ISO 9001:2015 Transition Lunch & Learn - TEEX 9001:2015 Transition Lunch & Learn Presenter: Conrad...

ISO 9001:2015 TransitionLunch & Learn

Presenter: Conrad Soltero

Purpose

• Background to the ISO 9001 development and revision timeline

• What the key changes are:– New Structure– New Content– Risk Based Approach– Quality Management Principles

• How Changes Might Effect You• Communicate Revision Timelines

Key Points

• ISO 9001 is the most widely adopted QMS standard worldwide (1.1 million registrations)

• Under revision scheduled for September 2015 publication

• Currently under FDIS version

• Changes to impact senior management, quality professionals, audit professionals (assessors)

Why was ISO 9001:2008 Revised?

Reflect a changing business environment

Increased service prominence

Align management system standards

ISO scheduled review

Revision Timeline

2013 2014 2015

June 2013: CD(Committee Draft)

May 2014: DIS(Draft International Standard)

July 2015 : FDIS

(Final Draft International Standard)

September 2015: IS(International Standard)

TransitionPeriod

Development of ISO 9001 Series

1987

Quality Assurance (20 Elements)

1994

Small Revision

2000

Quality Management (process approach)

2008

Minor Revision

2015

New Structure (Risk Based Thinking)

Quality Management Principles-Annex

2008: 8 QMPs

1. Customer focus

2. Leadership

3. Involvement of people

4. Process approach

5. System approach to management

6. Continual improvement

7. Factual approach to decision making

8. Mutually beneficial supplier relationships

2015: 7 QMPs

1. Customer focus

2. Leadership

3. Engagement and competence of people

4. Process approach

5. Improvement

6. Informed decision making

7. Relationship management

What is Annex SL?

Framework for a generic management system

Annex SL (previously ISO Guide 83) is a publication which

forms the basis of a generic management system

It is designed to help streamline creation of new standards,

and make implementing multiple standards within one

organization easier

Why was Annex SL Developed?

Help organizations with multiple management systems

Save money and time for multiple systems

Eliminate redundancy and confusion

Rationalize business operations by integration of different areas of compliance

Annex SL and Management Systems1. Scope2. Normative references3. Terms and definitions4. Context of the organization5. Leadership6. Planning7. Support

PLAN

8. Operation DO

9. Performance evaluation CHECK

10. Improvement ACT

When will Annex SL Take Effect?

ISO 22301 (Business Continuity) was the first to adopt Annex

SL structure

Other standards include:

ISO 27001‐ Information technology ISO 9001:2015 (published) ISO 14001:2015 (published) AS9100/10/20 (currently under revision) ISO 13485:2003 (currently under revision) ISO/TS 16949 OHSAS 18001

Structure of ISO 9001 FamilyISO 9001:2008 ISO 9000:2005 Sets out the requirements of a

quality management system Certifiable

Covers the basic concepts and terminology used in the entire ISO 9000 family

Non‐certifiable

ISO 9004:2009 ISO 19011:2011 Provides guidance on how to

make the quality management system more successful

Non‐certifiable

Provides guidance on internal and external audits for quality management systems

Structure of ISO 9001:2008Section 1 Scope

Section 2 Normative references

Section 3 Terms and definitions

Section 4 Quality Management System

Requ

iremen

tsSection 5 Management Responsibility

Section 6 Resource Management

Section 7 Product/ Service Realization

Section 8 Measurement, Analysis and Improvement

ISO 9001 Main Changes

Process approach

Risk based thinking

Documentation flexibility

Better focus on stakeholders

ISO 9001:2015 New StructureSection 1 Scope

Section 2 Normative references

Section 3 Terms and definitions

Section 4 Context of the organization

Requ

iremen

ts

Section 5 Leadership

Section 6 Planning

Section 7 Support

Section 8 Operation

Section 9 Performance evaluation

Section 10 Improvement

Annex A Clarification of new structure

Annex B Other international standards managed by ISO TC/176

Module 4: Introduction/TermsGeneral

0.1 General

0.2 Quality Management Principles

0.3.1 Process Approach

0.3.2 PDCA

0.3.3 Risk Based Thinking

Scope2 Normative References

Scope Normative References

Terms & Definitions

3 Terms & Definitions

0.4 Relationship with MSS

0.1 General

Strategic decision for the organization

Help organizations achieve its objectives

Reminded that the standard does not prescribe how the

QMS should look

Employs a process approach which incorporates the

PDCA cycle and risk‐based thinking

0.1 General

“Shall” indicates a requirement

“Should” indicates a recommendation

“May” indicates a permission

“Can” indicates a possibility or a capability

“Note” is for guidance in understanding or clarification


Standard based on the 7 quality management principles

These reside within ISO 9000:2015

0.3 Process Approach Promotes the process approach beyond the existing

requirements of ISO 9001:2008 The application will vary based on complexity, size and

activities of the organization Organizations often identify too many processes Requirements for adopting the process approach are

defined in clause 4.4

Subsequent Processes:

(Internal or external)

Matter,

Energy,

Information

Matter,

Energy,

Information

Predecessor Processes:

(Internal or external)

0.3.1 General

Sources of Inputs Receivers of OutputsInputs OutputsActivities

Starting Point End Point

Possible controls & check points to monitor and measure performance

0.3.2 P-D-C-A


Risk based thinking is something we all do automatically and often sub‐consciously

The concept of risk has always been implicit in ISO 9001‐ this revision makes it more explicit and builds it into the whole management system

Risk based thinking is already part of the process approach

Risk based thinking makes preventive action part of the routine


Risk: “effect of uncertainty”

Risk is often thought of only in the negative sense. Risk‐based thinking can also help to identify opportunities. This can be considered to be the positive side of risk

Negative or Positive

Preventive ActionPreventive Action

0.3.4 Relationship with other MSS

ISO 9000 ISO 9004 Annex B provides details of other MSS developed by ISO/TC/176

Module 4: IntroductionGeneral

0.1 General


0.3.1 Process Approach

0.3.2 PDCA


Scope2 Normative References


Terms & Definitions

3 Terms & Definitions

0.4 Relationship with MSS

1 Scope/ 2 References/ 3 Terms


Scope is not changed

References to “exclusions” sub‐clause 1.2 “Application” has been removed

Clause 4.3 requires the QMS scope to contain justification for any requirement deemed “non applicable”.

ISO 9000:2015 referenced

Terms and Definitions

ISO 9000:2015

Module 4: PLAN4. Context of the organization

4.1 Understanding the organization

4.2 Understanding the needs of

interested parties

4.3 Determining the scope of the QMS

4.4 QMS and its processes

5. Leadership 6. Planning 7. Support

5.1 Leadership and commitment

5.2 Quality policy

5.3 Organizational roles, authorities, responsibilities

6.1 Actions to address risk and opportunities6.2 Quality

objectives and planning

6.3 Planning of changes

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented information

4 Context of the Organization

Organization

“person or group that has its own functions with responsibilities, authorities and relationships to achieve its objectives”

4.1 Understanding the organization and its context

This is a new requirement and a very important one Necessary to understand quality challenges and the risk

inherent in that market segment

The organization shall determine external and internal issues that are relevant and can prevent the success of the quality management system implementation

The organization shall monitor and review information about these internal and external issues (not done just once)


Organization Environment

Organization

Internal Environment

(Internal Capability Analysis)

External Environment

(Analysis of External Influencing Factors)


Analyzing the External Environment (PESTLE)

Political Government type and policy Funding, grants and initiatives

Economic Inflation and interest rates Labor and energy costs

Social‐Cultural Population, education, media Lifestyle, fashion, culture

Technological Emerging technologies, Web Information & communication

Legal Regulations and standards Employment law

Environment Weather, green & ethical issues Pollution, waste, recycling


Outcome of External Environment Analysis

Opportunities

Threats

Global

National

Regional

Local


Analyzing the Internal Environment

Brainstorming 7s Assessment



Brainstorming

Factors to Consider

Values

Culture

Knowledge

Performance of organization



7s Assessment

Factors to Consider

Shared values

Skills

Style

Strategy

Staff

Structure

System


Outcome of Internal Environment Analysis

Strengths

Weaknesses


Strengths Weaknesses

Opportunities Threats

Internal

External

SWOT


BUILD ON YOUR STRENGTHS

ADDRESS YOUR WEAKNESSES

CONSIDER YOUR

OPPORTUNITIES

GUARD AGAINST YOUR

THREATS

Doing Something About It!

Risk Management

4.2 Understanding the needs and expectations of interested parties

Interested party

“person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity”

4.2 Understanding the needs and expectations of interested parties

The organization shall:

Determine the interested parties that are relevant to the quality management system

Determine the requirements for these interested parties that are relevant to the quality management system

Monitor and review information about these interested parties and their relevant requirements

4.2 Understanding the needs and expectations of interested partiesIdentification and analysis of interested parties

Legislator

Financial Institutions

Suppliers Customers InterestGroups

Media Public Shareholders

Board of Directors

Employees

Management Team

Unions

Organization

4.2 Understanding the needs and expectations of interested partiesAnalysis of their requirements and expectations

1. Identify the requirements and expectations

‐ Identify requirements‐ Requirements may be implicit or explicitExample: On‐time delivery 98.5%

2. Validate requirements and expectations

‐ Analyze the quality needs and confirm if meeting requirement

Example: Data, survey, interviews, focus groups

3. Identify roles and responsibilities

‐ Define what is expected from the interested parties Example: Roles, responsibilities, level of participation


Apply all the requirements of the standard, if applicable

Claimed non‐applicability does not affect conformity of product or services provided

Scope: Is a required “Documented Information” Must include types of products or services Provide justification for non‐applications


External and internal issues

Requirements of interested parties

Products and services of the organization

Consider the following to determine the scope:

Replaces ISO 9001:2008 Clauses: 1.2 & 4.2.2a)

4.4.1 Quality management system and its processes

Organization shall identify the processes and determine:

Inputs required and outputs expected The sequence and interaction of these processes The criteria, methods (monitoring/ measurement) The resources needed Assign responsibilities and authorities Address opportunities and risks Evaluate the processes and implement changes to achieve

intended results

4.4 Quality management system and its processes

Address risks and opportunities

Focus on performance indicators for effective operation and control

Outsourcing moved to Clauses 8.1 & 8.4

Replaces ISO 9001:2008 Clauses: 4.1

4.4.2 Maintain Documented Information

Quality ManualQuality Manual

ProceduresProcedures

RecordsRecords


Documented Information

“information required to be controlled and maintained by an organization and the medium on which it is contained”

Organizational freedomOrganizational freedom


To extent necessary, the organization shall:

Maintain documented information to support the operation of its processes (Documents/Procedures/WI)

Retain documented information to have confidence that processes are being carried out as planned (Records)




interested parties





5.2 Quality policy





7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication


5 Leadership

Top Management

“person or group of people who directs and controls an organization at the highest level”

5.1.1 Leadership and CommitmentEnsuring: Someone else can do itEnsuring: Someone else can do it

Doing: they must do it themselvesDoing: they must do it themselves

Management RepresentativeManagement Representative

5.1.1 Leadership and CommitmentTop management is required:

Be accountable for the effectiveness of the QMS

Ensure quality policy and objectives are in place

Ensure integration of the QMS into business processes

Promote use of process approach

Ensure availability of resources

5.1.1 Leadership and CommitmentTop management is required:

Communicating the importance of effective and conforming QMS

Ensuring the QMS achieves its intended results

Engaging, directing and supporting persons to contribute to the

effectiveness of the QMS

Promoting improvement

Supporting other relevant management roles to demonstrate

their leadership to their areas of responsibility

5.1.2 Customer FocusNew Addition:

Regulatory requirements determined and met

Risks and opportunities addressed

Replaces ISO 9001:2008 Clause 5.2:

Same focus on enhancing customer satisfaction

5.2 Quality Policy

5.2.1 Establish Policy

• Appropriate• Provides framework for objectives• Commitment to satisfy applicable requirements• Commitment to continual improvement

5.2.2 Communicate

Policy

• Maintained as documented information• Communicated and understood within organization

• Available for relevant interested parties

5.3 Organizational Roles, Responsibilities and Authorities

There is no explicit requirement to assigning a “management representative”, yet the responsibilities and authorities still remain

Responsibilities and authorities for relevant roles are assigned, communicated and understand

Ensuring that integrity of the QMS is maintained when changes are planned and implemented




interested parties





5.2 Quality policy





7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication


6.1 Actions to Address Risks and Opportunities

A consideration of these to determine the risks and opportunities that need to be addressed, specifically to:

Give assurance that the QMS can achieve its intended results

Enhance desirable effects Prevent, or reduce, undesired effects Achieve improvement

6.1 Actions to Address Risks and Opportunities

The organization shall plan:

Actions to address these risks and opportunities Integrate into QMS processes Evaluate effectiveness Proportionate to the potential impact on the conformity

of products and services

Beyond Clause 6

4 Process Approach Determine the risks which can affect the ability to meet these objectives

5 Leadership Top management are required to commit to ensuring Clause 4 is followed

6 Planning Required to take action to address risks and opportunities

Beyond Clause 6

8 Operation Required to have processes which identify and address risk in operations

9 Evaluation Required to monitor, measure, analyze and evaluate risks and opportunities

10 Improvement Required to improve by responding to changes in risk

What Should I Do?

Use a risk‐driven approach to organizational processes

Identify what risks and opportunities are in your organization‐ it depends on context

ISO 9001:2015 will not automatically require you to carry out a full formal risk assessment, or to maintain a risk register

ISO 31000 (Risk Management‐Principles and guidelines) will be a useful reference (but not mandated)

Where should I be looking for risks?

You can hope… …or use a structured approach

What is Risk?Let’s Recall

Risk:

An uncertain future event or condition which if happens affect the mission objective

It could have a positive or negative effect

Opportunity:

Positive risks are called

opportunities

You want to take

maximum advantage of

these positive risks

What is Risk?Risk:

Risk is associated with future event, which has not happened yet

Issue:

A risk which has already occurred

What is Risk?Risk Appetite:

Amount and type of risk that an organization is prepared to take in order to meet their strategic objectives

Risk Tolerance:

Organization’s readiness to bear the risk after risk treatments in order to achieve its objectives

What is Risk Management?

Identification of risks

Assessment of risks

Prioritization of risks

Resources

Probability and/ or impact of unfortunate events

Realization of opportunities

Minimize Monitor Control

Maximize

Risk Management Steps

Plan Risk Management Identify Risks Analyze Risks Plan Risk

ResponseMonitor and Control Risks

1 2 3 4 5

Transition Timeline

2015 2016 2017

September 15, 2015:

Published International Standard)

September 15, 2018:

End of 3 years transition period

2018

Validity of Certifications

ISO 9001:2008 certifications will not be valid after three years from publication of ISO 9001:2015.

The expiration date of certifications to ISO 9001:2008 issued during the transition period needs to correspond to the end of the three year transition period.

Best Time to Transition

Contract

Stage 1 Assessment

Stage 2 Assessment

RegistrationSurveillance 12 months

Surveillance 24 months

Re‐Registration

Key changes you do not need to make!

REMOVE

RELEGATE

RENUMBER

RESTRUCTURE

REFRESH

Management Representative

Quality Manual and documented procedures to the trash bin

Or rename existing QMS documentation

QMS to follow the sequence of requirements as set by the standard

Existing documentation to use the new terms and definitions

Planning To Do List

Copy of the standard

Gap analysis

Develop an implementation plan

Provide appropriate training and awareness

Update the existing QMS

Review registration cycle‐ expected transition date

Coordinate with your registrar

Thank You!

ISO 9001:2015 Transition Lunch & Learn - TEEX 9001:2015 Transition Lunch & Learn Presenter: Conrad...

Documents

Transcript of ISO 9001:2015 Transition Lunch & Learn - TEEX 9001:2015 Transition Lunch & Learn Presenter: Conrad...