Embed Size (px)
Citation preview
ISO 9001:2015 OVERVIEW
www.paradygm.co
Consulting for ISO Based Standards
Overview Objectives
• To provide an overview of the key revisions of the recently issued ISO9001:2015 International Standard
• Discuss the high level structure of ISO 9001:2015
• Review examples of the New Structure, Terminology and Concepts
• To discuss the transition timeframe and the impact on current registrations to ISO 9001:2008
www.paradygm.co
ISO 9001:2015 A change has
www.paradygm.co
1987
1994
2000
2008
5th Edi/on 2015
Evolution of the Standard
6
1987
1994
5th
Revision History
www.paradygm.co
High Level Structure
• The clause structure and some of the terminology have been changed to improve alignment with other management systems standards
• Changes in the structure and terminology do not need to be reflected in the documentation of an organization’s quality management system
• The structure of clauses is intended to provide a coherent presentation of requirements rather than a model for documenting an organization’s policies, objectives and processes
www.paradygm.co
New Structure, Terminology and Concepts
www.paradygm.co
1. Increase the emphasis on Achieving Value for the organization and
its customer
2. Increase emphasis on Risk Management to achieve objectives
3. Decrease the emphasis on Documentation
4. Removed: Requirement for Documented Procedures*
5. No Requirement for Quality Manual
* - Left for the organization to decide.
New Structure, Terminology and Concepts
• No Requirement for Management Representative*
• No requirement for formal Preventive Action
• Outsourcing is now External Provision • Enhanced Leadership Requirements
• Organizational Context – Responsiveness to changing
Business Environment
*Responsibilities are still required (5.3c) – just not the position
www.paradygm.co
Products and Services
• “Products and services” includes all output categories (hardware, services, software and processed materials)
• Highlights the differences between products and services in the application of some requirements
• The characteristic of services is that at least part of the output is realized at the interface with the customer
• This could reflect that conformity to requirements cannot necessarily be confirmed before service delivery
• Many outputs that organizations provide to customers, or are supplied to them by external providers, include both products and services
www.paradygm.co
Understanding the Needs and Expectations of Interested Parties
• A new clause which requires the organization to determine those interested parties which are relevant to the organization’s operations
• The organization is required to demonstrate its ability to consistently provide products and services that meet customer, statutory and regulatory requirements with the aim to enhance customer satisfaction
www.paradygm.co
Risk-based Thinking • Organization is required to understand its context
(clause 4.1) and determine the risks and opportunities that need to be addressed as a basis for planning (clause 6.1)
• This represents the application of risk-based thinking to the planning and implementation of QMS processes (clause 4.4).
• No requirement for formal methods for risk management or a documented risk management process
• One of the key purposes of a quality management system is to act as a preventive tool
www.paradygm.co
Risk-based Thinking
• There is no separate clause or sub-clause titled “Preventive action”
• The concept of preventive action is expressed through a risk-based approach to formulating quality management system requirements
• Organization is responsible for the application of risk-based thinking and the actions required to address the identified risks
• Determine level of risk for QMS processes to meet intended outputs, objectives, etc.
www.paradygm.co
Applicability
• Does not refer to “exclusions” in relation to the applicability of its requirements to the organization’s QMS
• Requirements for applicability are addressed in clause 4.3 - defines conditions under which an organization can decide that a requirement cannot be applied to any of the processes within the scope of the QMS.
• Decision of non-applicability cannot result in failure to achieve conformity of products and services
www.paradygm.co
Documented Information • A common clause on “Documented Information” has
been adopted (clause 7.5) • The terms “document, documented procedure, quality
manual, quality plan” and “record” have been replaced throughout the standard by the term “documented information”
• Documented procedures (e.g. to define, control or support a process) are now expressed as a requirement to maintain documented information
• Records are now expressed as a requirement to retain documented information
• When the term “information” is used (i.e. 4.1), there is no requirement for the information to be documented
www.paradygm.co
Organizational Knowledge
• Organizational knowledge (Clause 7.1.6) addresses the need to determine and manage the knowledge maintained by the organization to ensure that it can achieve conformity of products and services
• Requirements regarding organizational knowledge were introduced for the purpose of
– Safeguarding the organization from a loss of knowledge (staff turnover, failure to capture and share information)
– Encouraging the organization to acquire knowledge (lessons learned, mentoring, benchmarking)
www.paradygm.co
Control of Externally Provided Processes, Products and Services
• All forms of externally provided processes, products and services are addressed in clause 8.4 whether through:
– purchasing from a supplier – an arrangement with an associate company – outsourcing processes to an external provider
• The organization can apply risk-based thinking to determine the type and extent of controls appropriate to external providers and externally provided processes, products and services
www.paradygm.co
Other International Standards on Quality Management and Quality Management Systems Developed by ISO/TC 176
• List of standards developed by TC176 to provide supporting information for organizations that apply ISO 9001:2015 and to provide guidance for organizations that choose to progress beyond these requirements
• The guidance provided in the documents listed in Annex B do not add to, or modify, the requirements of ISO/FDIS 9001:2015
• Table B.1 illustrates the relationship between these standards and the relevant clauses in ISO
www.paradygm.co
Insert Table B.1
www.paradygm.co
The new structure for ISO 9001 • One of the big changes to come in the new version of ISO 9001:2015 is its structure
• There will now be 10 sections (instead of 8) in the Standard; the requirements themselves are set out in Clauses 4 - 10
Clause Description
1 Scope
2 Normative references
3 Terms and Definitions
4 Context of the organization
5 Leadership
6 Planning
7 Support
8 Operation
9 Performance evaluation
10 Improvement
Annexes A & B
www.paradygm.co
0.2 Quality Management Principles
• ISO 9001:2008 was based on eight quality management principles whereas ISO 9001:2015 is based on seven
• The principle of “A systems approach to management” has been combined with the “process approach” principle
• The seven principles: Customer focus, Leadership, Engagement of people, Process approach, Improvement, Evidence-based decision making and Relationship management
• A description of the seven “Quality Management Principles” can be found ISO 9000:2015
www.paradygm.co
0.3 Process Approach
www.paradygm.co
Fig 2- Representation of a Process based QMS (PDCA)
www.paradygm.co
0.3.2 Plan-Do-Check-Act Cycle
• The methodology known as “Plan-Do-Check-Act cycle can be applied to all processes and the quality management system as a whole
• PDCA cycle which can be briefly described as follows: • Plan: establish the objectives of the systems and its
component processes and resources • Do: implement what was planned • Check: monitor and where applicable measure processes,
product and services against policies, objectives and requirements, and report the results
• Act: take actions to improve process performance, as necessary
www.paradygm.co
0.3.3 “Risk-based thinking” • Risk is essential for achieving and effect quality
management system • The concept of risk-based thinking has always been
implicit in ISO 9001 (i.e. preventive action) • The organization needs to plan and implement actions
to address risks and opportunities • Basis for increasing the effectiveness of the QMS, achieving
improved results and preventing negative effects • Risk is the effect of uncertainty which can have negative
or positive effects • Actions taken to address opportunities can also include
considerations of associated risk
www.paradygm.co
0.4 Relationship with other Management System Standards • The Standard applies the framework developed by ISO to improve
alignment among all International Standards for management systems
• This enables an organization to use the process approach: – with the PDCA methodology and risk-based thinking – to align or integrate its quality management system
with the requirements of other management system standards
www.paradygm.co
Section 1 - Scope • All requirements of this International Standard are generic
and are intended to be applicable to all organizations, regardless of type, size and product provided.
Section 2 - Normative References • Reference to ISO 9001:2015, “Quality
Management Systems – Fundamentals a Vocabulary”
Section 3 – Terms and Definitions • Refers to ISO 9000:2015 - No additional terms or
definitions
www.paradygm.co
ISO 9001:2015 Requirements - Highlights
www.paradygm.co
What’s in Clause 4 - Context of the Organization
• 4.1 Understanding the organization and its context
• 4.2 Understanding the needs and expectations of interested parties
• 4.3 Determining the scope of the quality management system
• 4.4 Quality management system and its processes
This is a new clause and collectively will provide a key insight into the organization - why the organization is here.
This should provide a key insight into the why, how and what of the organization’s purpose and objectives
www.paradygm.co
Explanation:
• Purpose and strategic direction of the organization’s management system
• Why the organization is here • Determine relevant issues, both internal and external, that have an impact
on what the organization is trying to achieve, its intended outcomes. • Monitor and review this information
Notes 1,2 & 3 Add context to this requirement
Clause 4 - Context of the Organization • 4.1 Understanding the
Organization and its Context 2. Understanding the needs and expectations of interested parties 3. Determining the scope of the quality management system 4. Quality management system and its processes
•
•
•
www.paradygm.co
Explanation: • Organization has to determine who are its interested parties and
what their requirements are – interested party - person or organization that can affect, be
affected by, or perceive themselves to be affected by a decision or activity
• Information about these interested parties and their relevant requirements needs to be monitored and reviewed
Clause 4 - Context of the Organization • 4.1 Understanding the Organization and
its Context
• 4.2 Understanding the needs and expectations of interested parties 3. Determining the scope of the quality management system 4. Quality management system and its processes
•
•
www.paradygm.co
Explanation: • Determine the boundaries and applicability of the quality
management system to establish its scope • Scope needs to be available as documented information stating the:
– products and services covered by the quality management system justification for any instance where a requirement of the Standard cannot be applied. Must not affect ability or responsibility to ensure conformity of product or service
–
• 1. Understanding the Organization and its Context 2. Understanding the needs and expectations of interested parties
• 4.3 Determining the scope of the quality management system 4.4 Quality management system and its processes
•
•
Clause 4 - Context of the Organization
www.paradygm.co
Explanation: • The organization needs to build (establish, implement, maintain
and continually improve) its management system • Includes the processes needed and their interactions • In determining the processes needed and their application,
following should be considered:
• 1. Understanding the Organization and its Context 2. Understanding the needs and expectations of interested parties 3. Determining the scope of the quality management system
• 4.4 Quality management system and its processes
•
•
Clause 4 - Context of the Organization
www.paradygm.co
What’s in Section 5 - Leadership
• 5.1 Leadership and commitment
• 5.2 Policy
• 5.3 Organizational roles, responsibilities and authorities
• Many requirements previously defined in this clause have moved to alternative sections of the standard i.e. planning, communications, management review
• What remains requires Top Management to now have a greater involvement in the management system
www.paradygm.co
Explanation: • Leadership takes accountability of the effectiveness of the quality
management system • Ensuring the integration of the quality management system
requirements into the organization’s business processes • Quality Policy should align with the Strategic direction / plan and the
context of the organization. • Promoting the use of the process approach and risk- based thinking
Clause 5 - Leadership
• 5.1 Leadership and commitment 2. Policy 3. Organizational roles, responsibilities and authorities
• •
www.paradygm.co
What’s in Section 6 – Planning
• 6.1 Actions to address risks and opportunities
• 6.2 Quality objectives and planning to achieve them
• 6.3 Planning of changes
• Although previously implied, risk is now the subject of an explicit requirement of the standard
• The risks and opportunities identified will lead to policies and objectives
• Clause 6 puts a greater emphasis on the organization’s planning which is integral to the business
www.paradygm.co
Where is Risk referenced in the ISO 9001:2015 Standard?
• Clause 4.4.1 f) - QMS and its processes - determine the risks and opportunities in accordance with the requirements of 6.1
• Clause 5.1.1 d) – Promoting the use of the process approach and risk-based thinking
• Clause 5.1.2 b) Customer Focus - the risks and opportunities that can affect conformity of products and services…..
• Clause 6.1.1 & 6.1.2 - Actions to address risk and opportunities.. proportionate to the potential impact…..
• Clause 8.1 Operational planning and control - review the consequences of unintended changes taking action to mitigate any adverse effects, as necessary Isn't this Risk?
• Clause 8.3.3 e) Design and development Inputs - potential consequences of failure due to the nature of the products and services Isn't this Risk?
37
www.paradygm.co
• Clause 8.5.5 b) Post-delivery activities - post-delivery activities that are required, the organization shall consider the potential undesired consequences associated with its products and services
• Clause 9.1.3 e) Analysis and evaluation – the effectiveness of actions taken to address risks and opportunities
• Clause 9.3.2 Management Review – management review shall be planned and carried out taking into consideration
– d) effectiveness of actions taken to address risks and opportunities (clause 6.1)
• Clause 10.1 b) Improvement – General – correcting, preventing or reducing undesired effects. Isn’t this risk?
• Clause 10.2.1 Nonconformity & corrective action – when a nonconformity occurs
– e) update risks and opportunities determined during planning, if necessary
Where is Risk referenced in the ‘Final Draft’ Standard
www.paradygm.co
39
Explanation: • Organization needs to determine the risks and opportunities that need
to be addressed by the management system (ref Clauses 4.1 and 4.2) to: – give assurance that the quality management system can achieve
its intended result(s) – enhance desirable effects – prevent, or reduce, undesired effects – achieve continual improvement
• 6.1 Actions to address risks and opportunities Quality objectives and planning to achieve them
Planning of changes
•
•
Section 6 – Planning
www.paradygm.co
What’s in Section 7 - Support
• 7.1 Resources
• 7.1.1 General
• 7.1.2 People
• 7.1.3 Infrastructure
• 7.1.4 Environment for the operation of processes
• 7.1.5 Monitoring and measuring resources
• 7.1.5.1 General • 7.1.5.2 Measurement
traceability • 7.1.6 Organizational
knowledge
• This is a newly constructed section that includes - resources, competence, awareness, communication & documented information
• Much of what it contains is a collection from existing requirements from 2008 Sections 4,5,& 6
The support required to meet the organization’s
goals
www.paradygm.co
• 7.2 Competence
• 7.3 Awareness
• 7.4 Communication
• 7.5 Documented information
• 7.5.1 General
• 7.5.2 Creating and updating
• 7.5.3 Control of documented information
What’s in Section 7 - Support
41
• Organizations will have more flexibility on the types and formats of documentation that they use to provide the necessary controls for their management
• There is no requirement to (formally) document a procedure, unless that's what the organization feels it needs
www.paradygm.co
What’s in Section 8 - Operation
• 8.1 Operational planning and control
• 8.2 Requirements for products and services
• 8.2.1 Customer communication • 8.2.2 Determining the
requirements related to products and services
• 8.2.3 Review of requirements related to products and services
• 8.2.4 Changes to requirements for products and services
42
• The new clause 8 covers many of the Product Realization requirements contained in clause 7 in the 2008 version
• Whatever is at the heart of the management system ‘The Business’ then this is what goes into clause 8
www.paradygm.co
• 8.3 Design and development of products and services
• 8.3.1 General • 8.3.2 Design and development
planning • 8.3.3 Design and development
inputs • 8.3.4 Design and development
controls • 8.3.5 Design and development
outputs • 8.3.6 Design & development
changes
What’s in Section 8 - Operation
43
• 2008 clause 7.3 Design & development is simplified to clause 8.3 Design and development of products and services
www.paradygm.co
What’s in Section 8 - Operation
• 8.4 Control of externally provided processes, products and services
• 8.4.1 General
• 8.4.2 Type and extent of control
• 8.4.3 Information for external providers
44
• This area of the revision covers all aspects of the ‘Supplier’ requirements formerly covered by clause 7.4 in 2008
www.paradygm.co
• 8.5 Production and service provision
• 8.5.1 Control of production and service provision
• 8.5.2 Identification and traceability
• 8.5.3 Property belonging to customers or external providers
• 8.5.4 Preservation • 8.5.5 Post-delivery activities • 8.5.6 Control of changes
45
What’s in Section 8 - Operation
• This covers many of the requirements of clause 7.5 in the 2008 version
www.paradygm.co
What’s in Section 8 - Operation
• 8.6 Release of products and services
• 8.7 Control of nonconforming outputs
46
• The new section 8 covers many of the requirements of section 7 in the 2008 version
• These last two clauses pick up some of what was previously detailed in 7.5.2 & 8.3
www.paradygm.co
47
Explanation: • The changes made to the design and development area of the revision
are for the most part terminology and simplified wording • There is however a significantly increased focus on the role the
customer has in all stages of the design process • The need for ‘documented information’ to confirm appropriateness of all
stages is also clearly stated • Any changes made to design inputs and design outputs during the
design and development must be clearly identified
Section 8 - Operation
• 8.3.1 General • 8.3.2 Design and development
planning • 8.3.3 D and D inputs • 8.3.4 D and D controls • 8.3.5 D and D outputs • 8.3.6 D and D changes
www.paradygm.co
What’s in Section 9 – Performance Evaluation
• 9.1 Monitoring, measurement, analysis and evaluation
• 9.1.1 General • 9.1.2 Customer satisfaction • 9.1.3 Analysis and
evaluation • 9.2 Internal audit • 9.3 Management review • 9.3.1 General • 9.3.2 Management review
inputs • 9.3.3 Management review
outputs
48
The process of determining what is to be monitored, measured, analyzed and evaluated will enable the organization to determine ‘is the management system suitable, adequate and effective?’ Add to this internal audit and management review and everything is in place to fully understand the benefits of a quality management system
www.paradygm.co
Section 9 – Performance Evaluation
49
• The organization has to determine: – Identify what needs to be monitored and measured – Identify the methods for monitoring, measurement,
analysis and evaluation needed to ensure valid results – when the monitoring and measuring shall be
performed – when the results from monitoring and measurement shall
be analyzed and evaluated retain appropriate documented information as
evidence of the results. –
Includes the evaluation of the performance and the effectiveness of the quality management system.
www.paradygm.co
What’s in Section 10 - Improvement
• 10.1 General • 10.2 Nonconformity and
corrective action • 10.3 Continual improvement
50
• The requirements here are familiar and well understood
• Corrective actions shall be appropriate to the effects of the nonconformities encountered.
• What about preventive action?
www.paradygm.co
Explanation • “The organization shall determine and select opportunities for
improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction”
• improving products and services to meet requirements as well to address future need and expectations
• correcting, preventing or reducing undesirable effects • improving the performance and effectiveness of the QMS
Clause 10 – Improvement
• 10.1 General • 10.2 Nonconformity and
corrective action • 10.3 Continual improvement
www.paradygm.co
Explanation: When a nonconformity occurs: • Take action to control and correct it and deal with consequences • Evaluate the need for action to eliminate the cause to ensure it does not
recur or occur elsewhere • Determine if similar nonconformities exist or could potentially
occur • Update risks and opportunities determined during planning • Corrective actions should be appropriate to the effects of the
nonconformities encountered • Retain documented information
Clause 10 – Improvement
• 10.1 General
• 10.2 Nonconformity and corrective action 10.3 Continual improvement •
www.paradygm.co
Transition Period for Certification
September 2015 (Published International Standard)
""
September 2015 start of 3 year transition period to September 2018
2018 2017 2016 2015
www.paradygm.co
Recertification assessments to ISO 9001:2015*
ISO 9001:2015 Revision – What’s Next?
• Impact on other standards: – Expect changes to industry-specific standards to follow as
these are updated over time – Expect changes to supporting documents as these are
modified in the future • Expect further news updates as this process evolves • Other important Information will be released shortly
www.paradygm.co
www.saiglobal.com/assurance
Paradygm Consulting Inc.1-855-702-9001 www.paradygm.co
www.paradygm.co
![Sartori, Giovanni (1994 [1987]) a Teoria Da Democracia Revisitada (Vols 1 e 2)](https://img.pdfslide.us/doc/110x75/55cf9c1d550346d033a8a6e0/sartori-giovanni-1994-1987-a-teoria-da-democracia-revisitada-vols-1-e.jpg)
