R2v3

Transition

dark light picture.jpg

+

Reach out and start getting transitioned today!

Success! Message received.

  • Wilkshire Consulting Twitter
  • Wilkshire Consulting LinkedIN
  • Wilkshire Consulting Facebook

Transition to R2v3 in 3 Easy Phases

 

  1. Scope determination and Gap Analysis

  2. Establish and Implement Documentation and Processes

  3. Internal Review – Internal Audit, Compliance Evaluation, Data Security Audit

Phase
1

Scope Determination and Gap Analysis

Phase
2

Establish and Implement Documentation and Processes

Phase
3

Internal Review

Internal Audit, Compliance Evaluation, Data Security Audit

Phase 1 - Scope determination and Gap Analysis

Scope Determination – Organizations making the transition from R2:2013 to the R2v3 standard must first review and revise their current scope of certification. It is essential to accurately determine the organization scope and ensure that it is reflective of current business processes.

Business Processes matching Scope of Certification

Evaluate & Sort

Dismantling 

Testing

Resale

Recycling 

eCommerce

DSV

One of the most significant changes between the R2:2013 and R2v3 standard has been a major shift in the way the standard is organized. R2v3 is divided into two major sections:

 

  • Core Requirements and;

  • Process Specific Requirements

 

The Core Requirements are essentially applicable to all R2 facilities while Process Requirements will apply only if those specific processes are carried out by the R2 facility.

Phase one of your transition plan will be to ensure you have reviewed your activities and processes carefully to ensure that your scope statement includes each of the process requirements specific to your organization.

 

Process Specific Requirements have been listed as Appendices within the R2v3 Standard.

 

The R2v3 Process Requirements Appendices:

 

  •   Appendix A – Downstream Recycling Chain

  •   Appendix B – Data Sanitization

  •   Appendix C – Test and Repair

  •   Appendix D – Specialty Electronics Reuse

  •   Appendix E – Materials Recovery

  •   Appendix F – Brokering

 

SERI has provided several guidance documents on this topic. The R2v3 Appendix Applicability Guidance document offers further explanation and description of each appendices and its applicability.

 

R2v3 Appendix Determination Tool is another useful guidance document to help ensure your scope has been appropriately updated and revised per the new R2v3 scope of certification requirements.

 

After determining your R2v3 Scope the next step is to perform a gap analysis. A gap analysis in this particular case is assessing your current business processes, documentation and records to determine if they are in conforming with the R2v3 requirements. While there is some overlap between the R2:2013 and R2v3 standards, the R2v3 standard contains many enhanced and new requirements. Some organization may be closer to conforming to the new R2v3 requirements if they went above and beyond the R2:2013 standards requirements.

R2v3 action plan .jpg

A comprehensive gap analysis will reveal the current state of the management system and identify all the gaps that need to be addressed. With a list of the gaps in hand actions plans can then be established to address and effectively close each gap. We can now proceed to phase 2 of the R2v3 Transition Plan.

Phase 2 - Establish and Implement Documentation and Processes

Once an organization has identified the gaps in the system and developed actions plans those plans will required the organization to establish new documentation and processes.

 

One example of this is if the organization has reviewed their scope and determine that they currently perform Testing and Repair activities as part of their business processes. In this case, the scope revision would have to include R2v3 Requirements listed in Appendix C – Test and Repair.

 

The gap analysis would then reveal that Appendix C requires an organization performing test and repair activities to be certified to the ISO 9001:2015 Quality Management System standard.

test and repair phase 2 .jpg

This is just one such example of how an accurate scope determination drives the inputs into the gap analysis. The gap analysis can then ensure that all the pertinent R2v3 Core and Process Specific Requirements are covered. In this case, the gap analysis has found a large gap in the system with the requirement to implement ISO 9001:2015 Quality Management Certification. This particular gap can take anywhere between 2-3 months and up to 8-12 months to effectively implement depending on the organizations size and complexity.

 

As action plans are implemented and completed the organization is moving closer and closer to a achieving all the R2v3 requirements. Once complete the organization is required to perform several self-checks in 3 different areas to ensure they are prepared for the third-party R2v3 transition audit.

Phase 3 - Internal Review
Internal Audit, Compliance Evaluation, Data Security Audit

Once gaps have been addressed and action plans implemented the organization must perform several self-assessments. These assessments must be performed by competent individuals which the R2v3 standard defines. The three required assessments include a full system internal audit, compliance evaluation and a data security audit.

 

Internal Audit

 

The full system internal audit covers all requirements that are covered by the scope of certification for the organization. Thus, all core requirements will need to be audited and all process specific requirements. The organization if certifying to ISO 14001:2015 Environmental Management System and ISO 45001:2018 Health and Safety Management or RIOS will need to audit all applicable requirements from these standards as well. Lastly, if the organization is certifying to ISO 9001:2015 those requirements will need to be covered as well. For efficiency, the internal audit should be conducted by an auditor who is trained in all relevant standards so that an integrated R2v3, Quality, Environmental, Health and Safety Management System audit can be conducted. This will save significant time and resources and ensure the most effective audit is conducted.

 

 

Compliance Evaluation

 

R2v3 requires that the R2 facility develop a comprehensive compliance plan. This plan should cover the R2 facilities operations both at the facility and at all associated off-site locations as well. The legal compliance plans should identify and document all pertinent environmental, health, safety, and data security requirements. The plan needs to define the controls, competence, and associated monitoring activities to maintain full compliance. This plan and the requirements to maintain compliance are required to be audited periodically which is generally taken to mean annually but there are some exceptions to the frequency that can be made if justified.

 

 

Data Security Audit

 

One major change in the R2v3 standard has been the enhanced requirements detailed in Core Requirement 7 for Data Security. R2 facilities are now required to document and maintain a Data Sanitization Plan with associated procedures necessary to control data security risks. With the implementation of the plan comes the monitoring of that plan. To ensure that the organization is achieving sound data security practices internal data security and sanitization audits are required to be performed at least annually by a competent and independent auditor. The audits are critical in ensuring that the data sanitization process has been validated ensuring that it effective.