Upload
john-roskam
View
677
Download
1
Tags:
Embed Size (px)
Citation preview
PLANNING NEW ISO-9001 STANDARD
June2012
Draft design spec. and
WDO
December 2012
Approved design spec
and WD1
April2013
CD for comment and ballot
May2014
ISO/DIS 9001:2014 published
for comment (3 months)
March2015
Proposed FDIS
publication
September 2015
Proposed ISO
9001:2015 publication
Proposed Transition
Period
3 years from standard
publication
The start:
Management makeover -“ New format for future ISO management system standards
:
ANNEX SL - BACKGROUND
ANNEX SL: COMMON TERMINOLOGY & STRUCTURE
Defines framework for a general management system
The incorporation of Annex SL means a new structure and layout out for ISO 9001
and one which all management system standards are adopting as they are revised or
introduced in the future.
Opportunity to integrate different management systems (ISO-9001, 14001)
Uniform definition of terms. They have been included to help the reader understand
all the terms used. An understanding of the definitions is vital in order to fully grasp
the new standard’s requirements.
One term that is used extensively throughout ISO/DIS 9001:2014 is ‘Determine.’
Determination is defined in ISO/DIS 9001:2014 as:
“activity to find out one or more characteristics and their characteristic values”
Within the management systems environment, organisations will have to consider
how they can provide evidence that a process of determination has taken place and
that an output from that process exists.
ANNEX SL – MAIN STRUCTURE (CHAPTERS)
ISO 9001: 2015, 14001, 27001, 45001 of………
0. Introduction
1. Scope
2. Normative Reference
3. Terms and Definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10.Improvement
4.
CONTEXT OF THE ORGANIZATION
5.
LEADERSHIP
6.
PLANNING
7.
SUPPORT
8.
OPERATION
9. PERFORMANCE EVALUATION
10. IMPROVEMENT
PLAN DO CHECK ACT
ANNEX SL – CHAPTERS IN RELATION TO PDCA
4.
CONTEXT OF THE
ORGANIZATION
Understanding of
the organization
and its context
Needs and
expectations of
interested parties
Scope of
management
system
QMS and its
processes
5.
LEADERSHIP
Leadership and
commitment
Quality policy
Roles,
responsibilities
and authorities
6.
PLANNING
Actions to
address risk
and
opportunities
Quality
objectives &
planning to
achieve them
7.
SUPPORT
Resources
Competence
Awareness
Communication
Documented
information
Planning of
changes
PLAN
8.
OPERATION
Operational planning and control
Determination of requirements for
products and services
Design and development of
products and services
Control of externally provided
products and services
Production and service provision
Release of products and services
Control of nonconforming process
outputs, products and services
9. PERFORMANCE EVALUATION
Monitoring,
measurement,
analysis and
evaluation
Internal audit
Management
review
10. IMPROVEMENT
Nonconformity
and corrective
action
Continual
improvement
DO ACTCHECK
General
ANNEX SL – CHAPTERS/PDCA IN DETAIL
ANNEX SL – WHAT DO TEXT COLOURS IN STANDARDS
(DRAFT VERSIONS) MEAN?
PAGE 9
Om succesvol te zijn, stemmen wij onze werkzaamheden af op de gekozen klantsegmenten.
In alle segmenten willen wij marktleider zijn. We zorgen dat we onze leidende positie in Large en
Strategic (meer dan 100 auto’s) behouden. En dat wij ons marktaandeel in MKB en Business (minder
dan 100 auto’s) vergroten.
Om dit te realiseren, moeten we onder meer onze kosten onder controle houden door onze directe (auto-
gerelateerde) kosten te verlagen
Black text = ISO-standard specific part
Blue text = ANNEX SL (general part)…but colours seem to be mixed up in the draft versions….
E.g.
ISO-9001: 5.2 Quality policy
6.2 Planning for the quality management system
ISO-14001: 5.2 Environmental policy
6.2 Planning
Red text = To be decided (will not be included in final
version)
Clause No: Title Item Change
1: Scope Scope Clarifications
2: Normative References Normative References No normative references
3: Terms and Definitions Terms and Definitions Some amendments and clarifications
4: Context of the organization Context of the organization New requirements
5: Leadership Leadership Greater area of focus, integral to business processes and
accountability
6: Planning Risks/Opportunities
Planning of changes
New requirement
Greater area of focus
7: Support Knowledge
Documented Information
New requirement
New requirement
8: Operation Outsourcing
Design & Development
Post Delivery Activities
New requirement
Requirements made clearer
Greater area of focus
9: Performance Evaluation Performance indicators
Management Review
Greater area of focus on risk(s) and performance
Greater area of focus
10: Improvement Continual Improvement Clarification on approach and structure, removal of preventive action
What’s new? (See annex A of ISO/DIS, page 44)
7 Quality Management Principles:
(see annex B of ISO/DIS)
• Customer Focus
• Leadership
• Engagement of People
• Process Approach
• Improvement
• Evidence-based Decision Making
• Relationship Management
THE COMPLETE PICTURE
Continual Improvement
Requirements Products &
services
Customer &
other relevant
interested
partiesPlanning Performance
evaluation
Operations
Management
Responsibility
Leadership
Input
Supporting processes
Customer
satisfaction
OutputsInputs
X
Context, relevant
interested parties
&
Scope of QMS
X
General &
Process approach
PLAN – CHAPTER 4
4.
CONTEXT OF THE ORGANIZATION
Understanding of the
organization and its
context
Needs and expectations
of interested parties
Scope of management
system
QMS and its processes
5.
LEADERSHIP
Leadership and
commitment
Quality policy
Roles, responsibilities
and authorities
6.
PLANNING
Actions to address
risk and
opportunities
Quality objectives &
planning to achieve
them
7.
SUPPORT
Resources
Competence
Awareness
Communication
Documented information
Planning of changes
PLAN
ISO/DIS 9001:2014 REQUIREMENTS
Clause 4.1 - Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.
Implication:
Define the context of the organization (= business environment) in terms of:
Internal and external issues
Issues can be risks AND opportunities
“Note 1” defines “drivers” that could be taken into account concerning external issues:
1. Politcs, legislation
2. Technology
3. Competitors and market circumstances
4. Social/cultural circumstances
5. Economical environment
(Inter-)national, regional or local
“Note 2” defines “drivers” that could be taken into account concerning internal issues: 1. Corporate values2. Culture3. Level of knowledge4. Performance of the organization
ISO/DIS 9001:2014 REQUIREMENTS
4.2 UNDERSTANDING THE NEEDS AND EXPECTATIONS
OF INTERESTED PARTIES
The organization shall determine:
a) the interested parties that are relevant to the quality management system, and
b) the requirements of these interested parties that are relevant to the quality
management system
Implication:
Determine all the stakeholders (not only customers!) of the organization
Determine their needs and demands
ISO/DIS 9001:2014 REQUIREMENTS
4.3 DETERMINING THE SCOPE OF THE QMS
The organization shall determine the boundaries and applicability of the quality management system to establish its scope.
When determining this scope, the organization shall consider:a) the external and internal issues referred to in 4.1;
b) the requirements of relevant interested parties referred to in 4.2;
c) the products and services of the organization.
The scope shall be available and be maintained as documented information stating the justification for any instance where a requirement of this International Standard cannot be applied.
Scope and Applicability:
The way inclusion and exclusion of requirements for ISO/DIS 9001:2014 is addressed is different from previous versions. Now organisations will have to determine the scope of the management system (similar to other management system standards) and maintain this scope as documented information. The scope will need to be determined from the boundaries of the organisation, its context, its interested parties and its products and services. Where requirements can be applied, it is expected that they will be unless there is a clear reason that they are not applicable.
Process based approach
4.4 The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.
The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall determine:
For example :
h) opportunities for improvement of the processes and the quality management system.
Implication:
The requirement for a specific document called a Quality Manual has been replaced with a clause titled Quality Management System and its Processes.
Organisations are now required to determine the processes needed for the quality management system - their inputs, outputs, sequence and interaction - then maintain documented information to the extent necessary to support the understanding and operation of those processes.
retain documented information to the extent necessary to have confidence that the processes are being carried out as planned. ????
If the current quality manual fulfils these requirements then it can stay as is.
ISO/DIS 9001:2014 REQUIREMENTS
4.4 QUALITY MANAGEMENT SYSTEM AND ITS PROCESSES
4.
CONTEXT OF THE ORGANIZATION
Understanding of the
organization and its
context
Needs and expectations
of interested parties
Scope of management
system
QMS and its processes
5.
LEADERSHIP
Leadership and
commitment
Quality policy
Roles, responsibilities
and authorities
6.
PLANNING
Actions to address
risk and
opportunities
Quality objectives &
planning to achieve
them
7.
SUPPORT
Resources
Competence
Awareness
Communication
Documented information
Planning of changes
PLAN
PLAN - CHAPTER 5
More focus on the role of Top Management
Clearer definition of what is expected of the top management:
Demonstrate leadership and commitment
Responsible for the integration of the QMS with the organization business
processes
Taking accountability, engaging, supporting, promoting and communicating
Link Policy and Objectives organisational Strategy and Context
Promote awareness of the Process Approach
Ensure Risks are Managed
Be accountable for the effectiveness of the QMS
ISO 9001:2014 – REQUIREMENTS
5.1 LEADERSHIP AND COMMITMENT
The term “Management Representative” doesn’t exists anymore in this version
PLAN - CHAPTER 6
4.
CONTEXT OF THE ORGANIZATION
Understanding of the
organization and its
context
Needs and expectations
of interested parties
Scope of management
system
QMS and its processes
5.
LEADERSHIP
Leadership and
commitment
Quality policy
Roles, responsibilities
and authorities
6.
PLANNING
Actions to address
risk and
opportunities
Quality objectives &
planning to achieve
them
7.
SUPPORT
Resources
Competence
Awareness
Communication
Documented information
Planning of changes
PLAN
ISO/DIS 9001:2014 REQUIREMENTS
6.1 ACTIONS TO ADDRESS RISKS & OPPORTUNITIES
When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement
Implications:
The organization shall plan:
a) actions to address these risks and opportunities, and
b) how to:
1) integrate and implement the actions into its quality management system processes (see
4.4), and
2) evaluate the effectiveness of these actions.
Any actions taken to address risks and opportunities shall be proportionate to the potential effects on conformity of goods and services.
The incorporation of Annex SL into ISO/DIS 9001:2014 now drives a risk based approach
to thinking and acting. The requirements under a risk based approach affect quality
planning and now incorporate much of what was previously titled Preventive Action. Now
an organisation will need to determine the risks and opportunities that need to be
addressed to give assurance that the QMS can achieve its intended results.
This may appear as a new area to ISO 9001, however many organisations already have
risk based thinking and planning in many parts of their organisation which may or may not
have been connected to the QMS in the past. This greater focus on risk will mean that an
organisation will need to demonstrate how this requirement is met. The extent and
formality of the approach needed in a particular organisation will - of course - be
influenced by its context.
The concept of risk has always been implicit in ISO 9001 – this revision makes it more
explicit and builds it into the whole management system.
Risk is often thought of only in the negative sense. However, risk-based thinking can also
help to identify opportunities. This can be considered to be the positive side of risk.
ISO/DIS 9001:2014 REQUIREMENTS
6.1 ACTIONS TO ADDRESS RISKS & OPPORTUNITIES
HOW DOES RISK RELATE TO ISO 9001 –
THE MAIN OBJECTIVES
To provide confidence in the organisation’s ability to consistently
provide customers with conforming goods and services.
To enhance customer satisfaction.
The concept of ‘risk’ in the context of ISO 9001 relates to
the uncertainty in achieving these objectives
RISK IN THE CLAUSES
Clause 4: Context of the organization
The organization is required to determine the risks which can affect its ability to meet these objectives.
Clause 5: Leadership
Top management are required to commit to ensuring Clause 4 is followed.
Clause 6: Planning for the quality management system
The organization is required to take action to address risks and opportunities.
Clause 8: Operation
The organization is required to have processes which address risk in its operations.
Clause 9: Performance Evaluation
The organization is required to monitor, measure, analyse and evaluate the risks and opportunities.
Source - ISO/TC 176/SC 2/WG23 N065
RISK BASED THINKING – THINGS TO CONSIDER
Analyse and prioritise the risks and opportunities in your organisation:
what is acceptable?
what is unacceptable?
Plan actions to address the risks:
how can I manage the risk, for example reduce, eliminate?
Implement the plan – take action.
Check the effectiveness of the actions – does it work?
Learn from experience – continual improvement.
The Risk Arena provides a useful guide for considering internal (inner circle) and external (outer circle) sources of risk.
Any or all external sources of risk may have relationships or interactions with any or all internal sources of risk
SOURCES OF RISK
‘As Low as Reasonably Practical (ALARP)’ approach
Risk
Unacceptable Region
Tolerable Region
Generally Acceptable Region
Risk is justifiable only in
exceptional circumstances
Tolerable only when risk reduction
is not practicable or the cost
exceeds the benefits
Insignificant Risk
THE ALARP APPROACH TO RISK MANAGEMENT
(STANDARD FOR OHSAS 18001)
ISO/DIS 9001:2014 REQUIREMENTS
6.2 & 6.3 OBJECTIVES / PLANNING OF CHANGES
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
Implication:
Implementation of a change management process
PLAN – CHAPTER 7
4.
CONTEXT OF THE ORGANIZATION
Understanding of the
organization and its
context
Needs and expectations
of interested parties
Scope of management
system
QMS and its processes
5.
LEADERSHIP
Leadership and
commitment
Quality policy
Roles, responsibilities
and authorities
6.
PLANNING
Actions to address
risk and
opportunities
Quality objectives &
planning to achieve
them
7.
SUPPORT
Resources
Competence
Awareness
Communication
Documented information
Planning of changes
PLAN
7.1 Resources
7.2 Competences
7.3 Awareness
7.4 Communication
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
CLAUSE 7 - SUPPORT
OVERVIEW OF CONTENTS
CLAUSE 7 – SUPPORT
KNOWLEDGE & COMPETENCE
7.1.6 Organizational knowledge
Organizations shall determine knowledge necessary for the operation of the QMS and its
processes to assure conformity of goods and services and customer satisfaction.
Knowledge shall be maintained, protected and made available as necessary.
7.2 Competence
Organizations shall determine the necessary competence of person(s) doing work under its
control that affect its quality performance
Implications:
More focus on necessary skills and knowledge of employees
An organisation will now need to consider what knowledge it needs to achieve conformity of
products and services along with how it will develop, maintain and retain such knowledge.
Whilst this is a new requirement in the standard it may not mean it will be a new requirement for
any certified organisation as any well managed organisation will usually have methods to
manage the information and knowledge it needs in order to perform successfully.
E.g. development plans, role descriptions, skill matrices per process/role
7.5 The QMS shall include:
a) documented information required by ISO 9001:2015
b) documented information determined by the organization as being necessary to achieve effectiveness
Implications:
More freedom in ‘documented information’
The terms ‘documented procedure’ and ‘record’ and have been replaced with ‘document information’. In use, this means that ‘documented procedures’ are replaced by the requirement to maintain documented information and ‘records’ are replaced by the requirement to retain documented information. The nature and type of documented information that an organisation needs to maintain or retain is dependent on the context and its operating environment. The way documented information is defined in ISO/DIS 9001:2014 provides more scope for an organisation to determine what is appropriate for its unique set of circumstances, rather than just following a prescriptive format.
CLAUSE 7 – SUPPORT DOCUMENTED
INFORMATION CHANGES
DO – CHAPTER 8
8.
OPERATION
Operational planning and control
Determination of requirements for
products and services
Design and development of products and
services
Control of externally provided products
and services
Production and service provision
Release of products and services
Control of nonconforming process
outputs, products and services
DO
CHECK – CHAPTER 9
CHECK9. PERFORMANCE EVALUATION
Monitoring, measurement, analysis and
evaluation
Internal audit
Management review
CLAUSE 9 – PERFORMANCE EVALUATION
OVERVIEW OF CONTENTS
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
9.2 Internal audit
9.3 Management review
ISO/DIS 9001:2014 REQUIREMENTS
CLAUSE 9.3: MANAGEMENT REVIEW
Input for the Management Review:
the status of actions from previous management reviews;
changes in external and internal issues that are relevant to the quality
management system including its strategic direction;
information on the quality performance, including trends and indicators
the effectiveness of actions taken to address risks and opportunities
(see 6.1);
New potential opportunities for continual improvement.
ISO/DIS 9001:2014 REQUIREMENTS
CLAUSE 9.3: MANAGEMENT REVIEW
The outputs of the management review shall include decisions and actions related to:
continual improvement opportunities; and
any need for changes to the quality management system, including resource
needs.
The organization shall retain documented information as evidence of the results of
management reviews
Implications:
Because of the incorporation of Annex SL and the revision to other areas within the DIS, the
scope of information to be considered at Management Review may also need to be extended to
include these areas.
There is now an explicit requirement for Management Review to consider
1] how changes in its context affect the QMS and its strategic direction and
2] the effectiveness of actions taken to address risks and opportunities.
Stronger link between the performance of the management system and the quality of products
and services