Home / netflix internal analysis / Stage 2 Audit Report

Stage 2 Audit Report - netflix internal analysis

123190-21463000ISO 45001:2018 CLIENT GAP ANALYSIS TOOL (TR006)Instructions For UseThis gap analysis document provides a simple framework for evaluating your OHS management system against the requirements of ISO 45001:2018. Please complete the table by recording the evidence acquired from one full internal audit against the requirements of ISO 45001:2018 (Clients should have access to the standard and details of its requirements to aid understanding).This document, once completed should be retained by the client and made available during your assessment visit (please retain the completed document electronically - if possible).If you are unable to provide evidence of compliance, you may not be ready to complete the transition / migration to ISO 45001:2018. In this case, please inform NQA that you need additional time to prepare for the migration – we will work with you to select a mutually agreeable date to complete. Please ensure that this completed document and internal audit records are available for your assessor at the opening meeting of your transition / migration assessment. A Management review (against the 45001 standard requirements) must also be completed prior to the assessment visit.Sections marked as (Assessor to Complete) will be completed by the assessor during the transition audit. Client name: Certificate number: Date of completion:Tip: Ensure that these new concepts have been deployed in a manner that supports the Process Approach and Risk Based Thinking. Items highlighted in yellow require documented information as identified in the standard; “retain” implies a record– other items may also require documented information.Multi-site organisations should ensure that the requirements have been considered for all relevant locations, especially where individual locations have unique circumstances.OHSAS 18001:2007 Clause / New requirement.ISO 45001:2018Requirements / ActivityEvidence to support compliance(Assessor to Complete)Has the Client Demonstrated they have Met the requirements of this clause?(Assessor to Complete)Comments if RequiredYes NoNew Requirement 4.1, Context of the organization: Understanding the organization and its context :Has the organization identified both internal and external issues and interested parties in addition to workers, that are relevant to and/or support the management system and the strategic direction of the organization?Have the significant strategic risks and opportunities been identified?Have the interested parties (internal and external) been identified?What drives the OH&S culture of your organization?New Requirement 4.2 - Understanding the needs and expectations of interested parties.Who might affect or be affected by your activities and what their relevant and significant interests might be?Have you taken their needs into account within the OH&SMS?Consider: Are their needs understood?Does this identify legal or other requirements.How do you demonstrate these processes?4.1 – General system requirements - including the scope.4.3 - Determining the scope of the OHS management systemDoes the documented statement of scope allow for:a) The external and internal issues referred to in 4.1;b) Requirements referred to in 4.2;c) The work related activities performed.4.1 General requirements4.4 - OHS Management SystemNo significant change4. - Leadership and CommitmentIs "Top Management" engaged & leading OH&S, rather than delegating to someone further down your organization.Are workers being involved directly to protect, improve performance, and support the OH&S system.Reflecting the significance of this Clause, there are 13 sub-clauses (a-m).4.2 OH&S policy5.2 - OH&S PolicyDoes the documented policy statement emphasize communication and participation of workers, across the organization; commit to "satisfy" legal and other requirements; commit to the hierarchy of controls to OH&S risks?4.4.1 Resources, roles, responsibility, accountability & authority5.3 - Organizational roles, responsibilities and authoritiesDocumented information is required for this.Accountability as now been re-aligned to leadership No other significant changes4. – Consultation and participation of workersThis clause has been substantially strengthened to capture, promote and include worker participation, engagement and communications.Demonstrate the participation of non-managerial employees in OH&S Management, including incident investigations, risk assessments, control and monitoring activities and internal auditing etc. Planning:6.1.1– Actions to address risks and opportunities – GeneralHave the risks and opportunities from 4.1 been considered and have actions been defined to take advantage of the opportunities and mitigate the risks?Has this included consideration of:Hazards, risks, opportunities and legal / other requirements that may be applicable.Documented information is required4. – Hazard identification and assessment of risks and opportunities. / 2 /3Hazard identification, assessment of OHS and Other risks, Assessment of OHS opportunities and Other opportunities4. – Determination of legal requirements and other requirementsThe organization will need to document applicable legal and other obligations while also demonstrating how they are applied, implemented and complied with. – Planning actionPlans are required to address risk, opportunities (including emergency situations) and legal and other requirements – action will require a review of effectiveness. - OH &S objectives and planning to achieve them.6.2.1 – OHS ObjectivesOHS System required objectives must be documented. – Planning to achieve OHS ObjectivesPlans describing the requirements for achieving objectives shall require documentation. Support:7.1 – Resources;Shall be determined and provided. – Competence;Shall be determined, checked and documented for workers4.4.27.3 – Awareness;Workers shall be made aware of the system policy and objectives and a range of relevant OHS performance indicators and actions including the ability to remove themselves from imminent and serious danger to life and health. - Communication 7.4.1. General requirements;Suitable documented information will be maintained regarding internal and external communications.Processes will be need to be defined and established for what, when and who it communicates.Participation and consultation are diffused through 45001, but this clause adds a requirement to consider what, who, and why needs to be communicated and whether the communications were successful.7.4.2 – Internal communication7.4.3 – External communication4. Documented information.7.5.1 – General:Documented information replaces the idea of documents and records.7.5.2 & 7.5.3:Documented information may be data or reports held electronically or hard copy and requires appropriate controls for updating and retention. – Operations.8.1 - Operational planning and control ;8.1.1 - General ;Includes adapting work for workers8.1.2 – Eliminating hazards and reducing risks ; Apply the Hierarchy of controls.8.1.3 - Management of change;As applied to planned, temporary and permanent changes that can impact on OHS performance.8.1.4 – Procurement;OH&S controls relevant to the purchase of services, goods and materials.; Considerations for Contractors.; Considerations for Outsourcing.8.2 – Emergency preparedness and response;Documented information is requiredThe revised standard strengthens and expands on the previous requirements and also includes communications.4.5, – Performance evaluation – 9.1 - Monitoring, measurement, analysis and performance evaluation;9.1.1 - General requirement;Demonstrate that there is a process in place. Monitoring, measurement, analysis and evaluation of OH&S metrics must take into account business context, legal and other requirements, relevant third parties, policy risks, opportunities and objectives.9.1.2 – Evaluation of compliance;Similar to existing arrangements, but the frequency and method of compliance checking need to be considered. – Internal Audit.9.2.1 – Internal audit – General requirements;Workers must be included in the audit process. 9.2.2 – Internal audit programme;The audit programme must be planned and documented.4.69.3 Management Review;This builds on the previous standard with added emphasison improvement and communications based on risks,opportunities and system effectiveness. Consideration should include legal and other requirements, interested parties, organizational risk and opportunity.4.5.3, – Improvement – General requirement:Note: Preventive Action has been dropped because this is addressed through management of risks and opportunities.10.2 – Incidents, nonconformity and corrective action:Corrective action is taken in a timely manner to control an incident or nonconformity and deal with the consequences.Root cause analysis used to understand why an incident happened.When corrective action has been completed, your organization considers whether further action is required to prevent a similar incident or nonconformity occurring in the future.Your organization considers whether the potential for a similar problem remains - possibly in another area of the operation and acts to implement changes if needed.10.3 – Continual improvement;Shall be achieved and integrated into the system processesAreas for further investigation:

How Netflix is changing the way we watch movies? Also now due to the integration of technology in our everyday lives instead or buying a DVD or Blu-ray, or renting a movie from Blockbuster, consumers can stream newly released movies onto their televisions or computers just by signing up for Netflix. Profit Outlook