Upload
dinhtuyen
View
217
Download
0
Embed Size (px)
Citation preview
Purpose
• Background to the ISO 9001 development and revision timeline
• What the key changes are:– New Structure– New Content– Risk Based Approach– Quality Management Principles
• How Changes Might Effect You• Communicate Revision Timelines
Key Points
• ISO 9001 is the most widely adopted QMS standard worldwide (1.1 million registrations)
• Under revision scheduled for September 2015 publication
• Currently under FDIS version
• Changes to impact senior management, quality professionals, audit professionals (assessors)
Why was ISO 9001:2008 Revised?
Reflect a changing business environment
Increased service prominence
Align management system standards
ISO scheduled review
Revision Timeline
2013 2014 2015
June 2013: CD(Committee Draft)
May 2014: DIS(Draft International Standard)
July 2015 : FDIS
(Final Draft International Standard)
September 2015: IS(International Standard)
TransitionPeriod
Development of ISO 9001 Series
1987
Quality Assurance (20 Elements)
1994
Small Revision
2000
Quality Management (process approach)
2008
Minor Revision
2015
New Structure (Risk Based Thinking)
Quality Management Principles-Annex
2008: 8 QMPs
1. Customer focus
2. Leadership
3. Involvement of people
4. Process approach
5. System approach to management
6. Continual improvement
7. Factual approach to decision making
8. Mutually beneficial supplier relationships
2015: 7 QMPs
1. Customer focus
2. Leadership
3. Engagement and competence of people
4. Process approach
5. Improvement
6. Informed decision making
7. Relationship management
What is Annex SL?
Framework for a generic management system
Annex SL (previously ISO Guide 83) is a publication which
forms the basis of a generic management system
It is designed to help streamline creation of new standards,
and make implementing multiple standards within one
organization easier
Why was Annex SL Developed?
Help organizations with multiple management systems
Save money and time for multiple systems
Eliminate redundancy and confusion
Rationalize business operations by integration of different areas of compliance
Annex SL and Management Systems1. Scope2. Normative references3. Terms and definitions4. Context of the organization5. Leadership6. Planning7. Support
PLAN
8. Operation DO
9. Performance evaluation CHECK
10. Improvement ACT
When will Annex SL Take Effect?
ISO 22301 (Business Continuity) was the first to adopt Annex
SL structure
Other standards include:
ISO 27001‐ Information technology ISO 9001:2015 (published) ISO 14001:2015 (published) AS9100/10/20 (currently under revision) ISO 13485:2003 (currently under revision) ISO/TS 16949 OHSAS 18001
Structure of ISO 9001 FamilyISO 9001:2008 ISO 9000:2005 Sets out the requirements of a
quality management system Certifiable
Covers the basic concepts and terminology used in the entire ISO 9000 family
Non‐certifiable
ISO 9004:2009 ISO 19011:2011 Provides guidance on how to
make the quality management system more successful
Non‐certifiable
Provides guidance on internal and external audits for quality management systems
Structure of ISO 9001:2008Section 1 Scope
Section 2 Normative references
Section 3 Terms and definitions
Section 4 Quality Management System
Requ
iremen
tsSection 5 Management Responsibility
Section 6 Resource Management
Section 7 Product/ Service Realization
Section 8 Measurement, Analysis and Improvement
ISO 9001 Main Changes
Process approach
Risk based thinking
Documentation flexibility
Better focus on stakeholders
ISO 9001:2015 New StructureSection 1 Scope
Section 2 Normative references
Section 3 Terms and definitions
Section 4 Context of the organization
Requ
iremen
ts
Section 5 Leadership
Section 6 Planning
Section 7 Support
Section 8 Operation
Section 9 Performance evaluation
Section 10 Improvement
Annex A Clarification of new structure
Annex B Other international standards managed by ISO TC/176
Module 4: Introduction/TermsGeneral
0.1 General
0.2 Quality Management Principles
0.3.1 Process Approach
0.3.2 PDCA
0.3.3 Risk Based Thinking
Scope2 Normative References
Scope Normative References
Terms & Definitions
3 Terms & Definitions
0.4 Relationship with MSS
0.1 General
Strategic decision for the organization
Help organizations achieve its objectives
Reminded that the standard does not prescribe how the
QMS should look
Employs a process approach which incorporates the
PDCA cycle and risk‐based thinking
0.1 General
“Shall” indicates a requirement
“Should” indicates a recommendation
“May” indicates a permission
“Can” indicates a possibility or a capability
“Note” is for guidance in understanding or clarification
0.2 Quality Management Principles
Standard based on the 7 quality management principles
These reside within ISO 9000:2015
0.3 Process Approach Promotes the process approach beyond the existing
requirements of ISO 9001:2008 The application will vary based on complexity, size and
activities of the organization Organizations often identify too many processes Requirements for adopting the process approach are
defined in clause 4.4
Subsequent Processes:
(Internal or external)
Matter,
Energy,
Information
Matter,
Energy,
Information
Predecessor Processes:
(Internal or external)
0.3.1 General
Sources of Inputs Receivers of OutputsInputs OutputsActivities
Starting Point End Point
Possible controls & check points to monitor and measure performance
0.3.3 Risk Based Thinking
Risk based thinking is something we all do automatically and often sub‐consciously
The concept of risk has always been implicit in ISO 9001‐ this revision makes it more explicit and builds it into the whole management system
Risk based thinking is already part of the process approach
Risk based thinking makes preventive action part of the routine
0.3.3 Risk Based Thinking
Risk: “effect of uncertainty”
Risk is often thought of only in the negative sense. Risk‐based thinking can also help to identify opportunities. This can be considered to be the positive side of risk
Negative or Positive
Preventive ActionPreventive Action
0.3.4 Relationship with other MSS
ISO 9000 ISO 9004 Annex B provides details of other MSS developed by ISO/TC/176
Module 4: IntroductionGeneral
0.1 General
0.2 Quality Management Principles
0.3.1 Process Approach
0.3.2 PDCA
0.3.3 Risk Based Thinking
Scope2 Normative References
Scope Normative References
Terms & Definitions
3 Terms & Definitions
0.4 Relationship with MSS
1 Scope/ 2 References/ 3 Terms
Scope Normative References
Scope is not changed
References to “exclusions” sub‐clause 1.2 “Application” has been removed
Clause 4.3 requires the QMS scope to contain justification for any requirement deemed “non applicable”.
ISO 9000:2015 referenced
Terms and Definitions
ISO 9000:2015
Module 4: PLAN4. Context of the organization
4.1 Understanding the organization
4.2 Understanding the needs of
interested parties
4.3 Determining the scope of the QMS
4.4 QMS and its processes
5. Leadership 6. Planning 7. Support
5.1 Leadership and commitment
5.2 Quality policy
5.3 Organizational roles, authorities, responsibilities
6.1 Actions to address risk and opportunities6.2 Quality
objectives and planning
6.3 Planning of changes
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
4 Context of the Organization
Organization
“person or group that has its own functions with responsibilities, authorities and relationships to achieve its objectives”
4.1 Understanding the organization and its context
This is a new requirement and a very important one Necessary to understand quality challenges and the risk
inherent in that market segment
The organization shall determine external and internal issues that are relevant and can prevent the success of the quality management system implementation
The organization shall monitor and review information about these internal and external issues (not done just once)
4.1 Understanding the organization and its context
Organization Environment
Organization
Internal Environment
(Internal Capability Analysis)
External Environment
(Analysis of External Influencing Factors)
4.1 Understanding the organization and its context
Analyzing the External Environment (PESTLE)
Political Government type and policy Funding, grants and initiatives
Economic Inflation and interest rates Labor and energy costs
Social‐Cultural Population, education, media Lifestyle, fashion, culture
Technological Emerging technologies, Web Information & communication
Legal Regulations and standards Employment law
Environment Weather, green & ethical issues Pollution, waste, recycling
4.1 Understanding the organization and its context
Outcome of External Environment Analysis
Opportunities
Threats
Global
National
Regional
Local
4.1 Understanding the organization and its context
Analyzing the Internal Environment
Brainstorming 7s Assessment
4.1 Understanding the organization and its context
Analyzing the Internal Environment
Brainstorming
Factors to Consider
Values
Culture
Knowledge
Performance of organization
4.1 Understanding the organization and its context
Analyzing the Internal Environment
7s Assessment
Factors to Consider
Shared values
Skills
Style
Strategy
Staff
Structure
System
4.1 Understanding the organization and its context
Outcome of Internal Environment Analysis
Strengths
Weaknesses
4.1 Understanding the organization and its context
Strengths Weaknesses
Opportunities Threats
Internal
External
SWOT
4.1 Understanding the organization and its context
BUILD ON YOUR STRENGTHS
ADDRESS YOUR WEAKNESSES
CONSIDER YOUR
OPPORTUNITIES
GUARD AGAINST YOUR
THREATS
Doing Something About It!
Risk Management
4.2 Understanding the needs and expectations of interested parties
Interested party
“person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity”
4.2 Understanding the needs and expectations of interested parties
The organization shall:
Determine the interested parties that are relevant to the quality management system
Determine the requirements for these interested parties that are relevant to the quality management system
Monitor and review information about these interested parties and their relevant requirements
4.2 Understanding the needs and expectations of interested partiesIdentification and analysis of interested parties
Legislator
Financial Institutions
Suppliers Customers InterestGroups
Media Public Shareholders
Board of Directors
Employees
Management Team
Unions
Organization
4.2 Understanding the needs and expectations of interested partiesAnalysis of their requirements and expectations
1. Identify the requirements and expectations
‐ Identify requirements‐ Requirements may be implicit or explicitExample: On‐time delivery 98.5%
2. Validate requirements and expectations
‐ Analyze the quality needs and confirm if meeting requirement
Example: Data, survey, interviews, focus groups
3. Identify roles and responsibilities
‐ Define what is expected from the interested parties Example: Roles, responsibilities, level of participation
4.3 Determining the scope of the QMS
Apply all the requirements of the standard, if applicable
Claimed non‐applicability does not affect conformity of product or services provided
Scope: Is a required “Documented Information” Must include types of products or services Provide justification for non‐applications
4.3 Determining the scope of the QMS
External and internal issues
Requirements of interested parties
Products and services of the organization
Consider the following to determine the scope:
Replaces ISO 9001:2008 Clauses: 1.2 & 4.2.2a)
4.4.1 Quality management system and its processes
Organization shall identify the processes and determine:
Inputs required and outputs expected The sequence and interaction of these processes The criteria, methods (monitoring/ measurement) The resources needed Assign responsibilities and authorities Address opportunities and risks Evaluate the processes and implement changes to achieve
intended results
4.4 Quality management system and its processes
Address risks and opportunities
Focus on performance indicators for effective operation and control
Outsourcing moved to Clauses 8.1 & 8.4
Replaces ISO 9001:2008 Clauses: 4.1
4.4.2 Maintain Documented Information
Quality ManualQuality Manual
ProceduresProcedures
RecordsRecords
4.4.2 Maintain Documented Information
Documented Information
“information required to be controlled and maintained by an organization and the medium on which it is contained”
Organizational freedomOrganizational freedom
4.4.2 Maintain Documented Information
To extent necessary, the organization shall:
Maintain documented information to support the operation of its processes (Documents/Procedures/WI)
Retain documented information to have confidence that processes are being carried out as planned (Records)
Module 4: PLAN4. Context of the organization
4.1 Understanding the organization
4.2 Understanding the needs of
interested parties
4.3 Determining the scope of the QMS
4.4 QMS and its processes
5. Leadership 6. Planning 7. Support
5.1 Leadership and commitment
5.2 Quality policy
5.3 Organizational roles, authorities, responsibilities
6.1 Actions to address risk and opportunities6.2 Quality
objectives and planning
6.3 Planning of changes
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
5 Leadership
Top Management
“person or group of people who directs and controls an organization at the highest level”
5.1.1 Leadership and CommitmentEnsuring: Someone else can do itEnsuring: Someone else can do it
Doing: they must do it themselvesDoing: they must do it themselves
Management RepresentativeManagement Representative
5.1.1 Leadership and CommitmentTop management is required:
Be accountable for the effectiveness of the QMS
Ensure quality policy and objectives are in place
Ensure integration of the QMS into business processes
Promote use of process approach
Ensure availability of resources
5.1.1 Leadership and CommitmentTop management is required:
Communicating the importance of effective and conforming QMS
Ensuring the QMS achieves its intended results
Engaging, directing and supporting persons to contribute to the
effectiveness of the QMS
Promoting improvement
Supporting other relevant management roles to demonstrate
their leadership to their areas of responsibility
5.1.2 Customer FocusNew Addition:
Regulatory requirements determined and met
Risks and opportunities addressed
Replaces ISO 9001:2008 Clause 5.2:
Same focus on enhancing customer satisfaction
5.2 Quality Policy
5.2.1 Establish Policy
• Appropriate• Provides framework for objectives• Commitment to satisfy applicable requirements• Commitment to continual improvement
5.2.2 Communicate
Policy
• Maintained as documented information• Communicated and understood within organization
• Available for relevant interested parties
5.3 Organizational Roles, Responsibilities and Authorities
There is no explicit requirement to assigning a “management representative”, yet the responsibilities and authorities still remain
Responsibilities and authorities for relevant roles are assigned, communicated and understand
Ensuring that integrity of the QMS is maintained when changes are planned and implemented
Module 4: PLAN4. Context of the organization
4.1 Understanding the organization
4.2 Understanding the needs of
interested parties
4.3 Determining the scope of the QMS
4.4 QMS and its processes
5. Leadership 6. Planning 7. Support
5.1 Leadership and commitment
5.2 Quality policy
5.3 Organizational roles, authorities, responsibilities
6.1 Actions to address risk and opportunities6.2 Quality
objectives and planning
6.3 Planning of changes
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
6.1 Actions to Address Risks and Opportunities
A consideration of these to determine the risks and opportunities that need to be addressed, specifically to:
Give assurance that the QMS can achieve its intended results
Enhance desirable effects Prevent, or reduce, undesired effects Achieve improvement
6.1 Actions to Address Risks and Opportunities
The organization shall plan:
Actions to address these risks and opportunities Integrate into QMS processes Evaluate effectiveness Proportionate to the potential impact on the conformity
of products and services
Beyond Clause 6
4 Process Approach Determine the risks which can affect the ability to meet these objectives
5 Leadership Top management are required to commit to ensuring Clause 4 is followed
6 Planning Required to take action to address risks and opportunities
Beyond Clause 6
8 Operation Required to have processes which identify and address risk in operations
9 Evaluation Required to monitor, measure, analyze and evaluate risks and opportunities
10 Improvement Required to improve by responding to changes in risk
What Should I Do?
Use a risk‐driven approach to organizational processes
Identify what risks and opportunities are in your organization‐ it depends on context
ISO 9001:2015 will not automatically require you to carry out a full formal risk assessment, or to maintain a risk register
ISO 31000 (Risk Management‐Principles and guidelines) will be a useful reference (but not mandated)
What is Risk?Let’s Recall
Risk:
An uncertain future event or condition which if happens affect the mission objective
It could have a positive or negative effect
Opportunity:
Positive risks are called
opportunities
You want to take
maximum advantage of
these positive risks
What is Risk?Risk:
Risk is associated with future event, which has not happened yet
Issue:
A risk which has already occurred
What is Risk?Risk Appetite:
Amount and type of risk that an organization is prepared to take in order to meet their strategic objectives
Risk Tolerance:
Organization’s readiness to bear the risk after risk treatments in order to achieve its objectives
What is Risk Management?
Identification of risks
Assessment of risks
Prioritization of risks
Resources
Probability and/ or impact of unfortunate events
Realization of opportunities
Minimize Monitor Control
Maximize
Risk Management Steps
Plan Risk Management Identify Risks Analyze Risks Plan Risk
ResponseMonitor and Control Risks
1 2 3 4 5
Transition Timeline
2015 2016 2017
September 15, 2015:
Published International Standard)
September 15, 2018:
End of 3 years transition period
2018
Validity of Certifications
ISO 9001:2008 certifications will not be valid after three years from publication of ISO 9001:2015.
The expiration date of certifications to ISO 9001:2008 issued during the transition period needs to correspond to the end of the three year transition period.
Best Time to Transition
Contract
Stage 1 Assessment
Stage 2 Assessment
RegistrationSurveillance 12 months
Surveillance 24 months
Re‐Registration
Key changes you do not need to make!
REMOVE
RELEGATE
RENUMBER
RESTRUCTURE
REFRESH
Management Representative
Quality Manual and documented procedures to the trash bin
Or rename existing QMS documentation
QMS to follow the sequence of requirements as set by the standard
Existing documentation to use the new terms and definitions
Planning To Do List
Copy of the standard
Gap analysis
Develop an implementation plan
Provide appropriate training and awareness
Update the existing QMS
Review registration cycle‐ expected transition date
Coordinate with your registrar