iso-9001-2015-bill-mizak.pdf

8/17/2019 ISO-9001-2015-Bill-Mizak.pdf

1/35

INTRODU

TO

ISO 9001

Copyright 2015 © DAC Audit Services – All rights reserved

1


2/35

ISO 9001:2015 HAS BEEN APPROVED

▪ The revised standard will be published

and available to purchase on

September 23, 2015.


2


3/35

TRANSITION

▪ Organizations who are currently certified to

ISO 9001 :2008 have a three year transition

period from the date of publication for ISO

9001:2015.


3


4/35

RECOMMENDED ACTIONS

▪ Identify organizational gaps

▪ Develop an implementation plan

▪ Provide training and awareness for all parties that havimpact on the effectiveness of the organization

▪ Update the existing QMS to meet the revised requiremnecessary

▪ Conduct liaison activities with certification body to detheir transition plans


4


5/35

CHANGES

1) Structure

2) Terminology

3) Context of the organization

4) Documented information

5) Process Approach

6) Quality Manual

7) Preventive Action (dropped)

8) Risk based approach

9) Management Rep.

10) Quality Management p

11) Exclusions

12) Planning

13) Work environment

14) Supplier

15) Purchased product


5


6/35

CHANGES

▪ Fewer prescribed requirements

▪ Improved applicability for services

▪ Requirement to define the boundaries of the QMS

▪ Greater emphasis on achieving results to Improve customer satisfac


6


7/35

REVIEW OF CHANGES



8/35

1. STRUCTURE CHANGESISO 9001:2015 ISO 9001:20080. Introduction

1. Scope2. Normative references

3. Terms and definitions

4. Context of the organization

5. Leadership

6. Planning

7. Support

8. Operation

9. Performance evaluation

10. Improvement

0. Introduction

1. Scope2. Normative references

3. Terms and definitions

4. Quality management system

5. Management Responsibility

6. Resource Management

7. Product Realization

8. Measurement, analysis and im


8


9/35

2. TERMINOLOGY CHANGES:

ISO 9001:2015 (DIS) ISO 9001:2008Products and services

Documented information

Environment for the operation of processes

Externally provided products and services

External provider---Not Used --

Products

Documentation and Records

Work environment

Purchased product

SupplierExclusions


9


10/35

NO MANDATORY PROCEDURES.

▪ No mandatory procedures. Where the ISO9001:2008 required six

procedures, the recently released ISO9001:2015 does not suggest a

specific procedures to be developed.


10


11/35

3. CONTEXT OF THE ORGANIZATION

▪ There are two new clauses relating to the context of the organization,

▪ 4.1 Understanding the organization and its context

▪ 4.2 Understanding the needs and expectations of interested par

▪ Together these clauses require the organization to determine the issu

requirements that can impact on the planning of the quality managem

▪ This will require the organization to consider itself and its context, to dthe scope of its quality management system.


11


12/35

4. DOCUMENTED INFORMATION

▪ Replaces both procedures and records. Documented information is f

in the 4.3 and 4.4 sections of the standard while there is more clarific

in the Annex A.

▪ Where ISO 9001:2008 would have referred to documented procedure

now expressed as a requirement to maintain documented informatio

▪ Where ISO 9001:2008 would have referred to records this is now exp

as a requirement to retain documented information.


12


13/35

PROCEDURES

▪ The recently released ISO9001:2015 FDIS does not suggest any speciprocedures to be developed.

▪ This has been left open for organizations to decide based on the contorganization. This gives more flexibility to the organization to decide


13


14/35

5. PROCESS APPROACH

▪ ISO 9001:2015 promotes the process approach beyond the existin

requirements of ISO 9001:2008. A whole sub-section within the

Introduction section is dedicated to explaining the Process Approa

▪ It also has its own clause 4.4. That requires businesses to

systematically define and manage not just their processes, but also

interaction between them.


14


15/35

5. PROCESS APPROACH CONTINUED

▪ The process approach is a way of obtaining a desired result,

managing activities and related resources as a process. Alth

the clause structure of ISO 9001:2015 follows the Plan-Do-C

Act sequence, the process approach is still the underlying

concept for the QMS.

▪ Further guidance, please refer to the Support Package module: Guida

the Concept and Use of the Process Approach for management system


15


16/35

6. QUALITY MANUAL,

▪ No specified requirement for a "Quality Manual".

▪ Organization’s are still required to maintain documented informanecessary for the effectiveness of the quality management syste

▪ But there are many ways to do this and a quality manual is just oconvenient and appropriate for an organization to continue to dequality management system in a quality manual then that is perf

acceptable.

▪ This reflects the fact that many of todays’ businesses manage theirdocumentation (policies, procedures, instructions, forms, records etc.electronically e.g. shared drives, public folders, intranet etc.


16


17/35

7. PREVENTIVE ACTION HAS BEEN DROPPED.

▪The explanation for removing Preventative Action is the QMis supposed to act as a preventive tool.

▪ The Annex A of the Standard states that "one of the key pu

of the QMS is to act as a preventive tool".

▪ As a result the formal preventive active requirement no lon

exists in the current draft. This has been replaced with risk

approach


17


18/35

9. MANAGEMENT REPRESENTATIVE

▪ No requirement for a person to be specifically assigned. Instead, there

be an increased demand on top management to demonstrate organiza

leadership.

▪ Replaced by new section/ requirement –

▪ 5 Leadership - 5.1 Leadership and commitment

▪ Top management shall demonstrate leadership and commitmwith respect to the quality management system


18


19/35

9. MANAGEMENT REPRESENTATIVE

▪ There is no requirement for a person to be specifically assigned. Instea

there is an increased demand on top management to demonstrateorganizational leadership

▪ Although the prescriptive title of a management representative has beedeleted, it is up to top management to ensure that the roles andresponsibilities are assigned for reporting on the performance of the QM

▪ Some organizations might just maintain their current structure, with a sperson carrying out this role. Others might take advantage of the flexibiconsider other structures depending on their organization’s structure.


19


20/35

8. RISK BASED APPROACH

▪ More emphasis is on risk based thinking when setting up the q

management system (QMS). It will be a requirement to identify

understand risks and opportunities from external as well as int

factors and take these into account when setting up the manag

system.

▪ Although it is required by the organization to determine and ad

risks, there is no requirement for implementing a formal risk

management process.


20


21/35

10. QUALITY MANAGEMENT PRINCIPLES

There are now seven quality management principles on which the ISO postandards are based:

a) Customer focusb) Leadership

c) Engagement of People

d) Process approach

e) Improvement

f) Evidence-based decision making

g) Relationship management (suppliers)

▪ The Annex B provides a “statement” describing each principle and a “rationale” explaining why

organization should address the principle.


21


22/35

11. EXCLUSIONS

▪ There will no longer be a requirement to specify and justify Exclusion

▪ Annex A of the standard clarifies that the organization can-not decidrequirement to be not applicable if it falls under the scope of its QM

▪ Also non-applicability is not allowed if that could lead to failure to

▪ achieve the conformity or to enhance customer satisfaction

▪ However, it is recognized that an organization might need to review applicability of requirements due to the size of the organization, themanagement model it adopts, the range of the organization’s activitthe nature of the risks and opportunities it counters.


22


23/35

EXCLUSION’S ALLOWED?

▪ ISO 9001:2015 no longer refers to “exclusions” in relation to the appli

its requirements to the organization’s quality management system. H

organization can determine the applicability of requirements.

▪ All requirements in the new standard are intended to apply. The orga

only decide that a requirement is not applicable if its decision will not

ability or responsibility to ensure the conformity of products and serv

the enhancement of customer satisfaction.


23


24/35

12. PLANNING:

▪ Now has its’ own section (6) and requires risks and oppor

to be taken into account when planning the QMS.

▪ Other requirements for planning i.e. planning to achieve q

objectives and changing the QMS in a planned manner ha

carried forward from ISO 9001:2008.

24



25/35

WHAT CHANGED IN TERMS OF PLANNING?

▪ ISO 9001:2015 requires the organization to address risks and opportun

objectives and planning of changes throughout the organization. When

products, technologies, markets and business opportunities develop, w

organizations will want to take full advantage of the opportunities.

▪

This must be done in a controlled manner, and be balanced against the

risks involved, which could lead to undesirable side-effects.


25


26/35

13. WORK ENVIRONMENT

▪ The term "work environment" used in ISO 9001:2008 has been replace

with "Environment for the operation of processes”

14. SUPPLIER

The term "supplier" has been replaced with "External provider".Organizations do not need to change this term in their QMS as well.

Organizations can still maintain the term "supplier", "vendor",

"contractor", "consultant" etc. as per their own need.


26


27/35

15. PURCHASED PRODUCT

▪ The term "purchased product" has been replaced with "externally pro

products and services".

▪ This now refers to the "external provider" as opposed to the "supplier

clarify that activities (products and services) which are outsourced e.g

subcontract treatments’, services and hire are included and must be c

appropriate.

▪ Previously the emphasis was on controlling purchased product


27


28/35

RISK - BASED THINKING

Risk-based thinking is something we all do automatically and often sub-

consciously to get the best result

The concept of risk has always been implicit in ISO 9001 – this revision m

more explicit and builds it into the whole management system

Risk-based thinking ensures risk is considered from the beginning of a pr

and throughout the process

Risk-based thinking makes preventive action part of strategic planning

Risk is often thought of only in the negative sense. Risk-based thinking ca

help to identify opportunities. This can be considered to be the positive s

risk


28


29/35

RISK IN THE ISO9001:2015 CLAUSES

In the Introduction the concept of risk-based thinking is explained.

In Clause 4 (Context of the Organization) – the organization is required t

determine the risks which can affect its ability to meet business/quality

objectives.

In Clause 5 (Leadership)- top management is required to commit to ens

Clause 4 is followed.

In Clause 6 (Planning for the quality management system) - the organiza

required to take action to identify risks and opportunities


29


30/35

RISK IN THE ISO9001:2015 CLAUSE (CONT’D)

5) Clause 8 (Operation) - the organization is required to implement

processes to address risk

6) Clause 9 (Performance evaluation) - the organization is required to

monitor, measure, analyze and evaluate the risks and opportunities

7) In Clause 10 (Improvement) - the organization is required to improve

responding to changes in risk


30


31/35

WHY RISK-BASED THINKING?

Successful companies intuitively take a risk-based approach because it

brings benefits

To improve customer confidence and satisfaction

To assure consistency of the quality of products and servicesTo establish a proactive culture of prevention and improvement.


31


32/35

WHAT SHOULD MY COMPANY DO TO PREPARE?

Use a risk driven approach in all organizational processes:

- Identify what the risks and opportunities are in your organization.

- Have a “Readiness audit” performed by an accredited and certified seniauditor.

Notes:

- ISO9001:2015 does not require a formal risk assessment or a specific sin

document.

- The information must be kept available and could be electronic, audio, vwritten or any other type of media.

- ISO31000 (Risk management – Principles and Guidelines) may be usefulcompanies that want a more formal process but it is not mandatory.


32

SUMMARY


33/35

SUMMARY

In a nutshell, Risk based thinking is to:

Analyse and prioritize the risks and opportunities in your organization

▪ what is acceptable?

▪ what is unacceptable?

▪ which opportunities should be acted on?

Plan actions to address the risks and opportunities

▪ how can I avoid, eliminate or mitigate the risk?

▪ how can I realize opportunities?

Implement the plan – take action

Check the effectiveness of the actions – does it work?

Learn from experience – continual improvement


33


34/35

REMEMBER!

It is:

• something you do already

• is continuous

• ensures greater knowledge and preparedness

•

increases the probability of reaching objectives

• reduces the probability of poor results

• makes prevention a habit

Risk Based thinking is not New!


34


35/35

Thank you for joining us.


35

iso-9001-2015-bill-mizak.pdf

Documents