for
Objective Setting formation of SISCOL’s days
function/level/employees
objectives
Mid-year review of performance
objectives for
Mid-Year Review October days
organization/department/
function/level/employees
Final year review of performance
objectives for
Final Year Review March days
organization/department/
function/level/employees

 
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL

ANNEXURE - C

TERMS &
DEFINITIONS
IMS MANUAL Page 109 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

TERMS & DEFINITIONS

Risk that has been reduced to a level that can be tolerated by the
Acceptable Risk organization having regard to its objectively to determine the extent to
which “audit criteria” are fulfilled
means to ensure that access to assets is authorized and restricted based on
Access Control
business and security requirements.
Algorithm or calculation combining one or more base measures and/or
Analytical Model
derived measures with associated decision criteria.
Any tangible or intangible thing or characteristic that has value to an
Asset
organization
Systematic, independent and documented process for obtaining audit
Audit objective evidence and evaluating it objectively to determine the extent to
which audit criteria are fulfilled
Set of policies, procedures or requirements used as a reference against
Audit Criteria
which objective evidence is compared
Records, statements of fact or other information which are relevant to the
Audit Evidence
audit criteria and verifiable
Results of the evaluation of the collected audit evidence against audit
Audit Findings
criteria
Audit Scope Extent and boundaries of an audit
Something is available if it is accessible and usable when an authorized
Availability
entity demands access
Property of being accessible and usable upon demand by an authorized
Availability
entity (ISO 27000)
Set of one or more audits planned for a specific time frame and directed
Audit Programme
towards a specific purpose
Audit Plan Description of the activities and arrangements for an audit
Outcome of an audit, after consideration of the audit objectives and all
Audit Conclusion
audit findings
Audit Client Organization or person requesting an audit
Auditee Organization being audited
One or more persons conducting an audit, supported if needed by technical
Audit Team
experts
Auditor Person who conducts an audit
Authentication Provision of assurance that a claimed characteristic of an entity is correct
Authenticity Property that an entity is what it is claims to be
any unauthorized attempt to access, use, alter, expose, steal, disable, or
Attack
destroy an asset or information
Attempt to destroy, expose, alter, disable, steal or gain unauthorized access
Attack
to or make unauthorized use of an asset
Business It is a capability of an organization to continue its business of delivering its

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 110 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

Continuity products and services at acceptable predefined levels after disruptive


incidents occur. Organizations use business continuity procedures and
processes to help ensure that operations continue after disruptive incidents
occur
Measure (2.47) defined in terms of an attribute (2.4) and the method for
Base Measure
quantifying it
Ability of an object to realize an output that will fulfill the requirements for
Capability
that output
Competence Ability to apply knowledge and skills to achieve intended results
Continual
Recurring activity to enhance performance
Improvement
The property that information is not made available or disclosed to
Confidentiality
unauthorized individuals, entities or processes
Correction Action to eliminate a detected nonconformity
Corrective Action Action to eliminate the cause of a nonconformity and to prevent recurrence
Customer Customer’s perception of the degree to which the customer’s expectations
Satisfaction have been fulfilled
Customer
Promises, made to customer by an organization concerning its behavior, that
Satisfaction code
are aimed at enhanced customer satisfaction and related provisions.
of conduct
Context of the combination of internal and external issues that can have an effect on an
Organization organization’s approach to developing and achieving its objectives
is any administrative, managerial, technical, or legal method that is used to
Control
modify or manage information security risk
Control Measure that is modifying risk (ISO 27000)
Consequence Outcome of an event affecting objectives
Person or organization that could or does receive a product or a service that
Customer
is intended for or required by this person or organization
Activities for control of the output after formal approval of its product
configuration information. Changes to the organization, business processes,
Change Control
information processing facilities and systems that affect information security
shall be controlled
An information security control objective is a statement that describes what
Control
organization’s information security controls are expected to achieve.
Objectives
Statement describing what is to be achieved as a result of implementing
Control Objective
controls (ISO 27000)
Continual is a set of recurring activities that are carried out in order to enhance the
Improvement performance of processes, products, services, systems, and organizations.
Contract Binding agreement
Conformity Fulfilment of a requirement
Interrelated functional and physical characteristics of a product or service
Configuration
defined in product configuration information

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 111 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

Approved product configuration information that establishes the


Configuration
characteristics of a product or service at a point in time that serves as
base line
reference for activities throughout the life cycle of the product or service
Formalized recording and reporting of product configuration information, the
Configuration
status of proposed changes and the status of the implementation of
status accounting
approved changes
Competence Ability to apply knowledge and skills to achieve intended results
Expression of dissatisfaction made to an organization, related to its product
Complaint or service, or the complaints-handling process itself, where a response or
resolution is explicitly or implicitly expected
Interaction of the organization with the customer throughout the life cycle
Customer Service
of a product or a service
Permission to use or release a product or service that does not conform to
Concession
specified requirements
Audit carried out together at a single auditee on two or more management
Combined Audit
systems
Collection of values assigned to base measures, derived measures and/or
Data
indicators
Defect Nonconformity related to an intended or specified use
Design and Set of processes that transform requirements for an object into more
Development detailed requirements for that object
Document Information and the medium on which it is contained
Documented Information required to be controlled and maintained by an organization and
Information the medium on which it is contained
Activity to find out one or more characteristics and their characteristic
Determination
values
Effectiveness Extent to which planned activities are realized and planned results achieved
Event Occurrence or change of a particular set of circumstances
Surroundings in which an organization operates, including air, water, land,
Environment
natural resources, flora, fauna, humans, and their interrelation
Environment Element of an organization’s activities, products or services that can interact
Aspect with the environment
Environment Any change to the environment, whether adverse or beneficial, wholly or
Impact partially resulting from an organization’s activities, products or services
Environmental
Part of an organization's management system used to develop and implement
Management
its environmental policy and manage its environmental aspects
System (EMS)
Environment Overall environmental goal, arising from the environmental policy, that an
Objective organization sets itself to achieve, and which is quantified where practicable
Measurable results of the environmental management system, related to an
Environmental
organization’s control of its environmental aspects, based on its
Performance
environmental policy, objectives and targets
Environmental Overall intentions and direction of an organization related to its

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 112 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

Policy environmental performance as formally expressed by top management


Detailed performance requirement, quantified where practicable, applicable
Environment to the organization or parts thereof, that arises from the environmental
Target objectives and that needs to be set and met in order to achieve those
objectives
External environment in which the organization seeks to achieve its
External Context
objectives
Supplier that is not part of the organization for providing a product or a
External Supplier
service
Opinions, comments and expressions of interest in a product, a service or a
Feedback
complaints-handling process
Governance of
System by which an organization’s information security activities are
Information
directed and controlled
Security
Category or rank given to different requirements for an object having the
Grade
same functional use
Guide Person appointed by the auditee to assist the audit team
The steps that are taken to achieve objectives and implement policies.
Guidelines
Guidelines clarify what should be done and how
Source, situation, or act with a potential for harm in terms of human injury
Hazard
or ill health, or a combination of these
Hazard
Process of recognizing that a hazard exists and defining its characteristics
Identification
Human Factor Characteristic of a person having an impact on an object under consideration
Identifiable, adverse physical or mental condition arising from and/or made
Ill Health
worse by a work activity and/or work-related situation
Work-related events in which an injury or ill health (regardless of severity)
Incident
or fatality occurred, or could have occurred
System of facilitates, equipment & services needed for the operation of an
Infrastructure
organization
Information Need Insight necessary to manage objectives, goals, risks and problems
Information
Any information processing system, service or infrastructure, or the physical
Processing
location housing it
Facilities
Information Applications, services, information technology assets, or other information
System handling components
Preservation of confidentiality, integrity and availability of information; in
Information
addition, other properties such as authenticity, accountability, non-
Security
repudiation and reliability can also be involved
Information
Processes and procedures for ensuring continued information security
Security
operations
Continuity
Information Identified occurrence of a system, service or network state indicating a

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 113 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

Security Event possible breach of information security policy or failure of controls, or a


previously unknown situation that may be security relevant
A single or a series of unwanted or unexpected information security events
Information
that have a significant probability of compromising business operations and
Security Incident
threatening information security
Information
Processes for detecting, reporting, assessing, responding to, dealing with,
Security Incident
and learning from information security incidents
Management
Information
That part of the overall management system, based on a business risk
Security
approach, to establish, implement, maintain, operate, monitor, review, and
Management
improve information security
System (ISMS)
Inspection Determination of conformity to specified requirements
Person or organization that can affect, be affected by, or perceive itself to
Interested Party
be affected by a decision or activity (ISO 9001)
Person or group concerned with or affected by the environmental
Interested Party
performance of an organization (ISO 14001)
Person or group, inside or outside the work place, concerned with or
Interested Party
affected by the OH&S performance of an organization (OHSAS 18001)
Person or organization (2.57) that can affect, be affected by, or perceive
Interested Party
themselves to be affected by a decision or activity (ISO 27000)
Internal environment in which the organization seeks to achieve its
Internal Context
objectives
Systematic, independent and documented process for obtaining audit
evidence and evaluating it objectively to determine the extent to which the
Internal Audit
environmental management system audit criteria set by the organization are
fulfilled
The property of safeguarding the accuracy and completeness of assets
Integrity
(Property of accuracy and completeness)
Improvement Activity to enhance performance
Joint Audit Audit carried out at a single auditee by two or more auditing organizations.
Magnitude of a risk expressed in terms of the combination of consequences
Level of Risk
and their likelihood
Likelihood Chance of something happening
Management Coordinated activities to direct & control an organization
Measuring instrument, software, measurement standard, reference material
Measuring
or auxiliary apparatus or combination thereof necessary to realize a
Equipment
measurement process
Management Set of interrelated or interacting elements of an organization to establish
System policies and objectives and processes to achieve those objectives
Metrological Set of operations required to ensure that measuring equipment conforms to
Confirmation the requirements for its intended use
Measure Variable to which a value is assigned as the result of measurement

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 114 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

Measurement
Set of interrelated or interacting elements necessary to achieve metrological
Management
confirmation and control of measurement processes
System
Is a process that is used to determine a value. In the context of information
security management, measurement is a process that is used to obtain
Measurement
information about the effectiveness of an Information Management System
(ISMS) and the controls that it uses
Measurement
Algorithm or calculation performed to combine two or more base measures
Function
Measurement Logical sequence of operations, described generically, used in quantifying an
Method attribute with respect to a specified scale
Measurement One or more indicators and their associated interpretations that address an
Results information need
Mission Organization’s purpose for existence as expressed by top management
Determining the status of a system, a process, a product, a service, or an
Monitoring
activity
Monitoring Determining the status of a system, a process or an activity (ISO 27000)
Measurement
Set of operations to determine the value of a quantity
Process
Nonconformity Non fulfillment of a requirement or a failure to meet a requirement
Ability to prove the occurrence of a claimed event or action and its
Non-Repudiation
originating entities
Observer Person who accompanies the audit team but does not act as an auditor
person or group of people that has its own functions with responsibilities,
Organization
authorities and relationships to achieve its objectives
Make an arrangement where an external organization performs part of
Outsource
organization’s function or process
Object Item characterized through the measurement of its attributes
Objective Result to be achieved
Output Result of a process
Objective
Data supporting the existence or verify of something
Evidence
Occupational Conditions and factors that affect, or could affect the health and safety of
Health and Safety employees or other workers (including temporary workers and contractor’s
(OH&S) personnel), visitors or any other person in the workplace
OH&S
Part of an organization’s management system used to develop and
Management
implement its OH&S policy and manage its OH&S
System
OH&S goal, in terms of OH&S performance, that an organization sets itself to
OH&S Objective
achieve
OH&S
Measurable results of an organization’s management of its OH&S risks
Performance
OH&S Policy Overall intentions and direction of an organization related to its OH&S

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 115 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

performance as formally expressed by top management


Person or group of people that has its own functions with responsibilities,
Organization
authorities and relationships to achieve its objectives
Make an arrangement where an external organization performs part of an
Outsource
organization’s function or process
Action to eliminate the cause of a potential nonconformity or other potential
Preventive action
undesirable situation
Use of processes, practices, materials, or products that avoid, reduce or
Prevention of
control pollution, which may include recycling, treatment, process changes,
Pollution
control mechanisms, efficient use of resources and material substitution
Procedure Specified way to carry out an activity or a process
Output of an organization that can be procured without any transaction
Product
taking place between the organization and the customer
Product
Requirement or other information for product design, realization,
Configuration
verification, operation and support
Information
Set of interrelated or interacting activities that use resources to transform
Process
inputs into outputs. (Inputs to deliver an intended results)
Set of interrelated or interacting activities which transforms inputs into
Process
outputs (ISO 27000)
Unique process consisting of a set of coordinated & controlled activities with
Project start & finish dates, undertaken to achieve an objective conforming to
specific requirements including the constraints of time, cost & resources
Intentions and direction of an organization as formally expressed by its top
Policy
management
Performance Measurable result
Degree to which a set of inherent characteristics of an object fulfils
Quality
requirements
Part of quality management focused on providing confidence that quality
Quality Assurance
requirements will be fulfilled
Quality Control Part of quality management focused on fulfilling quality requirements
Quality Policy Policy related to quality
Quality
Management with regard to quality
Management
Quality Manual Specification for the quality management system of an organization
Quality Plan Specification for the quality management system of an organization
part of quality management focused on setting quality objectives and
Quality Planning specifying necessary operational processes, and related resources to achieve
the quality objectives
Quality Part of quality management focused on increasing the ability to fulfil quality
Improvement requirements
Quality
Part of a management system with regard to quality
Management

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 116 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

System
Quality
Management Process of establishing, documenting, implementing, maintaining and
System continually improving a quality management system
Realization
Quality
Requirement related to quality
Requirement
Quality Objective Objective related to quality
Document stating results achieved or providing evidence of activities
Record
performed
Residual Risk The risk remaining after risk treatment
Reliability Property of consistent intended behavior and results
Determination of the suitability, adequacy or effectiveness of the subject
Review
matter to achieve established objectives
Review Object Specific item being reviewed
Review Objective Statement describing what is to be achieved as a result of a review
Rework Action on a nonconforming product to make it conform to the requirements
Need or expectation that is stated, generally implied or obligatory, by an
Requirement
organization, its customers, or other interested parties
Regulatory Obligatory requirement specified by an authority mandated by a legislative
Requirement body
Action on a nonconforming product or service to make it acceptable for the
Repair
intended use
Risk Effect of uncertainty on objectives
Combination of the likelihood of the occurrence of a hazardous event or
Risk exposure(s) and the severity of the injury or ill health that can be caused by
the event or exposure(s) (OHSAS 18001)
Risk Acceptance Decision to accept a risk
Risk Acceptance Informed decision to take a particular risk (ISO 27000)
Risk criteria are terms of reference and are used to evaluate the significance
Risk criteria or importance of an organization’s risks. They are used to
Determine whether a specified level of risk is acceptable or tolerable
Terms of reference against which the significance of risk is evaluated
Risk Criteria
(ISO 27000)
Risk Assessment overall process of risk identification, risk analysis and risk evaluation
Risk Identification Process of finding, recognizing and describing risks
Risk Analysis Process to comprehend the nature of risk and to determine the level of risk
Risk Continual and iterative processes that an organization conducts to provide,
Communication share or obtain information, and to engage in dialogue with stakeholders
and Consultation regarding the management of risk
Process of comparing the results of risk analysis with risk criteria to
Risk Evaluation
determine whether the risk and/or its magnitude is acceptable or tolerable

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 117 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

Co-ordinated activities to direct and control an organization with regard to


Risk Management
risk
Systematic application of management policies, procedures and practices to
Risk Management
the activities of communicating, consulting, establishing the context and
Process
identifying, analysing, evaluating, treating, monitoring and reviewing risk
A risk owner is a person or entity that has been given the authority to
Risk Owner
manage a particular risk and is accountable for doing so
Process of selection and implementation of measures/controls to modify risk
Risk Treatment
(Process to modify risk)
Security
Implementation Document specifying authorized ways for realizing security
Standard
Person or organization that can affect, be affected by, or perceive
Stakeholder
themselves to be affected by a decision or activity
Documented statement describing the control objectives and controls that
Statement of are relevant and applicable to the organization’s Information Security
Applicability Management System (ISMS). It also give justification for inclusion or
exclusion of controls
System Set of interrelated or interacting elements
Supplier Organization that provides a product or a service
Strategy Plan to achieve a long-term or overall objective
Statutory
Obligatory requirement specified by a legislative body
Requirement
Success Achievement of an objective
Sustained Success Success over a period of time
Output of an organization with at least one activity necessarily performed
Service
between the organization and the customer
Determination according to requirements for a specific intended use or
Test
application
Traceability Ability to trace the history, application or location of an object
Potential cause of an unwanted incident, which may result in harm to a
Threat
system or organization (ISO 27000)
Person or group of people who directs and controls an organization at the
Top Management
highest level
Technical Expert Person who provides specific knowledge or expertise to the audit team
Trusted
Information Autonomous organization supporting information exchange within an
Communication information sharing community
Entity
Particular quantity, defined and adopted by convention, with which other
Unit of
quantities of the same kind are compared in order to express their
Measurement
magnitude relative to that quantity
Validation Confirmation, through the provision of objective evidence, that the

UNCONTROLLED DOCUMENT IF PRINTED


IMS MANUAL Page 118 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C

requirements for a specific intended use or approach have been fulfilled


Confirmation, through the provision of objective evidence that specified
Verification
requirements have been fulfilled
Vulnerability Weakness of an asset or control that can be exploited by one or more threats
Aspiration of what an organization would like to become as expressed by top
Vision
management
Work
Set of condition under which work is performed
Environment

UNCONTROLLED DOCUMENT IF PRINTED