: SISCOL-IMS-MANUAL
Integrated Management System EFF.
Page 1 of xx
DT.
Rev. No.: 00
: 1stJune, 2011
Eff. Dt.: 6th February, 2018
DOC NO: LNTP/IMS REV NO: 00
MANAGEMENT
PREPARED BY REVIEWED BY APPROVED BY
SYSTEM
QMS
ISMS
31.01.2018 03.02.2018 05.02.2018
AUTHORISED BY
Ravi Uppal
Chairman & Managing Director
06.02.2018
Head Office: 806, Kailash Building, 26 K G Marg, New Delhi - 110 001, INDIA
Manufacturing Setup: Bhilai, Chattisgarh, INDIA and Design Office: Bangalore, INDIA
IMS MANUAL Page 2 of 118
Eff.: 6th Feb, 2018
AMENDMENT HISTORY Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.2
AMENDMENT HISTORY
Chapter Page
Content
No. No
0.1 Cover Page 01
0.2 Amendment History 02
0.3 Table of Contents 03
0.4 Manual Authorization 04
0.5 Abbreviations 05 – 06
0.6 Mapping of Clauses 07 - 10
1 Introduction 11 – 13
2 Administration of Manual 14 – 15
3 IMS Policy 16
4 Context of the Organization 17 – 20
5 Leadership 21 – 25
6 Planning 26 – 32
7 Support 33 – 41
8 Operation 42 – 60
9 Performance Evaluation 61 – 68
10 Improvement 69 – 72
Annexure A List of Documented Information 73 - 74
Common Processes
B.1. Control of Documented Information (LNTP-CP-01) 75 – 79
B.2. Risk and Opportunity Identification, Assessment,
80 – 84
Implementation and Reviewing effectiveness (LNTP-CP-02)
Annexure B B.3. Internal Audit (LNTP-CP-03) 85 – 89
B.4. Non-Conformance & Corrective Action (LNTP-CP-04) 90 – 95
B.5. Competence Development (LNTP-CP-05) 96 – 99
B.6. Management Review Meeting (LNTP-CP-06) 100 – 104
B.7. Objective Setting (LNTP-CP-07) 105 – 108
Annexure C Terms & Definitions 109 - 118
This IMS Manual describes the Quality, Environment, Occupational, Health & Safety and
Information Security Management Systems’ requirements adopted by SISCOL and has been
formulated as per the requirements of ISO 9001:2015, ISO 14001:2015, OHSAS 18001:2007
and ISO 27001:2013.
All Directors and Functional Heads are responsible for ensuring compliance with the
requirements mentioned in this manual. They have the authority to form an appropriate
organization for discharging their functions, responsibilities and resolving non-conformities
within their departments.
Chairman & Managing Director designates Head – Quality, EHS & Training as Management
Representative (MR) for IMS. The MR has the organizational freedom and responsibility to:
Implement and maintain this manual with the objective of continual improvement and
to prevent non-conformities
Assess the compliance through internal audits and identify non-conformities, to initiate
necessary corrective action with the involvement and support of all the relevant
functions, monitor and verify the same; for ensuring improvement in organizational
processes
Provide feedback to the Management about the performance of the Integrated
Management System
The Management Representative has the authority to stop any work which is not in accordance
with this manual and/or the specified requirements.
New Delhi
Date: 06.02.2018
Ravi Uppal
Chairman & Managing Director
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 5 of 118
Eff.: 6th Feb, 2018
ABBREVATIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.5
ABBREVATIONS
MAPPING OF CLAUSES
ISO ISO OHSAS ISMS
Clause Description
9001:2015 14001:2015 18001:2007 27001:2013
Understanding the
organization and its 4.1 4.1 4.1 4.1
context
Understanding the needs
and expectations of 4.2 4.2 4.1 4.2
interested parties
Determining the scope of
the integrated 4.3 4.3 4.1 4.3
management system
Integrated management
4.4 4.4 4.1 4.4
system and its processes
Leadership and
5.1 5.1 - 5.1
commitment
Leadership and
5.1.1 5.1.1 4.1 5.1
commitment (General)
Leadership and
commitment (Customer 5.1.2 5.1.2 4.3.2 5.1
focus)
IMS Policy 5.2 5.2 4.2 5.2
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 8 of 118
Eff.: 6th Feb, 2018
MAPPING OF CLAUSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.6
programs (planning to
achieve them)
Planning of changes 6.3 6.3 4.3.3 -
Resources (General,
People, Infrastructure,
7.1 7.1 4.4.1 7.1
Environment for the
operation of processes)
Monitoring and measuring
resources
7.1.5 - - -
General 7.1.5.1 7.1 4.4.1 -
Measurement traceability 7.1.5.2 7.1 4.4.1 -
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 9 of 118
Eff.: 6th Feb, 2018
MAPPING OF CLAUSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.6
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 10 of 118
Eff.: 6th Feb, 2018
MAPPING OF CLAUSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 0.6
& Response
Monitoring,
measurement, analysis 9.1 9.1 4.5 9.1
and evaluation
Internal Audit 9.2 9.2 4.5.5 9.2
4.2 / 4.3.3 /
Management Review 9.3 9.3 9.3
4.5.3/4.6
4.2 / 4.3.3 /
Improvement (General) 10.1 10.1 10
4.6
Nonconformity and
10.2 10.2 4.5.3 10.1
corrective action
Incident investigation - - 4.5.3.1 -
4.2 / 4.3.3 /
Continual improvement 10.3 10.3 10.2
4.6
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL
CHAPTER - 1
INTRODUCTION
IMS MANUAL Page 11 of 118
Eff.: 6th Feb, 2018
AUTHORIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 1
1.1 PURPOSE
and constant quest for top-class quality enables SISCOL to remain competitive
and sustain leadership position.
Performance
monitoring/
Contract Review/
internal audits/
Signing data analysis
D&D Planning,
Review, V&V
IMS MANUAL
Customer Feedback
Cusomer Requirements
AUTHORIZATION
Enabling
Overall Processflow
Risk Functions/Support
Engineering SCM QM & EHS Construction Commissioning
Delivery to
Planning Product/
Source & In-process Final customers
& Service/ Installation &
Procurement Receipt inspection inspection and After
Resource Project Comissioning
inspection Sales
allocation Realization
Service
CHAPTER - 2
ADMINISTRATION OF
MANUAL
IMS MANUAL Page 14 of 118
Eff.: 6th Feb, 2018
ADMINISTRATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 2
2.1 INTRODUCTION
This IMS Manual describes the Quality, Environment, Occupational Health &
Safety (OH&S) and Information Security Management Systems requirements
adopted by SISCOL. This manual lists down the procedures and measures
stipulated for ensuring the quality of products and services through use of safe
and environmental friendly work practices. This manual includes policies,
processes, broad risk assessment methodology and controls for ensuring
information security.
The Integrated Management System has been formulated on the basis of ISO
9001, ISO 14001, OHSAS 18001 and ISMS 27001. This section titled “IMS
Manual Administration” explains the Structure, Issue, Updating and Approval of
the Integrated Management Systems Manual. This manual and the information
incorporated herein are the property of SISCOL. It must not be reproduced in
whole or in part or otherwise, disclosed without prior consent in writing from
SISCOL.
This Manual is available as PDF/ XPS file at all the relevant locations. No hard
copy of the manual is being distributed unless otherwise required, as this
manual becomes uncontrolled document if printed.
Note: If this manual is revised or updated, then the older version gets
superseded
When revisions take place, the revisions are indicated by the revision number
in the document and recorded in the Amendment History (Chapter 0.2) of this
manual. As suitable, the manual may be re-issued when sufficient no. of
amendments have been made in it or on account of major changes to the
requirements of the standards in Quality, Environment, OH & S and ISMS
Management Systems.
CHAPTER - 3
IMS POLICY
IMS MANUAL Page 16 of 118
Eff.: 6th Feb, 2018
IMS POLICY Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 3
CHAPTER - 4
CONTEXT OF THE
ORGANIZATION
IMS MANUAL Page 17 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4
4.1 PURPOSE
To describe a system for understanding the organizations and its context along
with needs and expectations of interested parties and identification of internal
& external issues, that can impact on the planning of the quality management
system & operations.
4.2 SCOPE
Covers all activities under the scopes of the following Management Systems:
a) Quality Management System (QMS)
b) Environment Management System (EMS)
c) Occupational Health and Safety Assessment Series (OHSAS)
d) Information Security Management System (ISMS)
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 18 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4
This manual describes the core elements of Management Systems & their
interaction and provides directions to the execution of various processes.
The manual includes:
a) Scope, boundaries and exclusions including justifications for the same
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 19 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4
4.5.1.1 All the applicable major processes under the ambit of SISCOL have been
identified and their interaction is depicted in the overall flow chart (Chapter - 1).
4.5.1.2 SISCOL determines the inputs required and the outputs expected, assigning
of responsibilities and authorities, addressing the risks and opportunities for
each of the processes (by defining SIPOC, RASCI, ROAM etc. as one of the
methods) in its DCP and allied documents
4.5.1.3 Criteria for operation & control of these processes are defined in various
DACPs, Flow Charts, Operation Control Procedures, Work Instructions,
Control Objectives, SOPs as applicable at relevant stages of the processes
4.5.1.4 During the complete life cycle of the manufacturing and project
management/execution, relevant information and adequate resources are
ensured, so that these processes are carried out & monitored in a controlled
manner
4.5.1.5 To ensure that all the identified processes continue to remain effective,
these are monitored through regular process/project/product/system audits
& reviews as per the responsibilities defined in IMS manual, DCPs,
Procedures, SOPs etc.
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 20 of 118
Eff.: 6th Feb, 2018
CONTEXT OF THE ORGANIZATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 4
4.5.1.6 As per the organizational mandate and business requirements, time bound
key performance indicators (KPIs) are identified and monitored for their
realization.
IMS
Manual
(Level-1)
Department Control
Procedures - DCPs
(Level - 2)
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL
CHAPTER - 5
LEADERSHIP
IMS MANUAL Page 21 of 118
Eff.: 6th Feb, 2018
LEADERSHIP Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 5
5.1 PURPOSE
To describe the Leadership engagement, accountability & commitment for
establishing, implementing, sustaining, creating awareness & continually
improving the Quality, EHS and Information Security Management Systems
and integrating the requirements of the management system into core
business to achieve its intended outcomes.
5.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1 of this document.
5.4.1.1 General
ISO 9001 (5.1.1), ISO 14001 (4.1), OHSAS 18001 (4.1) & ISO27001 (5.1)
SISCOL’s Top Management is committed to customer focus and ensures that all
the requirements of the customers & other interested parties are determined,
understood & consistently met with respect to Quality, EHS and Information
Security MS, including all the applicable legal & other requirements and these
requirements are fulfilled with the aim of enhancing their satisfaction. While
reviewing the requirements, the implied needs and expectations of the
customer and interested parties are also identified. The same are
communicated to the respective functions in the organization for ensuring their
compliance and to determine how these requirements apply to system
5.4.2 Policy
ISO 9001 (5.2), ISO 14001 (5.2), OHSAS 18001 (4.2), ISO27001 (5.2)
The team for conducting internal audit are identified by Top Management
along with MR who conducts periodic audit of IMS and further the audit
observations are reviewed by top management in project / department /
management review meeting to ensure that conformity and integrity of the
IMS are maintained as planned. The issues related customer are prioritized
and tracked by top management for early resolution. If required necessary
changes are made in the system and communicated for implementation. A
review mechanism is put in place to have an effective management system
approach.
CHAPTER - 6
PLANNING
IMS MANUAL Page 26 of 118
Eff.: 6th Feb, 2018
PLANNING FOR IMS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 6
6.1 PURPOSE
To describe the approach of organization to plan, implement the actions, to
address risk & opportunities and establishment of IMS objectives and planning
to achieve it. To define a system for planning and implement the changes in
IMS.
6.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1
SISCOL has identified the risk and opportunity pertaining to all the process and
mentioned as documented information in DCPs, which may be revised based on
necessary changes proposed or derived while executing the process.
SISCOL has integrated the actions to address these risks and opportunities
into its IMS processes using the PDCA cycle (SISCOL-CP-02). Based on risks
identified, SISCOL is committed to address following:
Avoiding the risk, where the only option is not to go forward with an
activity or to withdraw from it
Taking risk, where risks have desirable potential consequences
Altering risk, to optimize potential opportunities and minimize threats
Transferring risk by measures including insurance, contractual
arrangements, partnerships and joint ventures
Retain risk, where no worthwhile controls actions are feasible and the risk
is within the organization’s risk tolerance
Removing the source of the risk by using alternate or new methods /
technologies
Suitably EAI, OH&S and IS risk assessment is carried out for implementation of
necessary control measures. The results of these assessments identified
significant impacts & risks and controls are considered in setting its IMS
objectives. The information on the assessments is documented and kept
updated through on-going processes of impact/risk assessment.
All the applicable legal and other requirements related to EHS have been
identified at relevant areas by Head EHS. Legal register has been prepared by
Head EHS based on these identified requirements. Legal register is a
comprehensive document containing brief description of the requirements
Selected controls shall reduce the risk value. This may be in terms of:
o Increasing the security
o Stricter controls
o Transferring the risk
o Procurement of new hardware/software
o Or any other appropriate mechanism
Obtain risk owner’s approval for risk treatment plan before
implementation
Statement of applicability (SoA) has been prepared which includes the
following:
o Control objectives and control selected
o The control objective and controls currently implemented
o The exclusion of any control objectives and control and
appropriate justification for their exclusion
Top management ensures that IMS objectives and targets, including those
needed to meet requirements for SISCOL business requirements (Products,
Projects, Services and Solutions) are established at relevant functions, levels &
process within the organization.
While establishing & reviewing these objectives, the organization considers its
legal & other requirements, its significant environmental aspects, its OH&S risks,
its technological options, its financial, operational & business requirements,
information security risks, and the views of interested parties. The objectives
are measurable consistent with IMS policy, including the commitment to
continual improvement and prevention of hazards/risks & pollution.
After the review the quality objectives are updated as appropriate. The
progress on the achievement of these objectives is monitored at MRM/DRM/PRM
etc and if required same is updated as appropriate.
When planning how to achieve the IMS objectives, the Top Management has put
in place a system for defining, implementing, reviewing the objectives at
various levels in the organization; in which what will be done; resources
needed; who will be responsible; when it will be completed; how the results
will be evaluated gets encapsulated.
SISCOL follows well defined steps to implement changes which include following
in brief:
CHAPTER - 7
SUPPORT
IMS MANUAL Page 33 of 118
Eff.: 6th Feb, 2018
SUPPORT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 7
7.1 PURPOSE
To describe the Leadership involvement, accountability, commitment &
support for ensuring resources for establishing, implementing, sustaining,
awareness & continually improving the Quality, Environment, OH&S and
Information Security Management Systems.
7.2 SCOPE
Applicable to the implemented Quality, Environment, Occupational Health &
Safety and Information Security Management Systems covering various
activities as per scope given in Chapter 1 of this document.
7.4 RESOURCES
ISO 9001 (7.1), ISO 14001 (7.1), OHSAS 18001 (4.1) & ISO 27001 (7.1)
At the time of selection, the concerned HOD ensures that the employee’s
competence level is mapped with the competency criteria defined by the
7.4.2 Infrastructure
ISO 9001 (7.1.3), ISO 14001 (7.1), OHSAS 18001 (4.4.1)
The requirements for maintaining the environment for the operation of process
needed to ensure the conformity of the product & services throughout the
realization & subsequent processes; are determined as part of resource
management process. The environment for operation is maintained in
accordance with process or project requirements/specifications. It ensures that
the safe, hygienic, ergonomically (worker movement, fatigue, manual effort
and loads, etc.), workplace location, heat, light, humidity, airflow, noise,
vibration, hygiene, cleanliness, pollution, adequate facilities (lockers,
lunchroom, cafeteria, washrooms etc.); health and safety regulations;
As and when required SISCOL conducts survey to access the satisfaction level of
employees as evidence for social & psychological status and data for further
continual improvement of the people. SISCOL has a team for devising &
implementing numerous Employee Engagement initiatives thru’ Business
Managers across the organization that ensures the upkeep of employee’s morale,
human and physical factors; that creates the conducive environment for the
effective operations. Additionally, behavioural training programs are devised by
HR/Head-QHSE & Training related to emotional, de-stressing to have a calm and
composed mind-set to implement IMS.
7.4.4.1 General
ISO 9001 (7.1.5.1), ISO 14001 (7.1), OHSAS 18001 (4.4.1) & ISO 27001 (7.1)
SISCOL determines the resources needed for valid and reliable monitoring and
measuring results (where monitoring or measuring is used for evidence of
conformity of product & services to specified requirements), and ensures that
the resources provided are:
a) Suitable for type of monitoring and measurement activities being undertaken;
b) Maintained to ensure continued fitness for their purpose, while conducting
regular audits & checks. The calibration status of all the monitoring &
measuring resources are mapped electronically to ensure compliance to the
requirements. SISCOL retains appropriate documented information as evidence
of continuing fitness for purpose of monitoring and measurement activities,
where measurement traceability is:
Appropriate system has been developed to ensure that all the measuring
devices/gauges/templates being used at shop floor and the project sites
including the measuring devices under the control of sub-contractors are
calibrated during their use. For all the outsourced items, during selection &
evaluation of the supplier it is ensured that their monitoring & measuring
The measuring equipment is identified based on the controls over Product &
Services and process characteristics. It is ensured that the supplier or sub-
supplier/contractor has prepared the master list of measuring instruments
incorporating the instrument details, frequency of calibration, permissible error
etc. It is ensured that the measuring devices are:
a) Calibrated or verified at specified intervals or prior to use, against
measurement standards traceable to international or national
measurement standards. Where no such standards exist, the basis used
for calibration or verification is kept as documented information.
Traceability of calibration to national/international standards is
subsequently ascertained. In case there is no national/ international
measurements standards exist, the basis of calibration is defined in the
respective calibration procedure.
b) Adjusted or re-adjusted if found to be out of calibration, as necessary
c) Identified to enable calibration status through status stickers or
calibration documented information
d) Safeguarded from adjustments, as applicable, that would invalidate
the measurement result
e) Protected from damage and deterioration during handling,
maintenance
f) Storage by imparting training to the users of such devices
g) All the software being used for designing or other purposes are being
validated before their use through some alternate mechanism and
documented information of the same is maintained.
7.4.6 Competence
ISO 9001 (7.2), ISO 14001 (7.2), OHSAS 18001 (4.4.2) & ISO 27001 (7.2)
Depending upon the job requirements and the available competence among the
employees, the gaps in the existing competence are identified by the HODs
during objective setting (SISCOL-CP-08) and performance appraisal processes.
In order to fill up these gaps, actions such as providing training or any other
actions are initiated by Head-QHSE & Training. The various training
requirements are identified by the HODs through the performance reviews, job
analysis, objective settings and annual appraisal system. Training needs are
identified by the employees themselves or by the departmental heads or
through any other feedback mechanism.
7.5 AWARENESS
ISO9001 (7.3), ISO14001 (7.3), OHSAS 18001 (4.4.2), ISO27001 (7.3)
7.6 COMMUNICATION
ISO 9001 (7.4), ISO 14001 (7.4), OHSAS 18001 (4.4.3) & ISO27001 (7.4)
7.7.1 General
ISO 9001 (7.5.1), ISO14001 (7.5.1), OHSAS 18001 (4.4.4), ISO 27001 (7.5.1)
SISCOL has the following documented information structure that caters to the
requirements of QMS, EMS, OHSMS and ISMS along with any additional
documented information determined by the organization as being necessary for
the effectiveness of IMS.
IMS
Manual
(Level-1)
Department Control
Procedures - DCPs
(Level - 2)
The IMS manual describes the core elements of Management Systems & their
interaction and provides directions to the execution of various processes. The
manual includes:
a) Scope and exclusions including justifications for the same
b) Reference to documented common procedures established for the Quality,
Environment, Health & Safety and Information Security Management
Systems, including the interaction between the processes (Department
Processes as per Annexure A and Common Processes as per Annexure-B
and overall flow chart as per Chapter - 1)
SISCOL ensures the following practices while creating and updating documented
information:
All the process owners ensure that the documented information remain legible,
retrievable, readily identifiable & traceable to activities involved during the
complete life cycle of the manufacturing and project execution. The master list
of documented information indicating the retention period is maintained by the
concerned process owner. Relevant documented information is maintained for
all the Health, Safety and information security incidents. During the project
closing cycle, all the important documents are archived by the PMG on the
electronic format so that same can be referred if required in the future. If
contractually required, the documented information is made available to the
interested parties. Access matrices of the location of placement of documented
information (in server, portal etc.) are defined and reviewed on periodic
intervals along with IT team; and cross verified during audits for ensuring the
effective implementation of IMS requirements.
CHAPTER - 8
OPERATIONS
IMS MANUAL Page 42 of 118
Eff.: 6th Feb, 2018
OPERATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 8
8.1 PURPOSE
To describe the Leadership involvement, accountability & commitment in
planning & controlling end-to-end value chain (including design) for
establishing, implementing, sustaining, awareness & continually improving the
Quality, Environment, H&S and Information Security Management Systems.
8.2 SCOPE
Applicable to the implemented Quality, Environment, Occupational, Health &
Safety and Information Security Management Systems covering various
activities as per scope given in Chapter 1 of this document.
Product, process and projects’ regulatory requirements are also identified by the
concerned process owners and given due consideration during the development
and preparation of relevant process control documents. Resources,
infrastructure, work environment and competency of required personnel are
identified by the concerned HODs along with HR.
8.4.2.1 The following functions in SISCOL shall collaborate during process, product
and project realization:
a) Business Strategy
b) Business Development & Marketing
c) Sales
d) Contracts
e) Operations
f) Vendor Development & Procurement
g) Production
h) Logistics & Delivery
i) Industrial Infrastructure
j) Design & Engineering
k) Field Services
l) Corporate Relations
m) Key Account Management
n) Project Planning & Monitoring, Execution and Control
o) Stores (Incoming and Final product)
p) Plant Maintenance
q) Quality Assurance
r) Environment Health & Safety
s) Training
t) Information Technology
u) Human Resource & Administration
v) Finance & Accounts
The output of this planning in the form of quality plan, process monitoring
instructions, material arrangements, inspection arrangements, review and
validation of processes are made and provided at the relevant stages of
processing for its implementation.
Head EHS maintains the inventory of all the applicable environmental aspects
and Health & Safety risks, while list of information security related risks is
maintained by Head-IT. A procedure has been established to identify and
evaluate the environmental aspect/health & safety risks and IS risks. Based on
the significance of these aspects/risks, control measures have been identified
and being implemented throughout the organization. It has been ensured that
these significant aspects, Health & Safety risks and IS risks are considered while
developing IMS at SISCOL.
SISCOL has established and maintains a procedure to identify and have access to
legal and other requirements to which SISCOL subscribes to.
Whenever there is any outsourced process that affects product conformity to the
requirements, adequate controls are exercised by the relevant functions. The
type and extent of control on such outsourced processes depends upon criticality
of the characteristics or extent of control exercised by the supplier. All the
statutory and regulatory requirements of the product/project work being
outsourced are discussed with the supplier and their compliance is ensured
through periodic inspections and audits.
8.6.1 General
ISO 9001 (8.3.1), ISO 14001 (8.1), OHSAS 18001 (4.1/4.4) & ISO 27001 (8.1)
Planning for all the activities under the ambit of design & engineering is being
done by Head-Design & Engineering. During D&D planning, the Head-Design &
Engineering and nominated personnel from a specific project determine:
a) the nature, duration and complexity of the design and development
activities based on the scope and technical specifications vis-à-vis
organization’s capabilities
b) Design and development stages, considering all the interfaces
c) The controls (review, verification and validation) that are appropriate
to each D&D stage
d) Responsibilities and authorities for design & development being spelt
in DCPs and other associated documents
e) the internal and external agencies that have to be involved for the
design and development of products and services
f) The level of control expected for the D&D process by customers and
other relevant interested parties on a continuous basis and ensure the
effective planning to manage it.
All the interfaces between various stakeholders involved in D&D process are
managed adequately by the concerned Director - Operations or Project /
Nominated Personnel, to ensure effective communication and clear assignment
of responsibilities. As the D&D progresses, the planning outputs are updated, as
appropriate.
Before undertaking any D&D activity, all the design inputs are identified by the
Head-Design & Engineering. These inputs may include:
a) Customers’ needs
b) Applicable statutory and regulatory requirements
c) Policies and objectives of the organization
d) Timeline for deliverables
e) Standards or codes of practice
f) Functional and performance requirements of the product
g) Information derived from previous designs, if applicable
h) Testing and acceptance requirements
i) Potential consequences of failure based on the review-sharing of
earlier/similar project data, holding knowledge sharing initiatives,
having numerous test scenarios being simulated/reviewed by CFT
These inputs are reviewed for their adequacy by the Head-Design & Engineering
and any incomplete or conflicting requirements are resolved. Records of design
inputs are maintained by Head-Design & Engineering.
D&D reviews are carried out in a systematic manner, in accordance with the
planned arrangements:
a) To evaluate the ability of the results of design & development to meet
requirements
b) And to identify any problems and propose necessary actions
Records of the results of the reviews and any necessary actions are maintained.
The D&D outputs are documented and provided in suitable form (Drawings/
Technical Specifications/Calculations/Prototype/BOM/Data Sheets etc.) enabling
verification against D&D inputs. The design outputs are verified, reviewed and
approved before release by Design & Engineering. D&D outputs shall:
a) Meet the D&D input requirements
b) Provide appropriate information for purchasing, production, operations,
manufacturing, erection, commissioning, testing and acceptance of the
product/services along with adequacy for the subsequent processes
c) Contain or reference monitoring and measuring requirements and
product acceptance criteria
d) Specify the characteristics of the product/services which are essential
for its safe and proper use
SISCOL has established procedures to identify D&D changes at all the stages of
D&D. On identification of any change or request for any change in design, the
same is reviewed, verified and approved before implementation by the CFT.
During review of D&D changes, all the stake holders are taken into consideration
including all the interfaces likely to be affected by the change including the
parts already delivered.
The type and extent of control applied to these suppliers and the purchased
product depends upon the criticality of the purchased product/services on
subsequent product/service realization or the final product including packaging
of material.
Orders for long delivery/critical equipment are placed early in the project to
ensure timely deliveries by suppliers. The core activities of Logistics are handled
by Logistics team and physical transportation activities may be outsourced to one
or several freight forwarders depending on the project/operation requirements.
Whenever there is any outsourced process that affects product conformity to the
requirements, adequate controls are exercised by the relevant functions. The
type and extent of control on such outsourced processes depends upon criticality
of the characteristics or extent of control exercised by the supplier. All the
statutory and regulatory requirements of the product/project work being
outsourced are discussed with the supplier and their compliance is ensured
through periodic inspections and audits.
SISCOL has established procedures for source or in-coming inspection as per the
applicable QAP, drawings and technical specification to ensure that the
purchased products meet the specified purchase requirements including that for
environment/H&S. QA ensures that through these plans the products are verified
at source and during receipt at the project site. In case, if any deviation is found,
non-conformity is raised and communicated to the concerned (Procurement/PMG,
Operations/D&E or Supplier) for initiating root cause analysis, corrective and
preventive actions along with assessing the impact/potential impact. If required
the services of TPIAs can be utilized by QA for conducting source/receipt
inspection. For selection, evaluation and re-evaluation of these TPAIs procedures
have been documented.
The purchase order (PO) being raised contains complete information related to
the product like: specification, acceptance criteria, logistics, packaging, delivery
time, inspection requirements, performance evaluation process/parameters,
reference to QAPs, verification or validation activities by SISCOL &/or its
customers, or other acceptance criteria etc. The product/service details are
described in purchase documents or other means, including where applicable:
a) Requirements for approval of product, services procedures, processes,
and equipment
b) Requirements for qualification/competency of personnel, and
c) Quality (ISO 9001), Environment (ISO 14001), Health & Safety (OHSAS
18001) and Information Security (ISO 27001) management system
requirements
The purchase personnel review the purchase information to ensure the adequacy
of specified purchase requirements prior to their communication or issue to the
suppliers. Communication mechanism / protocol between SISCOL and the
external providers gets defined during the ordering phase.
It is ensured that for all the chemicals or hazardous substances being purchased,
MSDS of the same is obtained from the supplier and necessary trainings are
imparted to the end users for storage and handling of such substances.
All the special processes required for the production, project and service
requirements are validated and revalidated as per the laid down guidelines.
Welding, painting, brazing, heat treatment etc. have been identified as special
processes whose resulting output cannot be fully verified by subsequent
monitoring or measurement.
Special processes have been pre-qualified for their sets of operating parameters
suited to various class and types of products by QA/D&E/Operations/PMG.
The organization has established various systems for product identification and
traceability, at the various stages of the project, product and service execution
to ensure that the products/assemblies/sub-assemblies/components are
identifiable throughout their life cycle.
Identification:
Raw materials and bought out components are received by stores from suppliers
along with the details of material containing the supplier information. After
receipt, the store in-charge raises the GRN and offers the receipt material to QC
for incoming inspection. The inspection and test status of incoming bought out
items are identified based on supplier’s certificate and inspection lot. QA /
nominated person inspects the material as per QAP/FQAP/relevant reference
document and if found acceptable, the material is cleared for storage at the
designated location. From the store, the material is issued to the project
team/manufacturing/operations divisions as per their requirements.
During all the stages of the project/production execution, it is ensured that all
the assemblies/sub-assemblies are identified by means of tags/stickers/locations.
Separate areas have been identified and marked for accepted and non-
conforming items throughout the life cycle of the project/product.
Traceability:
Whenever required (Customer requirements, legal requirements, contractual
requirements) traceability for the products/assemblies/sub-assemblies are
maintained through drawings, receipt vouchers, inspection reports, lot numbers
or any other unique number. QA indicates the status of the material,
components, and sub-assemblies by use of inspection tags.
8.8.3.1 Preservation
ISO9001 (8.5.4), ISO 14001 (8.1), OHSAS18001 (4.4.6)
SISCOL has established procedures for preserving the product quality from
receipt of materials through internal processing up to the handing over of
project site/product/service to the customer. Concerned HODs ensure that
adequate care is taken during handling of material, components and
products/outputs to avoid any damage. Though specific responsibilities are
defined in the relevant DCP/SOP, yet every employee is responsible for safe
handling of the products at various stages of operations/manufacturing/project
execution. Various SOPs have been developed for preserving the product/service
at various stages of value chain. Suppliers/OEMs manuals are being referred for
storage of equipment at shop floor and site.
8.8.3.3 Storage:
Appropriate storage facilities are provided at production facilities and project
site for materials and products for their safe upkeep, prevent damage and
deterioration of the product quality including suitable preservation wherever
necessary. Condition of product in the store is assessed at appropriate interval.
Receipt and issue from stores is approved by authorized personnel. All materials
having limited shelf life are issued on First In First Out (FIFO) basis, as applicable.
Appropriate storage areas are provided for finished goods to prevent any damage
or deterioration of these products. The stored products are periodically assessed
for any deterioration or shelf life expiry.
SISCOL has defined the characteristics for the different outputs to be achieved
at appropriate stages of the project realization (receipt, in-process, final
inspection and despatch clearance) for meeting the customer requirements. All
these characteristics are monitored and measured by responsible personnel in
respective departments in order to ensure that the product/service (output)
requirements meet internal as well as external customer requirements including
all the regulatory requirements. These characteristics have been defined by
respective HODs, in their DCPs, OCPs, SOPs, QAPs etc. as applicable to the
relevant stages of the processes.
For all identified characteristics, the acceptance criteria for the evidence of
conformity have also been defined. Source, incoming, in-process and final
inspections are conducted by SISCOL inspector or SISCOL approved TPIAs to
ensure/compliance evidence of the same.
All the applicable legal and other requirements related to EHS have been
identified at relevant areas by Head EHS. Legal register has been prepared by
Head EHS based on these identified requirements. Legal register is a
comprehensive document containing brief description of the requirements
SISCOL subscribes, required parameters, current status, responsibility and
compliance evaluation frequency and outputs.
Head-EHS shall devise the incident investigation procedure that shall record,
investigate and analyse H&S incidents. The corrective and risk-based
thinking/actioning procedures also includes mechanism for incident
investigation so that all H&S deficiencies are identified, after having root
causes analysis, necessary corrective (and preventive) actions are identified
including opportunities for improvements. The results emanating from the
investigations shall be documented and communicated to all the stakeholders.
Head-EHS shall ensure the investigations are conducted time-bound.
CHAPTER - 9
PERFORMANCE
EVALUATION
IMS MANUAL Page 61 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
9.1 PURPOSE
To describe the organizational process for monitoring, measurement, analysis
and evaluation (incl. Internal Audits, MRMs etc.) for establishing, implementing,
sustaining, awareness & continually improving the Quality, Environment, H&S
and Information Security Management Systems.
9.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1 of this document.
9.4.1 General
ISO 9001 (9.1.1), ISO 14001 (9.1.1), OHSAS 18001 (4.5) & ISO27001 (9.1)
SISCOL has determined who, what, how & when the processes needed to be
monitored, measured, analysed and evaluated and it’s implementation to
demonstrate conformance to product & service requirements and conformity to
QMS, EMS, and OHSMS & ISMS and continually improve their effectiveness.
Measurement & monitoring system is based on data and it’s analysis for which
various analytical tools are being used.
SISCOL has defined the measurable parameters for the different processes/
products and services /projects to ensure meeting the customers and regulatory
requirements. While preparing the project schedules & plans and product
delivery schedules, all the processes which have to be measured are identified
by the concerned process owners/HODs.
These process parameters are monitored, measured and its results are analysed
& evaluated at the specified frequency as per the responsibilities defined in
QAPs/FQAPs/Flow Charts/SOPs to ensure that these processes achieve the
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 62 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
planned results. When planned results are not achieved, the non-conforming
outputs (products/services/information) are corrected (repaired/reworked/re-
processed) and the suitable corrective actions, as applicable are taken by the
concerned HODs, to ensure conformity of the products (outputs). The
compliance to these identified process parameters are ensured during
inspection or system audits. Appropriate documented information are
maintained.
Head EHS has established a procedure to monitor and measure EHS performance
on regular basis by deploying:
a) Qualitative and quantitative measures appropriate to the organizational
needs
b) Monitoring of the extent to which EHS objective are met
c) Monitoring the effectiveness of EHS controls being exercised at different
manufacturing locations, offices and project sites
d) Proactive measures of performance that monitor conformance with EHS
programmes, controls and operational criteria
e) Reactive measures of the performance like monitoring of ill health,
incidents, and other historical evidence of deficient EHS performance
f) Recording of data and results of monitoring and measurement to facilitate
subsequent corrective and risk analysis.
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 63 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
Review risk assessment at planned intervals and review the residual risks
and the identified acceptable levels of risk, taking into account changes to
the organization, technology, business processes, identified threats,
effectiveness of the implemented controls and external events like any
changes to the legal or regulatory environment, changed contractual
obligations and changes in social climate
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 64 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 65 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
All the applicable legal & other requirements with respect to IMS have been
identified in the legal register. These requirements are periodically reviewed as
per designated persons for their compliance. Documented information of these
reviews are maintained at appropriate levels as per the responsibilities defined
in the legal register.
Internal audits are planned at six monthly frequency considering the audit
criteria, scope, frequency and methods. Audit criteria include international
standards, IMS manual, IMS policy, applicable legal requirements, objectives,
targets, management programme, department procedures, SOPs, etc. The
frequency of audits can be increased depending on the severity of Quality,
Environment, Occupational, Health & Safety and Information Security risks and
the non-conformances observed during previous audits or operations. Frequency
of these internal audits can also be increased in case of customer complaints,
process or product rejections and service failures.
The audit results/reports are the documented information, which are shared
with all the concerned stakeholders. These reports form the basis of taking
suitable corrective actions (CA) by the concerned HODs after suitable root cause
analysis (RCA). The HoDs take the required corrective action (CA) without any
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 66 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
9.4.5.1 General
At SISCOL, management review happens at various levels:
a) Management review meeting to review the effectiveness of IMS
b) Project Review meetings/Departmental review meeting
c) Risk Review Meeting etc.
Review includes, assessing risks & opportunities for improvement and the need
for changes to the IMS, including the SISCOL policy and objectives. Documented
information of management reviews including the minutes of Management
Review Meeting (MRM) are maintained by CMD’s office/MR; for projects by
Project Planning Team/PMG.
The input to management review in the form of agenda for Management Review
Meeting includes information for the period under review on all elements of ISO
9001, ISO14001, OHSAS 18001 and ISO 27001. The specific agenda items relevant
to each of these standards are given in the common procedure on MRM (SISCOL-
CP-07). However, more focus is laid down on the following:
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 67 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
Specifically, to EHS; the review addresses the possible need for changes to
policy, objectives and other elements of the environment/OH&S Management
Systems in the light of EMS/OHSMS audit results, changing circumstances and
the commitment to continual improvement of EHS performance.
The minutes of the management review meeting are recorded and maintained
for a specified period. The output of the management review shall include any
decisions and actions related to:
a) Opportunities for improvement
b) Need for change in IMS including resources
c) Update of the risk assessment and risk treatment plan
The outputs from MRM shall also include any decisions and actions related to
possible changes to:
a) Business requirements and security requirements,
b) IMS performance
c) IMS Policy and Objectives
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 68 of 118
Eff.: 6th Feb, 2018
PERFOMANCE EVALUATION Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 9
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL
CHAPTER - 10
IMPROVEMENT
IMS MANUAL Page 69 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10
10.1 PURPOSE
To establish a system for identification of improvement opportunities of the
various process identified in documented QMS, EMS, OHSAS & ISMS, to
demonstrate the reduction in undesired effects and achieve continual
improvement of SISCOL business processes.
10.2 SCOPE
Applicable to the implemented Quality, Environment, Health & Safety and
Information Security Management Systems covering various activities as per
scope given in Chapter 1 of this document.
SISCOL has established the processes with the best of intentions, focusing on
performing the task at hand, with the resources at hand, in the environment
where they exist. A structured approach to understand the existing conditions,
generate improvement ideas, and then implement the changes to see the
betterment has been made part of SISCOL’s systems and processes.
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 70 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10
The final product & services characteristics are re-verified by QA for ensuring
conformance to the requirements before being despatched to the customer.
In case the nonconforming products & services and services found during any
stage of design, manufacturing or project execution, are corrected (i.e.
reprocessed or re-worked), the products & services / information are re-
verified by QA/competent personnel for the requirements in which these were
found to be nonconforming in order to demonstrate the conformity to the
requirements. In case the non-conformance in the product is detected after
the same have been delivered to the customer or their use has started,
organization examines the criticality of such characteristics. Such non-
conformance which is critical and major in nature is informed to the customer
and if required, the same are withdrawn from usage. The potential effects of
the nonconformity are also analyzed and appropriate actions are taken.
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 71 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10
Corrective Action
The company has established a documented information (SISCOL-CP-04) for
taking actions to eliminate the cause of non-conformities in order to prevent
recurrence of significant problems by analysis of non-conformance
documented informations, product rework/ rejection data, external provider
performance documented informations, project execution documented
information etc. SISCOL ensures Corrective actions are appropriate to the
effects of the nonconformities encountered, which are monitored to have cent
percent compliance.
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL Page 72 of 118
Eff.: 6th Feb, 2018
IMPROVEMENT Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Chapter No. 10
UNCONTROLLED DOCUMENT IF PRINTED
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL
ANNEXURE - A
LIST OF
DOCUMENTED
INFORMATION
IMS MANUAL Page 73 of 118
Eff.: 6th Feb, 2018
LIST OF DOCUMENTED INFO. Rev. No.: 00
DOC NO: SISCOL/IMS/MANUAL Annexure - A
ANNEXURE A:
SAMPLE LIST OF DOCUMENTED INFORMATION (DI)
Sr.
DI No. Details Scope of Standards
No.
1 SISCOL-CP-01 Documented Information QMS+EMS+OHSAS+ISMS
Risk and Opportunity
Identification, Assessment,
2 SISCOL-CP-02 QMS+EMS+OHSAS+ISMS
Implementation and Reviewing
effectiveness
3 SISCOL-CP-03 Conduction of Internal Audits QMS+EMS+OHSAS+ISMS
Control of Non-conformance and
4 SISCOL-CP-04 QMS+EMS+OHSAS+ISMS
Corrective Action
5 SISCOL-CP-05 Competency Development QMS+EMS+OHSAS+ISMS
8 DCP-1
9 DCP-2
10 DCP-3
11 DCP-4
12 .
13 .
14 .
15 .
16 .
17 .
18 .
19 .
20 .
21 .
22 .
23 .
24 .
25 .
26 .
ANNEXURE - B
COMMON
PROCESSES
IMS MANUAL Page 75 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1
IMS MANUAL Page 76 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1
1.1.3. SIPOC
Trigger – Ensure the Control of Document Information
Frequency – Ongoing
Supplier Input P Output Customer
Engineering/ National, International Process
Stakeholders/ standards, contract document, Owners,
MDL, DCP, Manual
Vendors/Client/ customer requirement, SISCOL Client,
Manufacturing and applicable legal & External
IMS MANUAL Page 77 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1
1.1.4. RASCI
Activity Responsible Accountable Support Consult Inform
P1. Identification of Process
needs for Documented IMS Team, Owner,
Process Stake
Information (DI) HOD External Client,
owner holders
required for effective Providers External
Management Systems Providers
Engineering
P2. Preparation of DI, team, Client,
Process Stake External
identification of owner HOD External
owner holders Providers
and its retention period Providers,
stake holders
Client,
D1. Review & approval External
Process
of documents; HOD - - Providers,
owner
Approved? Engineering
team
Client,
P3. Circulation/
External
Distribution/ Storage/ Process
HOD IT team - Providers,
Protection of DI + owner
Engineering
team
Client,
External
P4. Updating MDL of Process
HOD IT team Providers,
internal origin owner
Engineering
team
External
P5. Receipt of change Process Providers,
request or need for owner/ cross Process
HOD -
change of document and nominated functional Owner
its review person team
members
Process
P6. Amendment/
owner/ External
modification in the HOD Client Stakeholders
nominated Providers
documents
person
IMS MANUAL Page 78 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1
1.1.5. ROAM
IMS MANUAL Page 79 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.1
1.1.6. KPIs
KPI Objective Formula UoM
To identify internal origin Within 30 days of receipt of
Identification of document required for contract/Within 15 days of
Days
document effective Integrated change or revision of
Management System process
To communicate
Communication of document/amendments/mo Within 2 days after Days
documents difications to all concerned approval
departments
IMS MANUAL Page 80 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2
IMS MANUAL Page 81 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2
● Assessing and quantifying all risks associated with the project/proposed project
● Developing risk mitigation/treating plans that can be followed through, using the
review mechanism
● Ensuring that top management is kept abreast with the overall risk profile of the
project/manufacturing/proposed project with focus on the most critical risks
P1. The assessment shall be performed in line with SISCOL risk guidelines. For the
proposal project, risk assessment & treatment shall be performed before technical/price
bid submission. For ongoing or under execution projects/manufacturing, risk assessment &
treatment shall be performed once in a quarter.
a) Risks and Opportunities to be identified at various stages of the manufacturing and
project life cycles through proactive monitoring of various process parameters/
acceptance criteria, product non-conformities and internal/external audits.
b) Risks and opportunities to be proportionate to the potential impact on the
conformity of products.
P2. Determine/Identify the sources, causes/ processes/ activities in Risk and Opportunity
form
P3. CFT/team/person constituted by the concerned HOD for risk assessment
P4. Nominated team/person will assign probabilities to each risk element based on past
experience and current project expectations, segregates risks based on their impact on
either delay liabilities or cost escalation. Severity calculated based on estimated delay
and/or cost implication as per norms of the SISCOL Risk Policy. Nominated team/person
will identify risk treatment plan and submit it for competent authority.
D1. Approval from competent authority to be obtained before implementation of
Mitigation/Contingency plan
P5. In case any modification suggested by competent authority, same shall be
incorporated
D2. After incorporating the changes, nominated team/person will identify any
modification in system/process/document (DCP/SOP/QAP etc.)
P6 In case of any modification same shall be obtained from competent authority/process
owner.
P7. Treatment/Mitigation and Contingency plan to be implemented within defined time
frame. The record is maintained in risk register.
IMS MANUAL Page 82 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2
1.2.3. SIPOC
Trigger - Risk and Opportunity Identification, Assessment, Implementation and Reviewing
effectiveness
Frequency – As per SISCOL Policy
Supplier Input P Output Customer
Process monitoring/ knowledge
sharing/Audits/Non-
Process Conformities/external &
owner internal issues w.r.t context of Nominated
the organisation/ requirement Risk register Team/
of interested parties person
Risk Register from pre-bid (for
BD&M
project/manufacturing)
Nominated Competent
Mitigation / Contingency Plan Risk Register & record note
Team/person authority
1.2.4. RASCI
Activity Responsible Accountable Support Consult Inform
P1. Identification of
Risks and Process
Leadership Nominated
Opportunities owner/ Process PMG/Functional
Team/Functional Team/ person/
throughout the life Nominated owner Head
Head Functional Head
cycle of the Team/person
Project/Process.
P2. Determine the
Process
Sources, causes/ Leadership
owner/ Nominated Functional Nominated
Process/ activities for Team/Functional
Nominated Team/person Head Team/ person
the Risk and Head
Team/person
Opportunity
P3. Nomination of the
Functional
Risk and Opportunity Leadership Leadership Functional Nominated
Head/
Assessment Team Team Head/HR Team/ person
HR/Contracts
person/team
P4. Identification of
risks, areas of
impacts, events &
their causes and their
potential Nominated
Process
consequences. Then Leadership Team/ person/
owner/ Nominated Functional
carry out Team/Functional Leadership
Nominated Team/person Head
Risk/Opportunity Head/Contracts Team/Functional
Team/person
assessment Head/Contracts
considering the
Probability and
Severity. After that
assign category for
IMS MANUAL Page 83 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2
1.2.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Promote culture to identify the
risk/opportunity by anyone during the
Missing of risk/opportunity
1 identification
project cycle.
Getting wetted from Contracts in line
with SISCOL guideline
● Mitigation and contingency plan to
RISK
be prepared by competent team/
person.
Ineffective mitigation and
2 contingency plan
● Mitigation and contingency plan to
be reviewed and monitored for the
implementation of effectiveness.
● Consultation with Contracts team
Will have least possibilities to miss out
Culture to identify risk/opportunity
1 by anyone during the project cycle
major risk/opportunity and its impact of
OPPORTUNITY organization/project
Effective implementation of Damage owing to risk will be arrested or
2 mitigation and contingency plan minimized
IMS MANUAL Page 84 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.2
1.2.6. KPIs
KPI Objective Formula UoM
Identification of sources of risks,
areas of impacts, events & their
Risk assessment causes and their potential
and Opportunities consequences. Then carry out As per SISCOL risk guideline Numbers
in risk Risk/Opportunity assessment
considering the Probability and
Severity.
Risk Treatment Preparing plan within defined
Derive the treatment plan Days
Plan time frame
Effectiveness Evaluation of the effectiveness of
Number of change in plan Numbers
treatment plan mitigation and contingency plan
IMS MANUAL Page 85 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3
IMS MANUAL Page 86 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3
P3. Circulation of audit plan to the concerned auditee, auditors & stakeholders at least 2
weeks before the internal audit.
P4. 1. The audit should be completed as per the internal audit plan.
2. The audit should be as per the defined scope, criteria and objectives
P6. Review of Audit reports and improvement areas by Audit committee and approval / for
circulation of Audit report / NCs/ OFIs to concerned auditee / functional head within 2
days of submission of reports by internal auditors.
P7.
1. Root cause analysis and proposed closure date of NC/OFIs shall be provided in NC
format/platform by Auditee / Process owner in consultation with stakeholders /
function heads within 1 week of release of audit report.
2. Correction / corrective action on the NCs / observations raised to be taken within 3
weeks of submission of internal audit report or within the date of agreed proposed
closure date.
D1. Audit committee to check and verify whether NCs / OFIs were vacated, within 2 days
of submission of implementation of corrective action by auditee/ process owner.
P8. Follow up audit (if required) to be conducted for verification of corrective action.
D2. All NCs to be resolved within 3 weeks after conducting internal audit including the
completion of corrective actions.
P9. The audit summary report to be prepared and presented to the concerned HOD within
3 weeks of the completion of internal audit and in quarterly meet to TM & MRM.
IMS MANUAL Page 87 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3
P10. During the top management meetings the input for continual improvement
programmes and updating of ROAM shall be derived.
D3. Review the effectiveness of the internal audits, upto what extent management
expectations are met by internal audit
1. Continuous process
2. Based on the review, further actions like refresher trainings to auditors etc. are
planned.
1.3.3. SIPOC
Trigger – Conducting IMS internal audit
Frequency – Six Months
Supplier Input P Output Customer
Functional
Heads / IMS Auditor List Audit Schedule IMS Team
Team
Auditee /
Audit schedule, DCP, Manuals,
Process owners,
Auditors Contractual / statutory Audit Reporting
Functional
requirements
Heads, IMS Team
Audit Summary
IMS Team NC / Audit report / RCA Top Management
report
1.3.4. RASCI
Activity Responsible Accountable Support Consult Inform
Identification of Reporting Auditors,
Head Quality / Functional
trained internal IMS Team Manager of Auditee,
EHS / IT Heads
auditors Auditors Stakeholders
Preparation & Auditors, Auditors,
circulation of Head Quality / IT HODs, Process
IMS Team
internal audit EHS / IT Department Process Owners,
schedule / plan Owners HODs
Auditee, IMS
Conducting Audit Team,
Auditor Auditor - IMS Team
& Reporting Functional
Heads
Vacating NCs/
Root Cause Auditee /
Analysis, Process Functional Head Stakeholders Auditor IMS Team
Corrective Owner
actions
Follow-up Audit
Functional
and verification Auditor IMS Team -
Heads
of CA
Preparation of IMS Team, IMS Team, Leads Auditor, Auditor, Top
IMS MANUAL Page 88 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3
1.3.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Proactive action for identification of
Non availability of enough no. of auditors and there training and
01 competent auditors for maintaining proportional ratio
conducting internal audit between total employees and
auditors
1) Schedule shall be made
thoroughly considering the project
schedule and commitment from top
Delay in conducting audits due to
management, HODs.
Non-availability of certified
02
internal auditors as per planned
2) Circulation of Audit plan well in
schedule
advance (Min. 2 Weeks) for auditors
RISK
and auditee to reserve there date
and time.
Improper reporting by auditors
(For e.g. the report is not clear to Second level review by IMS team
02
address the issue) leading to before releasing the report auditee
failure of finding right issue.
Closure of NCs by auditee without
IMS Team / Auditor shall conduct
03 ensuring proper root cause
verification audits for Major NCs
analysis
Top Management, Process owner
Repetition of similar NCs in
04 shall have analysis of audit results /
subsequent audit
NCs
Involvement of Top Management
1 Improvement in IMS effectiveness
/ HODs in to review process.
Gap analysis by process owner at
OPPORTUNITY 2 Improvement in IMS effectiveness
regular interval
To Identify hidden risk in the
3 Improvement in planning
process
IMS MANUAL Page 89 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.3
1.3.6. KPIs
KPI Objective Formula UoM
Conduction of IMS internal
IMS Internal Audit audit minimum twice in a year Six Monthly Numbers
and as per planned schedule
% of Completed internal
Conduction of IMS internal
IMS Internal Audit audits in comparison to the %
audit as per planned schedule
internal audit planned
Timely reporting of internal The length of time for issuing
Audit Reporting days
audit observations / report internal audit reports
Creation of suitable
External Audit NCs/
observations w.r.t non-
Observations
Audit Reporting conformance in reference to Numbers
No. of Major audit findings &
standard, IMS Manual, DCP,
recommendations
OFIs, Good practices
Submission of corrective Within 3 weeks of audit /
Vacating NCs action & Closure of NCs with within time frame of Period
objective evidence proposed closure date
Presentation of audit summary
Audit summary
reports to HODs/Top Within 3 weeks of audit Period
report
Management
1) The progress in action
implementation of
Effectiveness of Evaluation of effectiveness of
audit recommendation %
internal audit Internal audit
2) Reduction in final
product rejections
IMS MANUAL Page 90 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4
IMS MANUAL Page 91 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4
P1. Non-conformities, potential EHS risks and IS events will be identified during
manufacturing and throughout life cycle of the project through proactive monitoring of
various process parameters/ acceptance criteria, feedback from interested parties, risk
identification & analysis, customer voice, project review, internal and external
benchmarking and internal audits. NC may also be identified by the customer or relevant
interested parties.
P2. Incase of product NCs, the material, component, equipment shall be adequately
quarantined by placing at identified space/red tagging etc.(as applicable) in line with
correction requirement. In case of System NCs, EHS incident or IS events appropriate
action plan shall be taken based on proposed correction.
P3. Identify the appropriate corrections/containments action and nominated person/ team
considering impact of Non-Conformance/ incident/ IS events. The nominated person/
team will take appropriate corrections/containments action
P5. Team will be identified/ nominated for root cause analysis and bring out corrective
action plan.
P6. The nominated person/ CFT shall identify the root cause analysis within specified time
period.
P8. Corrective actions emerged out from root cause analysis to be implemented within
specified time interval based on the recommendation of nominated person/CFT.
P12. The existing document will be updated incase same is necessitated (QA Plans, QA,
EHS & IT Risk assessment, Procedures, SOPs).
IMS MANUAL Page 92 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4
1.4.3. SIPOC
Trigger – Control of Non-conformance and Corrective Action
Frequency – Continuous
Supplier Input P Output Customer
Stakeholder feedback/
Process owner
process measurement/
Raise of Non through Vendor/
project review/ internal
conformity and contractor/ service
Interested parties audits/ Inspection, VOC/
quarantining product provider/SISCOL
NCR/ supplier or
from use project/functional
contractor evaluation,
incharge
deviation reports
Root Cause Analysis;
Nominated
Interested parties Non Conformity Report Correction; Corrective
person/CFT
Action
Effectiveness of
correction,corrective Leadership team/
Interested parties Non Conformity Report
action report/ Interested Parties
presentation
1.4.4. RASCI
Activity Responsible Accountable Support Consult Inform
Process
IMS Audit IMS Audit
owner/
Team/ Team/
P1. Identification MRs/HODs/ Executing
Interested Executing Executing
of Non Auditors Agency /
Parties Agency/PMG/ Agency/PMG/
Conformity Relevant
Field Services Field Services
Interested
Team Team
Party
P2. Immediate
segregation/
Process
quarantine the Functional
owner/
Non Conformity Process Team
Functional Executing
to avoid any Owner / Process members /
Team Agency /
unintended use Execution Owner Relevant
Members Relevant
of the same, as agency Interested
Interested
applicable (not Party
Party
applicable for
system NCs)
P3. Identification Process Execution
and containment Owner / Relevant agencies /
actions to be Execution Interested Process
Functional Functional
taken on the Non agency/ Party / Owner/
Head team members
Conformity along Concerned Execution Relevant
with nominated agencies Interested
responsibility. person Party
P4. Recording Process Functional Relevant Execution
Functional
status of action Owner/ Team Interested agencies /
Head
taken Execution Members Party / Process
IMS MANUAL Page 93 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4
IMS MANUAL Page 94 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4
1.4.5. ROAM
IMS MANUAL Page 95 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.4
1.4.6. KPIs
KPI Objective Formula UoM
Identification of
Within specified time by
Correction, 100% identification within Numbers of
Leadership Team/Functional
Corrective specified time days
Heads
Action, RCA
Within specified time by
100% identification within Numbers of
Resolution of NCs Leadership Team/Functional
specified time days
Heads
Arresting the cause of
Recurrence of
problem on account of same Zero recurrence Numbers
NCs
issue
IMS MANUAL Page 96 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5
IMS MANUAL Page 97 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5
P1. 1. The required job description for the position to be filled shall be identified by
Business Manager/HOD, prior to selection process.
2. The JD to be approved by Functional Head/HOD and sent to HR for further
processing
3. Competency Matrix Sheet gets generated, which captures the skill sets required
for all the process/levels/functions/personnel. This shall be made by HODs with
assistance from Training Team.
P2. During selection of the prospective employee, HR to scout and ensure personnel meets
the JD. Interview panel conducts the interview. Selection Process (in HR DCP) is also
referred to here.
P3. The gaps in the interview are captured in Interview Sheet, as well as during day to day
review and also during the appraisal process of the employee. Competency Matrix Sheet
gets filled for the function/level/process/personnel, and there by the gaps against the
required skill-sets gets emanated. This process shall be carried out prior to start of
financial year/issue of annual training calendar by Training Team; and as-and-when new
profile is necessitated.
P4. The gaps are the input for identification of training needs for the department/ of all
the personnel/profiles.
P5. The training needs are forwarded to Training Team for planning and execution of the
same. Updating the training needs in Records. Both the technical and behavioural training
needs to be identified.
P6. Training Team/HR/Ext. Agency conducts training programmes. Training feedback for
all the trainings to be obtained by Training Team and analysed for circulation to the
relevant interested parties.
D1. The effectiveness of the training imparted should be evaluated by Training Team along
with reporting manager within 3 months from the completion of training. Ref.: Training
Effectiveness Process of Training Team. Assess the gaps if the effectiveness is not up to
the mark for re-conducting the training (can be on-job/classroom
based/discussion/seminar etc.)
P7. Continuous/Regular/Periodic monitoring & updating the competence for re-mapping
and once-again the cycle begins.
1.5.3. SIPOC
Trigger – System for identifying the job requirements, job competence & identifying competency
gaps; obtaining training feedback, training effectiveness and subsequently enhancing the
competence of all the employees of SISCOL
Frequency – Continuous
IMS MANUAL Page 98 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5
1.5.4. RASCI
Activity Responsible Accountable Support Consult Inform
P1. Identification of
various job profiles Head
Functional Training Top
along with detailed HOD Training/
Heads Team/HR Management
competence Head HR
requirements
P2. Selection of the Head
Functional Training Top
potential personnel for HOD Training/
Heads Team/HR Management
the identified job Head HR
P3. Identification of Head
Functional Top
gaps vis-à-vis HOD Employees Training/
Heads Management
competence required Head HR
P4. Identification of Head
Functional Top
training needs of all the HOD Employees Training/
Heads Management
personnel/profiles Head HR
P5. Forward the training
needs to HR for planning
Head
and execution of the Functional Top
HOD Employees Training/
same. Updating the Head Management
Head HR
training needs in
PODP/Records
P6. Conduct of training
programmes by
Training Top
Training/HR/Ext. HOD Faculty Employees
Team/HR Management
Agency and obtaining
training feedback
D1. Evaluation of Functional Head Top
Training Team Employee
effectiveness of training Head Training/ Management
IMS MANUAL Page 99 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.5
Head HR
P7. Continuous/
Head
Regular/Periodic Functional Top
HOD Employee Training/
monitoring & updating Head Management
Head HR
the competence
Head
Functional Top
P8. Assess the gaps HOD Employee Training/
Head Management
Head HR
1.5.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Identify job and skill requirement
Selection of incompetent
1 and involve concerned personnel in
personnel
RISK selection process.
(What can go Wrong identification of required Proper identification of gap by
2
wrong?) gap senior people/HODs
Ineffective training to fill the Training effectiveness to be
3
gap evaluated
Selection of skilled and Improves the operational
1
competent personnel excellence
Proper / relevant gap identification
OPPORTUNITY 2 Competency gap identification
by HR with FHs
Evaluation of training Training to be ensured for
3
effectiveness effectiveness
1.5.6. KPIs
KPI Objective Formula UoM
Ensure the resource is
Selection of the
available for as per Prior to start of
potential personnel for Always
the JD (or close intended work
the identified job
match) requirement
Ensure the
Identification of gaps Competency Mapping
vis-a-vis competence is carried out and gaps 100% of the cases Always
required are identified in every
dept./project
As defined for
Increase in
the FY in the
Competency Levels of Pre and Post Training
Objective of % Increase
Personnel/Process/ interventions
HR/Function/
Function
Project
Conducting minimum
Training mandays per Training mandays
no. of mandays of Number
employee per employee
training
IMS MANUAL Page 100 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6
IMS MANUAL Page 101 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6
P1.
1. MRM to be conducted on yearly basis
2. Project Review meetings/ Departmental review meeting
3. Quarterly Risk Review Meeting
4. MRM committee includes functional heads of SISCOL and for PRM etc. teams will be
constituted by respective Functional Heads.
P2. Information to be received at least one week prior to the MRM and it should include
various information related to projects & manufacturing like status of NCs / Audits,
Customer feedback, corrective action, internal reviews, ongoing progress etc.
P3.; P4 The agenda should be finalized based on the action points of last MRM, business
requirements, IMS requirements and shall be circulated to all concerned participants of
MRM committee one week prior to MRM, details for minimum MRM agenda point is
mentioned below.
P5. All the agenda points to be discussed during MRM.
P6. Discussion points to be noted during MRM and a minutes of MRM will be formed and
same needs to be circulated to MRM committee and relevant interested parties within 2
days of meet.
P7. IMS team will prepare action plan w.r.t points / issues discussed during MRM in
consultation with members of MRM committee and circulation of the same will be done to
all stakeholders for implementation.
D1. Completeness of the actions as per defined time frame.
P8. MRM committee member shall interact with stakeholders / process owner for
expediting of closure action plan taken.
P9. Recording of action take and Verification/effectiveness of points from previous MRM.
Minimum agenda for IMS Management Review Meeting:
IMS MANUAL Page 102 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6
1.6.3. SIPOC
Trigger – Conduction of Management Review Meeting
Frequency – Once in a year
Supplier Input P Output Customer
IMS MANUAL Page 103 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6
Process
Owner,
Quality / MOM and Functiona
EHS / IT Agenda For MRM Discussion Action Plan of l Heads,
MRs MRM MRM
Participa
nts
Process
Owners /
MRs (QMS
Updated MRM Stakehold
/EHS / MOM and Action Plan of MRM
Output ers
ISMS) /
functional
Heads
1.6.4. RASCI
Activity Responsible Accountable Support Consult Inform
Establish frequency
MR / MRM
for MRM and Top Process
Functional - Committee /
constitution of MRM Management owner
Heads Stakeholders
committee
Receipt of
information from
various projects/
functions/
manufacturing Process
Process Functional MRM
facilities on Status of Owner / IMS HODs
Owners Heads Committee
NC/ audits/ customer Team
feedback/ Corrective
actions/ internal
reviews/ ongoing
progress etc.
Preparation Functional
Top MRM
Finalization of MR MR Heads / IMS
Management Committee
agenda for MRM Team
Circulation of agenda
to all the concerned MRM
MR MR IT Team -
participants (MRM Committee
Committee)
Participants
Top Functional
Conduct of MRM MR - of the
Management Heads
meeting
Preparation of
Top
minutes of MRM
Management MRM
including continual MR MR -
/ MRM Committee
improvement issues,
Committee
Risk & Opportunities
Circulation of MR Top - Functional Stakeholder /
IMS MANUAL Page 104 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.6
1.6.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
● Agenda to be prepared in
advance by considering all
the important/critical issues
Missing of important/critical and an effective review to be
1
issues done before finalization.
● Emergency MRM can be
RISK
organised in case of
exigency.
MRM to be attended by all HODs
with defined agenda and all records
2 Ineffectiveness of MRM
to be kept for reference and action
plans
Platform to identify, review and Helps for smother execution of IMS
OPPORTUNITY 1
monitor important/critical issues and various business processes
1.6.6. KPIs
KPI Objective Formula UoM
Conduction of MRM to ensure
MRM As defined Period
healthiness of QMS/IMS
Review of all the agenda
All the agenda points to be
MRM points mentioned in MRM %
reviewed / discussed
agenda
IMS MANUAL Page 105 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7
IMS MANUAL Page 106 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7
1.7.3. SIPOC
Trigger – Objective setting
Frequency – Yearly
Supplier Input P Output Customer
Top
Management Business
L&T Power Mission/ Vision/ Policy/
Front End Units &
market trends/ competitor analysis / Thrust Area
Marketing Functional
Results of KPIs / Context of Organization
Corporate Heads
Strategy
Thrust area
HR Head Functional
L&T Power Mission/ Vision/ Policy/ Departmental
Top Team
market trends/ competitor analysis / Objectives
Management members
Results of KPIs
Functional /
Functional
Department Process /
Approved Departmental objectives Team
Head individual
Members.
objectives
1.7.4. RASCI
Activity Responsible Accountable Support Consult Inform
Identification of Top Top Functional Business Functional
SISCOL’s Thrust Area Management Management Heads Strategy Heads
IT Top
Communication of Business
Head HR Head HR Departmen Management
Thrust Areas to HODs Strategy
t / Functional
IMS MANUAL Page 107 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7
Heads
Identification and
finalisation of
Functional
Department / Project Department Department
Team Head HR Head HR
objectives / KPIs of Head Head
Members
Functions Level /
Process
Approval of objective Top Top
HR HR HR
by leadership Management Management
Sharing/communication Functional
Department Department
of approved objective HR HR Team
Head Head
within the function members
Functional
Team
Objective setting by Functional in Department
HR Members / HR
Individual charge Head
Process
Owners
Review & Approval of
Department Department Functional
objectives by - HR
Heads Heads in charges
Department Heads
Functional
Midterm review of Department Department Functional
Team HR
objectives Heads Heads in charges
members
HR /
Functional
Updating of actions on Department Department Functional Functional
Team
regular basis Heads Heads in charges Team
members
Members
1.7.5. ROAM
Probable/ Sl. Possible Mitigation Plan/
Description
Envisaged No. Most-likely Benefits
Missing the link of objectives Objectives shall be approved by
1 among organization, departments assigned authorities, and link to be
and individuals. ensured by proper communication
Care to be taken by ensuring SMART
Possibility of identifying non-
RISK 2 objectives by approving KPI by
measurable objectives
assigned authorities.
Regular monitoring to be done by
Missing or failure of objectives by
3 individual and same is ensured
misdirecting the efforts/work
through MTR.
Establishing link among the
Efforts to be directed to achieve
1 organization, departments and
objectives
individuals
OPPORTUNITY Objectives will be effective and
2 Ensuring to take SMART objectives
beneficial.
Clear Guidelines / work
3 Better Employee Engagement
instructions in form of objective
IMS MANUAL Page 108 of 118
Eff.: 6th Feb, 2018
COMMON PROCESSES Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – B.7
1.7.6. KPIs
IMS MANUAL
Doc. No.: SISCOL-IMS-MANUAL
ANNEXURE - C
TERMS &
DEFINITIONS
IMS MANUAL Page 109 of 118
Eff.: 6th Feb, 2018
TERMS & DEFINITIONS Rev. No.: 00
Doc. No.: SISCOL-IMS-MANUAL Annexure – C
Risk that has been reduced to a level that can be tolerated by the
Acceptable Risk organization having regard to its objectively to determine the extent to
which “audit criteria” are fulfilled
means to ensure that access to assets is authorized and restricted based on
Access Control
business and security requirements.
Algorithm or calculation combining one or more base measures and/or
Analytical Model
derived measures with associated decision criteria.
Any tangible or intangible thing or characteristic that has value to an
Asset
organization
Systematic, independent and documented process for obtaining audit
Audit objective evidence and evaluating it objectively to determine the extent to
which audit criteria are fulfilled
Set of policies, procedures or requirements used as a reference against
Audit Criteria
which objective evidence is compared
Records, statements of fact or other information which are relevant to the
Audit Evidence
audit criteria and verifiable
Results of the evaluation of the collected audit evidence against audit
Audit Findings
criteria
Audit Scope Extent and boundaries of an audit
Something is available if it is accessible and usable when an authorized
Availability
entity demands access
Property of being accessible and usable upon demand by an authorized
Availability
entity (ISO 27000)
Set of one or more audits planned for a specific time frame and directed
Audit Programme
towards a specific purpose
Audit Plan Description of the activities and arrangements for an audit
Outcome of an audit, after consideration of the audit objectives and all
Audit Conclusion
audit findings
Audit Client Organization or person requesting an audit
Auditee Organization being audited
One or more persons conducting an audit, supported if needed by technical
Audit Team
experts
Auditor Person who conducts an audit
Authentication Provision of assurance that a claimed characteristic of an entity is correct
Authenticity Property that an entity is what it is claims to be
any unauthorized attempt to access, use, alter, expose, steal, disable, or
Attack
destroy an asset or information
Attempt to destroy, expose, alter, disable, steal or gain unauthorized access
Attack
to or make unauthorized use of an asset
Business It is a capability of an organization to continue its business of delivering its
Measurement
Set of interrelated or interacting elements necessary to achieve metrological
Management
confirmation and control of measurement processes
System
Is a process that is used to determine a value. In the context of information
security management, measurement is a process that is used to obtain
Measurement
information about the effectiveness of an Information Management System
(ISMS) and the controls that it uses
Measurement
Algorithm or calculation performed to combine two or more base measures
Function
Measurement Logical sequence of operations, described generically, used in quantifying an
Method attribute with respect to a specified scale
Measurement One or more indicators and their associated interpretations that address an
Results information need
Mission Organization’s purpose for existence as expressed by top management
Determining the status of a system, a process, a product, a service, or an
Monitoring
activity
Monitoring Determining the status of a system, a process or an activity (ISO 27000)
Measurement
Set of operations to determine the value of a quantity
Process
Nonconformity Non fulfillment of a requirement or a failure to meet a requirement
Ability to prove the occurrence of a claimed event or action and its
Non-Repudiation
originating entities
Observer Person who accompanies the audit team but does not act as an auditor
person or group of people that has its own functions with responsibilities,
Organization
authorities and relationships to achieve its objectives
Make an arrangement where an external organization performs part of
Outsource
organization’s function or process
Object Item characterized through the measurement of its attributes
Objective Result to be achieved
Output Result of a process
Objective
Data supporting the existence or verify of something
Evidence
Occupational Conditions and factors that affect, or could affect the health and safety of
Health and Safety employees or other workers (including temporary workers and contractor’s
(OH&S) personnel), visitors or any other person in the workplace
OH&S
Part of an organization’s management system used to develop and
Management
implement its OH&S policy and manage its OH&S
System
OH&S goal, in terms of OH&S performance, that an organization sets itself to
OH&S Objective
achieve
OH&S
Measurable results of an organization’s management of its OH&S risks
Performance
OH&S Policy Overall intentions and direction of an organization related to its OH&S
System
Quality
Management Process of establishing, documenting, implementing, maintaining and
System continually improving a quality management system
Realization
Quality
Requirement related to quality
Requirement
Quality Objective Objective related to quality
Document stating results achieved or providing evidence of activities
Record
performed
Residual Risk The risk remaining after risk treatment
Reliability Property of consistent intended behavior and results
Determination of the suitability, adequacy or effectiveness of the subject
Review
matter to achieve established objectives
Review Object Specific item being reviewed
Review Objective Statement describing what is to be achieved as a result of a review
Rework Action on a nonconforming product to make it conform to the requirements
Need or expectation that is stated, generally implied or obligatory, by an
Requirement
organization, its customers, or other interested parties
Regulatory Obligatory requirement specified by an authority mandated by a legislative
Requirement body
Action on a nonconforming product or service to make it acceptable for the
Repair
intended use
Risk Effect of uncertainty on objectives
Combination of the likelihood of the occurrence of a hazardous event or
Risk exposure(s) and the severity of the injury or ill health that can be caused by
the event or exposure(s) (OHSAS 18001)
Risk Acceptance Decision to accept a risk
Risk Acceptance Informed decision to take a particular risk (ISO 27000)
Risk criteria are terms of reference and are used to evaluate the significance
Risk criteria or importance of an organization’s risks. They are used to
Determine whether a specified level of risk is acceptable or tolerable
Terms of reference against which the significance of risk is evaluated
Risk Criteria
(ISO 27000)
Risk Assessment overall process of risk identification, risk analysis and risk evaluation
Risk Identification Process of finding, recognizing and describing risks
Risk Analysis Process to comprehend the nature of risk and to determine the level of risk
Risk Continual and iterative processes that an organization conducts to provide,
Communication share or obtain information, and to engage in dialogue with stakeholders
and Consultation regarding the management of risk
Process of comparing the results of risk analysis with risk criteria to
Risk Evaluation
determine whether the risk and/or its magnitude is acceptable or tolerable