Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Iso 9001 2015 Understanding

The most valuable Helpful PDF file that extremely can boost your ability to understand well the New version of QMS in accordance to ISO 9001:2015 as well as ease the documentation transition process toward ISO 9001:2015

  • Login to see the comments

Iso 9001 2015 Understanding

  1. 1. UNDERSTANDING QMS ISO 9001:2015 Eng. Akram Malkawi Abstract ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. This Document helps you to understand the new standard and ease transition.
  2. 2. ISO 9001:2015 1 A. Understanding ISO 9001:2015 ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. It is the most popular standard in the ISO 9000 series and the only standard in the series to which organizations can certify. Successful businesses understand the value of an effective Quality Management System that ensures the organization is focused on meeting customer requirements and they are satisfied with the products and services that they receive. ISO 9001 is the world’s most recognized management system standard and is used by over a million organizations across the world. The new version has been written to maintain its relevance in today’s marketplace and to continue to offer organizations improved performance and business benefits. ISO 9001 was first published in 1987 by the International Organization for Standardization (ISO), an international agency composed of the national standards bodies of more than 160 countries. The current version of ISO 9001 was released in September 2015. ISO 9001:2015 applies to any organization, regardless of size or industry. More than one million organizations from more than 160 countries have applied the ISO 9001 standard requirements to their quality management systems. Organizations of all types and sizes find that using the ISO 9001 standard helps them organize processes, improve the efficiency of processes and continually improve. With the 2015 version of ISO 9001 you can have an integrated approach with other management system standards. Bring quality and continual improvement into the heart of the organization. Increase involvement of the leadership team. Introduce risk and opportunity management. It’s much less prescriptive than the 2008 version and can be used as a more agile business improvement tool. This means that you can make it relevant to the requirements of your own organization to gain sustainable business improvements. One of the major changes to ISO 9001 is that it brings quality management and continual improvement into the heart of an organization. This means that the new standard is an opportunity for organizations to align their strategic direction with their quality management system. The starting point of the new version of ISO 9001 is to identify internal and external parties who support the QMS. This means that it can be used to help enhance and monitor the performance of an organization. The new standard will help you become a more consistent competitor in the marketplace. It will provide better quality management that helps you to meet present and identify future customer needs. It increases efficiency that will save you time, money and resources. It improves operational performance that will cut errors and improves profits. It will motivate, engage and involve staff with more efficient internal processes. It will help you win more high value customers, and achieve improved customer retention with better customer service. It will broaden business opportunities by demonstrating compliance
  3. 3. ISO 9001:2015 2All ISO management system standards are subject to a regular review under the rules by which they are written. Following a substantial user survey the committee decided that a review was appropriate and created the following objectives to maintain its relevance in today’s marketplace:  Integrate with other management systems  Provide an integrated approach to organizational management  Provide a consistent foundation for the next 10 years  Reflect the increasingly complex environments in which organizations’ operate  Ensure the new standard reflects the needs of all potential user groups  Enhance an organization’s ability to satisfy its customers 1. Structure and terminology The most significant change we will see in ISO 9001:2015 is the new structure. ISO 9001:2015 is based on Annex SL – the new high level structure. This is a common framework for all ISO management systems. This helps to keep consistency, align different management system standards, offer matching sub-clauses against the top level structure and apply common language across all standards. It will be easier for organizations to incorporate their QMS into core business processes and get more involvement from senior management. The Plan-Do-Check-Act (PDCA) cycle can be applied to all processes and to the quality management system as a whole. The reason for the change is to adopt the common approach outlined in Annex SL, the new document that all ISO management system standards, including ISO 9001, ISO 14001 and the recently released ISO 27001, must follow. Currently, ISO 9001 contains 8 sections, of which four attempt to approximate “Plan, Do, Check, And Act.” The new structure, based on Annex SL, has 10 sections four of which also approximate to “plan, do, check, and act.” All new management system standards will have this common structure.
  4. 4. ISO 9001:2015 3 New structure: 1. Scope This section describes the scope of the management system standard and will be unique to the individual standard. Clause 1 details the scope of the standard and there has been very little change to this clause from ISO 9001:2008. 2. Normative References This section references other relevant standards, which are indispensable for the application of the document and will also be unique. ISO 9000, Quality Management System – Fundamental and vocabulary is referenced and provides valuable guidance. 3. Terms and Definitions Section three contains definitions, and while some of these are common terms related to Annex SL, other definitions will be unique to the management system standard. All the terms and definitions are contained in ISO 9000:2015 – Quality Management – Fundamentals and vocabulary. 4. Context of the Organization This part is about understanding the organization’s purpose, the management system and who the stakeholders are. It describes how to set up the management system and is similar in some respects to the old section 4 except that it explicitly requires a broader understanding of the situation and needs of the business. This is a new clause that establishes the context of the QMS and how the business strategy supports this. The ‘context of the organization’ is the clause that underpins the rest of the new standard. It gives an organization the opportunity to identify and
  5. 5. ISO 9001:2015 4 understand the factors and parties in their environment that support the quality management system. Firstly, the organization will need to determine external and internal issues that are relevant to its purpose, i.e. what are the relevant issues, both inside and out, that have an impact on what the organization does, or that would affect its ability to achieve the intended outcome(s) of its management system. It should be noted that the term “issue” covers not only problems which would have been the subject of preventive action in previous standards, but also important topics for the management system to address, such as any market assurance and governance goals that the organization might set. Secondly an organization will also need to identify the “interested parties” that are relevant to their QMS. These groups could include shareholders, employees, customers, suppliers, and even pressure groups and regulatory bodies. Each organization will identify their own unique set of “interested parties” and over time these may change in line with the strategic direction of the organization. Next the scope of the QMS must be determined. This could include the whole of the organization or specific identified functions. Any outsourced functions or processes will also need to be considered in the organization’s scope if they are relevant to the QMS. The final requirement of Clause 4 is to establish, implement, maintain and continually improve the QMS in accordance with the requirements of the standard. This requires the adoption of a process approach and although every organization will be different, documented information such as process diagrams or written procedures could be used to support this 4.1 Understanding the organization and its context. A new requirement; one of several that might suggest a greater union between the QMS and wider business planning activities. Requires organizations to ascertain, monitor and review both internal and external issues that are relevant to its purpose and strategic direction, and have the ability to impact the QMS and its intended results. 4.2 Understanding the needs and expectations of interested parties. A broadening of scope beyond just customers. Requires the organization to determine “the relevant requirements” of “relevant interested parties” e.g. a person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity. 4.3 Determining the scope of the QMS. The scope statement must state the products and services covered. 4.4 The QMS and its processes. A major change that specifies a number of factors to be considered when planning the processes that make up the QMS. Although a process-planning approach has been previously expressed in earlier standards, this greatly reinforces the requirement.
  6. 6. ISO 9001:2015 5 5. Leadership This section provides requirements for commitment, policy and responsibilities. This section is similar to the old section 5 on Management but the emphasis is perhaps more on leadership than just management. This clause places requirements on “top management” which is the person or group of people who directs and controls the organization at the highest level. It is no longer the responsibility of an individual or to have a “Management Representative” who is responsible for the QMS. There is an increased emphasis on people “owning” the QMS rather than one individual. The purpose of these requirements is to demonstrate leadership and commitment by leading from the top. Top management now have greater involvement in the management system and must ensure that the requirements of it are integrated into the organization’s processes and that the policy and objectives are compatible with the strategic direction of the organization. The quality policy should be a living document, at the heart of the organization. To ensure this, top management are accountable and have a responsibility to ensure the QMS is made available, communicated, maintained and understood by all parties. There is also a greater focus on top management to enhance customer satisfaction by identifying and addressing risks and opportunities that could affect this. Top management need to demonstrate consistent customer focus by showing how they meet customer requirements, regulatory and statutory requirements, and also how the organization maintains enhanced customer satisfaction. In the same context, they need to have a grasp of the organization’s internal strengths and weaknesses and how these could have an impact to deliver products or services. This will strengthen the concept of business process management. In addition, top management need to demonstrate an understanding of the key risks associated with each process and the approach taken to manage, reduce or transfer the risk. Finally, the clause places requirements on top management to assign QMS relevant responsibilities and authorities, but must remain accountable for the effectiveness of the QMS. 5.1 Leadership and commitment. Greater emphasis is placed on the role of top management. Requires top management to “demonstrate leadership and commitment”, and suggests that a more hands-on approach is expected.
  7. 7. ISO 9001:2015 6 5.2 Policy. Policy requirements are enhanced. A requirement is introduced that the quality policy is appropriate to the context of the organization, and that it is applied throughout the organization. 5.3 Organizational roles, responsibilities and authorities. The requirement for a Management representative is no longer specified. The duties previously assigned to that role may now be assigned to any role or split across several roles. 6. Planning Planning is now a section on its own. Planning was always covered by the current standard in sections 4.1, 6.1, 7.1 and 8.1 but the new structure includes risk (which is now a clear requirement) and opportunities, the setting of goals and objectives to achieve plans, and resources. Interestingly, risk was introduced in AS9100 (the aerospace version of ISO 9001) in a similarly limited manner. In the latest version of AS9100, however, risk was expanded and defines a number of specific requirements/activities for a risk process. It will be interesting to see whether ISO will leave the requirement for risk as a general requirement as defined in Annex SL or whether it will take AS’s lead and expand it. This planning section also requires a greater application of goals and objectives to integrate with the management system’s planning and operation to generally facilitate success of the organization. Planning has always been a familiar element of ISO 9001, but now there is an increased focus on ensuring that it is considered with Clause 4.1 ‘context of the organization’ and Clause 4.2 ‘interested parties’. The first part of this clause concerns risk assessment whilst the second part is concerned with risk treatment. When determining actions to identify risks and opportunities these need to be proportionate to the potential impact they may have on the conformity of products and services. Opportunities could for example include new product launches, geographical expansion, new partnerships, or new technologies. The organization will need to plan actions to address both risks and opportunities, how to integrate and implement the actions into its management system processes and evaluate the effectiveness of these actions. Actions must be monitored, managed and communicated across the organization. Another key element of this clause is the need to establish measurable quality objectives. This clause retains some of the requirements contained in Clause 5.4 of the 2008 version but is more specific. Quality objectives now need to be consistent with the quality policy, relevant to the conformity of products and services as well as enhancing customer satisfaction. The last part of the clause considers planning of changes which must be done in a planned and systemic manner. There is a need to identify the potential consequences of changes, determine who is involved, when changes are to take place, what resource needs to be allocated.
  8. 8. ISO 9001:2015 7 6.1 Actions to address risks and opportunities. A major change introduced to require a risk-based approach. In addition to this clause, reference to the terms ‘risk’ and ‘opportunity’ are made throughout the standard. 6.2 Quality objectives and planning to achieve them. Requirements for objective planning are tightened up. An objective should include a description of who is responsible, what is the target, when is it planned to be achieved. Progress must be monitored. Also, requires objectives to be set for relevant processes. 6.3 Planning of changes. The clause lists items to be considered in change management. 7. Support The support section includes most of the expected support processes that exist in an organization and which are covered in the current ISO standard. Clause 7 ensures there are the right resources, people and infrastructure to meet the organizational goals. It requires an organization to determine and provide the necessary resources to establish, implement, maintain and continually improve the QMS. Simply expressed, this is a very powerful requirement covering all QMS resource needs and now covers both internal and external resources. Clause 7.1 builds on Clauses 6.1, 6.2, 6.3 and 7.6 from 2008 and splits into 5 sub-clauses. There are additional requirements to meet applicable statutory and regulatory requirements. The sub-clauses continues to cover requirements for infrastructure and environment for the operation of processes. Monitoring and measuring has been changed to include resources, such as personnel or training. Organizational knowledge is a new requirement which deals with requirements for competence, awareness, and communication of the QMS. Personnel must not only be aware of the quality policy, but they must also understand how they contribute to it and what the implications of not conforming are. There is a key requirement to maintain the knowledge held by an organization to ensure conformity of products and services. This could include the knowledge held by an individual as well as for example, the intellectual property of an organization. Organizations are required to examine whether the current knowledge they have is sufficient when planning changes and whether any additional knowledge is required. Finally there are the requirements for “documented information”. This is a new term, which replaces the references in the 2008 standard to “documents” and “records”. Organizations need to determine the level of documented information necessary to control the QMS. This will differ between organizations due to size and complexity. In line with the increased importance of information security in organizations, there is also greater emphasis on controlling access to documented information such as use of passwords. Organizations should also have systems in place to provide a back-up should IT systems crash. Human resources is renamed as “competence”, and communication, which will require a new approach in most organizations, is given its own section rather than a
  9. 9. ISO 9001:2015 8 mention as a management responsibility. Finally, document control has been renamed “documented information.” It now covers both procedure/document control and records control. 7.1 Resources. 7.2 Competence. 7.3 Awareness. There is an expansion of application from “personnel” to “persons doing work under the organization’s control”. 7.4 Communication. Now includes external communication about the QMS. 7.5 Documented information. New requirement to determine, make available, and maintain knowledge. No requirement for quality manual or procedures. “Documents”, “Documentation” and “Records” are combined to become “Documented information”. Requirements are expanded to mention issues such as confidentiality, access, and (data) integrity. This suggests an adoption of information security considerations in recognition of the increasing use of electronic documents/data. 8. Operation This is a relatively short section, which essentially says “Do a good job” at whatever your management system is trying for. This clause deals with the execution of the plans and processes that enable the organization to meet customer requirements and design products and services. It includes much of what was previously referred to in Clause 7 of the 2008 version, but there is greater emphasis on the control of processes especially planned changes and review of the consequences of unintended changes, and mitigating any adverse effects as necessary. The revised version of the standard acknowledges the trend towards greater use of subcontractors and outsourcing. This is demonstrated by the requirement to establish criteria for monitoring the performance of these parties in addition to keeping records used to establish selection criteria. The Clauses continue to cover ‘Requirements for products and services’ which remains largely unchanged from the 2008 version. However, it now requires communication with regards to contingency actions where required and also the treatment of customer property. A new requirement for communicating with ‘potential’ customers is also included, useful for bringing new offerings or solutions to the market. There are more explicit requirements in terms of the standards or codes of practice that the organization has committed to implement; internal and external resource needs for the design and development of products and services and finally the potential consequences of failure due to the nature of products and services. There is also a new clause which covers post-delivery activities. This could include activities such as maintenance
  10. 10. ISO 9001:2015 9 programmes or work carried out under warranty, and activities covering final disposal or recycling of the product. When determining the extent of these activities organizations must consider the risks associated with a product or service, customer requirements, customer feedback, and any statutory requirements. In a welcome change of terminology, the rather clumsy ‘Product realization’ becomes ‘Operations’ 8.1 Operational planning and control. 8.2 Requirements for products and services. 8.3 Design and development of products and services. This may be interpreted that more organizations do some form of design and development. 8.4 Control of externally provided processes, products and services. An expansion of scope – from just suppliers to also include other external providers of products and services. Purchasing” and “Purchased product” become “Externally provided products and services”. 8.5 Production and service provision. An expansion on previous requirements e.g. documented information to specify intended results, and to determine the nature and extent of any post-delivery (after-sales) activities. 8.6 Release of products and services. 8.7 Control of nonconforming outputs. 9. Performance Evaluation The section on evaluation includes monitoring, measurement and analysis, internal audits and management review. All familiar topics with some subtle changes. Performance evaluation covers many of the areas previously featured in Clause 8 of the 2008 version. Requirements for monitoring, measurement, analysis and evaluation are covered and you will need to consider what needs to be measured, methods employed, when data should be analysed and reported on and at what intervals. Documented information that provides evidence of this must be retained. There is now an emphasis on directly seeking out information that relates to how customers view the organization. Organizations must actively seek out information on customer perception. This can be achieved in a number of ways including satisfaction surveys, analysis of market share, and through complaints logged. There is now an explicit requirement that organizations must show how the analysis and evaluation of this data is used, especially with regards to the need for improvements to the QMS. Internal audits must also be conducted and this is largely unchanged from those in the 2008 version.
  11. 11. ISO 9001:2015 10 There are additional requirements relating to defining the ‘audit criteria’ and ensuring the results of the audits are reported to ‘relevant’ management’. Management reviews are still required but there are additional requirements including the consideration of changes in external and internal issues that are relevant to the QMS. Documented information must be retained as evidence of management reviews. 9.1 Monitoring, measurement, analysis and evaluation. There is a new requirement to obtain information relating to customer views and opinions of the organization. 9.2 Internal audit. Audit schedule must take customer feedback into account. 9.3 Management review. Expanded requirements for management review inputs or agenda. 10.Improvement Improvement covers nonconformity and corrective action, as well as continual improvement, all of which are outlined in section 8 of the current standard. There is no preventive action section any more as effectively it is replaced by “risk” under planning – improvement is now defined as a proactive planning activity. This clause starts with a new section that organizations should determine and identify opportunities for improvement such as improved processes to enhance customer satisfaction. There is also a need to actively look for opportunities to improve processes, products and services, and the QMS, especially with future customer requirements in mind. Due to the new way of handling preventive actions, there are no preventive action requirements in this clause. However, there are some new corrective action requirements. The first is to react to the nonconformities and take action, as applicable, to control and correct the nonconformities and deal with the consequences. The second is to determine whether similar nonconformities exists or could potentially occur. The requirement for continual improvement has been extended to cover the suitability and adequacy of the QMS as well as its effectiveness, but it no longer specifies how an organization achieves this. 10.1 General. 10.2 Nonconformity and corrective action. Specific reference to preventive action is removed. Now includes an additional requirement to record the nature of nonconformities. On discovering a nonconformity, an explicit requirement is introduced for organizations to determine whether other similar nonconformities actually exist, or could potentially exist. 10.3 Continual improvement.
  12. 12. ISO 9001:2015 11B. Comparison between ISO 9001:2015 and ISO 9001:2008 & Interpretations ISO 9001:2015 ISO 9001:2008 4 Context of the organization 1.0 Scope 4.1 Understanding the organization and its context 1.1 General 4.2 Understanding the needs and expectations of interested parties 1.1 General 4.3 Determining the scope of the quality management system 1.2 Application 4.2.2 Quality manual 4.4 Quality management system and its processes 4 Quality management system 4.1 General requirements 5 Leadership 5 Management responsibility 5.1 Leadership and commitment 5.1 Management commitment 5.1.1 General 5.1 Management commitment 5.1.2 Customer focus 5.2 Customer focus 5.2 Policy 5.2.1 Developing the quality policy 5.2.2 Communicating the quality policy 5.3 Quality policy 5.3 Organizational roles, responsibilities and authorities 5.5.1 Responsibility and authority 5.5.2 Management representative 6 Planning 5.4.2 Quality management system planning 6.1 Actions to address risks and opportunities 5.4.2 Quality management system planning 8.5.3 Preventive action 6.2 Quality objectives and planning to achieve them 5.4.1 Quality objectives 6.3 Planning of changes 5.4.2 Quality management system planning 7 Support 6 Resource management 7.1 Resources 6 Resource management 7.1.1 General 6.1 Provision of resources 7.1.2 People 6.1 Provision of resources 7.1.3 Infrastructure 6.3 Infrastructure 7.1.4 Environment for the operation of processes 6.4 Work environment 7.1.5 Monitoring and measuring resources 7.6 Control of monitoring and measuring equipment 7.1.6 Organizational knowledge New
  13. 13. ISO 9001:2015 12 7.2 Competence 6.2.1 General 6.2.2 Competence, training and awareness 7.3 Awareness 6.2.2 Competence, training and awareness 7.4 Communication 5.5.3 Internal communication 7.5 Documented information 4.2 Documentation requirements 7.5.1 General 4.2.1 General 7.5.2 Creating and updating 4.2.3 Control of documents 4.2.4 Control of records 7.5.3 Control of documented Information 4.2.3 Control of documents 4.2.4 Control of records 8 Operation 7 Product realization 8.1 Operational planning and control 7.1 Planning of product realization 8.2 Requirements for products and services 7.2 Customer-related processes 8.2.1 Customer communication 7.2.3 Customer communication 8.2.2 Determination of requirements related to products and services 7.2.1 Determination of requirements related to the product 8.2.3 Review of requirements related to the products and services 7.2.2 Review of requirements related to the product 8.2.4 Changes to requirements for product and services 8.3 Design and development of products and services 7.3 Design and development 8.3.1 General New 8.3.2 Design and development planning 7.3.1 Design and development planning 8.3.3 Design and development inputs 7.3.2 Design and development inputs 8.3.4 Design and development controls 7.3.4 Design and development review 7.3.5 Design and development verification 7.3.6 Design and development validation 8.3.5 Design and development outputs 7.3.3 Design and development outputs 8.3.6 Design and development changes 7.3.7 Control of design and development changes 8.4 Control of externally provided processes, products 7.4.1 Purchasing process and services
  14. 14. ISO 9001:2015 13 8.4.1 General 7.4.1 Purchasing process 8.4.2 Type and extent of control 7.4.1 Purchasing process 7.4.3 Verification of purchased product 8.4.3 Information for external providers 7.4.2 Purchasing information 8.5 Production and service provision 7.5 Production and service provision 8.5.1 Control of production and service provision 7.5.1 Control of production and service provision 8.5.2 Identification and traceability 7.5.3 Identification and traceability 8.5.3 Property belonging to customers or external providers 7.5.4 Customer property 8.5.4 Preservation 7.5.5 Preservation of product 8.5.5 Post-delivery activities 7.5.1 Control of production and service provision 8.5.6 Control of changes 7.3.7 Control of design and development changes 8.6 Release of products and services 8.2.4 Monitoring and measurement of processes 7.4.3 Verification of purchased product 8.7 Control of nonconforming outputs 8.3 Control of nonconforming product 9 Performance evaluation New 9.1 Monitoring, measurement, analysis and evaluation 8 Measurement, analysis and improvement 9.1.1 General 8.1 General 9.1.2 Customer satisfaction 8.2.1 Customer satisfaction 9.1.3 Analysis and evaluation 8.4 Analysis of data 9.2 Internal audit 8.2.2 Internal audit 9.3 Management review 5.6 Management review 9.3.1 General 5.6.1 General 9.3.2 Management review inputs 5.6.2 Review inputs 9.3.3 Management review outputs 5.6.3 Review outputs 10 Improvement 8.5 Improvement 10.1 General 8.5.1 Continual improvement 10.2 Nonconformity and corrective action 8.3 Control of nonconforming product 8.5.2 Corrective action 10.3 Continual Improvement 8.5.1 Continual improvement
  15. 15. ISO 9001:2015 14The structure is based on the mandate that Annex SL from the ISO Directives be applied to management system standards. The clause structure and some of the terminology in ISO 9001:2015 is different than ISO 9001:2008 to improve alignment with other management system standards. The structure is to provide a presentation of requirements. It is not a model for document for documenting the organization’s policies, objectives and processes. There is no requirement for the structure of an organization’s quality management system documentation to mirror that of this International Standard. Major differences in terminology between ISO 9001:2008 and ISO 9001:2015 ISO 9001:2008 ISO 9001:2015 Products Products and services Exclusions Applications Documentation, records Documented information Work Environment Environment for the operation of processes Purchased Product Externally provided products and services Supplier External provider 2. Products and services ISO 9001:2008 used product to include all output categories such as products, services, processed materials, and hardware. In ISO 9001:2015 the term product have been replaced by term product and services and includes all output categories such as hardware, services, software and processed materials. The term services is to highlight the difference between products and services in the application of some requirements. In most cases, the terms are used together. In some cases, the word product is only used to specify a certain requirement. 3. Context of the organization An organization’s context involves its “operating environment.” The context must be determined both within the organization and external to the organization. To establish the context means to define the external and internal factors that the organizations must consider when they manage risks. An organization’s external context includes its outside stakeholders, its local operating environment, as well as any external factors that influence the selection of its objectives (goals and targets) or its ability to meet its goals. An organization’s internal context includes its internal stakeholders, its approach to governance, its contractual relationships with its customers, and its capabilities and culture. The internal context may include, but is not limited to:
  16. 16. ISO 9001:2015 15 Product and service offerings  Governance, organizational structure, roles, and accountability.  Regulatory requirements  Policies and goals, and the strategies that are in place to achieve them.  Assets like facilities, property, equipment and technology  Capabilities, understood in terms of resources and knowledge like capital, time, people, processes, systems, and technologies.  Information systems, information flows, and decision-making processes (both formal and informal).  Relationships of the staff/volunteers/members and the perceptions and values of their internal stakeholders including suppliers and partners.  Organization’s culture.  Standards, guidelines, and models adopted by the organization and  Form and extent of the organization’s contractual relationships. The external context’s micro-environment consists of the organization’s immediate operations and how they affect its performance and decision-making. Some of the micro-environmental context factors  Customers – Organizations must attract and retain customers by offering products services that meet their needs along with providing excellent customer service  Employees/Members/Volunteers – There must be availability of people with the motivation to remain as contributing members of the organization and develop the skills necessary to provide a competitive edge  Suppliers – Suppliers provide organizations with the resources they need to carry out their activities. If a supplier provides bad service, this affects the way the organization operates. Close supplier relationships are an effective way to remain competitive and secure the resources needed  Investors – All organizations require investment to grow. They may borrow the money from a bank or have people invest in their work. Relationships with investors need to be managed carefully as problems can detrimentally affect the long term success of the organization  Media – Positive media attention can bring success to the organization by maintaining its reputational strength. Managing the media (including the presence in social media) is a challenge.  Competitors – Members of the organization need to have a sense of belonging. Can the organization offer benefits that are better than those offered by the competitors? Is there a strong value proposition? Competitor analysis and monitoring is crucial if an organization is to maintain or improve its position in the competitive landscape of the community. The organization must always be aware of its competitor’s activities. The landscape can change quickly. There are two new clauses relating to the context of the organization, 4.1 Understanding the organization and its context and 4.2 Understanding the needs and expectations of interested parties.
  17. 17. ISO 9001:2015 16Together these clauses require the organization to determine the issues and requirements that can impact on the planning of the quality management system. Interested parties cannot go beyond the scope of ISO 9001.There is no requirement to go beyond interested parties that are relevant to the quality management system. Consider impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. Organizations can go beyond the minimum requirements to determine additional needs and expectations for interested parties that would not be “relevant” at the discretion of organization and should be clear in quality management system. Clause 4.1 Understanding the Organization and its context The organization should determine external and internal issues for the organization relevant to its purpose, strategic planning and which affect the organization’s ability to achieve its objectives. The Organization should monitor and review the information about external and internal issues. Management Review required the monitoring of external and internal issues. The organization must consider issues related to values, culture knowledge and performance of the organization for understanding of internal issues. The organization must consider issues related to arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional or local for understanding of external context. Clause 4.2 Understanding the needs and expectations of interested parties The organization shall determine relevant interested parties and requirements of relevant interested parties. Interested parties include Customers, Partners, Persons in the organization, External providers. Relevant interested parties to be considered are those that potentially could impact the organization’s ability to provide products and services that meet requirements. Monitor and review information related to interested parties and relevant requirements. Management Review requires the monitoring of relevant interested parties. Clause 4.3 determining the scope of the quality management system The organization must establish scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1, the requirements of relevant interested parties in 4.2. And the products and services of the organization. Requirements that can be applied by the organization shall be applied. Requirements that cannot be applied cannot affect the organization’s ability to provide product and services that meet requirements. The organization must maintain scope as documented information. Stating the Products and services covered by the QMS and any Justification where a requirement cannot be applied.
  18. 18. ISO 9001:2015 17Any interested party which is not relevant to the quality management system need not be considered and similarly any requirement of the interested party need not be considered. Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. The organization can decide to determine additional needs and expectations that will meet its quality objectives. However, it is at the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this Standard. 4. Risk-based approach The main objectives of ISO 9001 is to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services and to enhance customer satisfaction. The concept of “risk” in the context of ISO 9001 relates to the uncertainty in achieving these objectives. This International Standard makes risk-based thinking more explicit and incorporates it in requirements for the establishment, implementation, maintenance and continual improvement of the quality management system. Organizations can implement a formal risk management program such as 31000, but there is no requirement to do so. The concept of risk has always been implicit in ISO 9001, this revision makes it more explicit and builds it into the whole management system. Risk-based thinking is already part of the process approach. Risk-based thinking makes preventive action part of the routine. Risk-based thinking can also help to identify opportunities. Organizations are required to understand the context of the organization and any external and internal issues (clause 4.1).Risks and opportunities are determined in clause 6.1.One of the key purposes of a quality management system is to act as a preventive tool. ISO 9001:2015 does not have a separate clause titled preventive action. The concept of preventive action is controlled through risk-based thinking and managing risks and opportunities identified in clause 6.1 Clause 6.1 Actions to address risks and opportunities Consider the issues determined in clause 4.1 and consider the requirements for relevant interested. The organization should determine risks and opportunities to assure that that the quality management system can achieve its objective, prevent or reduce undesired effects, and for continual improvement. Intended results cannot be achieved. Organization shall plan actions to address risks and opportunities which should be appropriate to the potential impact. The action of risk and opportunities must be integrated and implemented into the QMS processes. The effectiveness of these action must be evaluated. NOTE: No formal risk management program is required.
  19. 19. ISO 9001:2015 185. Applicability The revised standard will focus on application and not exclusions. There are no limits to which clauses where application can be determined. Justification will be required as documented information to ensure that limited application does not affect the organization’s ability to provide for the provision of product and services. The application of requirements may vary. Where a requirement can be applied within the scope of its quality management system, the organization cannot decide that it is not applicable. Where a requirement cannot be applied (for example where the relevant process is not carried out) the organization can determine that the requirement is not applicable. However, this non-applicability cannot be allowed to result in failure to achieve conformity of products and services or to meet the organization’s aim to enhance customer satisfaction. A manufacturing organization that does not have any monitoring and measuring resources could determine requirements in 7.1.5 do not apply. Organizations that build from a customer provided design could determine requirements for design in 8.3 do not apply. Organizations could not determine that requirements such as competence are not applicable since this directly affects the ability to provide product that meets requirements. 6 Documented information The term “documented procedure” and “record” have both been replaced by “documented information”. Where ISO 9001:2008 would have referred to documented procedures (e.g. to define, control or support a process) this is now expressed as a requirement to maintain documented information. Where ISO 9001:2008 would have referred to records this is now expressed as a requirement to retain documented information. The current draft of ISO 9001 does not require a quality manual or documented procedure as Annex SL does not require documented procedures or a quality manual. The requirements in 7.5 are similar to ISO 9001:2008 – 4.2.3 Control of documents and 4.2.4 Control of Records. As discussed earlier, documents and records now come under documented information. The requirements for documented information are spread throughout the standard. In summary they are:  4.3 Scope of the QMS  4.2 Support operation of its processes and needed for confidence.  5.2.2 a) Quality policy  6.2.1 Quality objectives  Monitoring and measuring resource – fitness for purpose  Basis used for calibration or verification  7.2 d) Evidence of competence
  20. 20. ISO 9001:2015 19 7.5.1 b) Documented information determined by the organization as being necessary for the effectiveness of the QMS  8.1 e) Extend necessary (for confidence in processes and product/service conformity)  Review of requirements related to products and services  8.2.4 Amended documented information  8.3.2 Design and development requirements met  8.3.3 Design and development inputs  8.3.4 Design and development control activities  8.3.5 Design and development outputs  8.3.6 Design and development changes/results of reviews etc.  8.4.1 Results of evaluations, monitoring, re-evaluations of external providers  8.5.1 a) Characteristics of the products/services, activities to be performed , and result achieved.  8.5.2 Maintain traceability  8.5.3 Reports on what has occurred  8.5.6 Control of changes – results of reviews, personnel authorizing, necessary actions  8.6 Release of products and services – traceability of person(s) authorizing release, evidence of conformity  8.7.2 Describes nonconformity, actions taken, concessions, authority  9.1.1 Evidence of the monitoring and measurement results  9.2 f) Evidence of the audit programme (s) and the audit results  9.3.3 Evidence of the results of management reviews  10.2.2 Evidence of the results of any corrective action and the, nature of the nonconformity. 7. Organizational knowledge The organization shall determine the knowledge necessary for the operation of the QMS, ensure conformity of products and services, and enhance customer satisfaction. The organization is responsible for maintaining, protecting and making sure the knowledge is available (as necessary). Knowledge is to be considered when making changes to the organization. Depending on the size and complexity of the organization, the risks and opportunities it needs to address, the need for accessibility of knowledge, the process for considering and controlling past, existing and additional knowledge needs is to be considered. As long as the conformity of products and services can be achieved, balance between knowledge held by competent people and knowledge made available by other means is at the discretion of the organization. Consideration can be given to whether competent employees have this knowledge 8. Control of externally provided products and services
  21. 21. ISO 9001:2015 20The term “Supplier” and “Outsourcing” have been replaced by the term “external provider” and includes Purchasing from suppliers, Arrangement with an associate/sister company, Outsourcing of processes and functions. The term “Purchased products” has been replaced with the term “externally provided products and services”. Clause 8.4 Control of externally provided products and services addresses all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organization or by any other means. The organization is required to take a risk-based approach to determine the type and extent of controls appropriate to particular external providers and externally provided products and services. C. Seven principles of Quality management Introduction: This fifth edition (ISO 9001:2015) cancels and replaces the fourth edition ( ISO 9001:2008). This document was being prepared by Technical committee of ISO “ISO/TC 176/SC 2-Quality Management and Quality Assurance/ Quality Systems” also known as ISO/TC 176 in short. The process of preparing the ISO 9001:2015 went through a six stage process. Organizations have been granted a three-year transition period after the revision has been published to migrate their quality management system to the new edition of the standard. The key changes in the standards are 1. There is no quality manual. 2. It emphasis on organization context and risk based thinking, 3. There is no requirement of management representative 4. The standard does not include a specific clause for “Preventive Actions”. 5. The terms “document” and “records” have been replaced with the term “documented information”. Documented procedure in iso 9001:2008 have been replaced by maintained documented information and Documented record in iso 9001:2008 have been replaced by retained documented information. 6. In 2008 version of the standard the term “product” was used. This term also included services. This term has been changed to Product and Services 7. In addition to the term “continual improvement” another term “improvement” have been introduced 8. Outsourcing is now an external provision.The term “purchased product” has been replaced with “externally provided products and services”.The term “supplier” has been replaced with “External provider”.Control of external provision of goods and services address all forms of external provisions.
  22. 22. ISO 9001:2015 219. The new standard does not make any reference to the exclusions which was for only for clause 7 in ISO 9001:2008, but in ISO 9001:2015 after proper justification any of the requirement of this international standards may not be included in the scope, provided it does not affect the organization’s ability or responsibility to ensure the conformity of its product and services and the enhancement of customer satisfaction 10. The term “work environment” used in ISO 9001:2008 has been replaced with “Environment for the operation of processes”. The ISO 9000:2015 and ISO 9001:2015 standard is based on the following seven principles of QMS. 1 – Customer Focus The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. Rationale Sustained success is achieved when an organization attracts and retains the confidence of customers and other interested parties on whom it depends. Every aspect of customer interaction provides an opportunity to create more value for the customer. Understanding current and future needs of customers and other interested parties contributes to sustained success of an organization
  23. 23. ISO 9001:2015 22Explanation: This is the first of the seven principles of Quality management and there is no change in the heading of this principle. The Eight principle definition stated “Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.” The Seven principle definition states “The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. “. Customer focused means putting your energy into satisfying customers and understanding that profitability comes from satisfying customers. There should be researching, establishing and understanding current and future customer needs and expectations. The organization should ensure that the objectives of the organization are linked to customer needs and expectations. The top Management should communicate customer needs and expectations throughout the organization. There should be measuring customer satisfaction and acting on the results. The organization should ensure a balanced approach between satisfying customers and other interested parties. 2 – Leadership Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the quality objectives of the organization. Rationale Creation of unity of purpose, direction and engagement enable an organization to align its strategies, policies, processes and resources to achieve its objectives. Explanation: This is the second of the Seven principles of Quality management and there is no change in the heading of this principle. The Eight principle definition stated “Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization’s objectives.” The Seven principle definition states “Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the quality objectives of the organization. “Leadership is providing role model behaviors consistent with the values of the organization. Behavior that will deliver the organizations objectives. Internal environment includes the culture and climate, management style, shared, trust, motivation and support. The leadership should consider the needs of all interested parties including customers, owners, employees, suppliers, financier, local communities and society as whole. The leadership should establish a clear vision of the organization’s future. The leadership should set a challenging goals and targets. The leadership should create and sustain a shared values, fairness and ethical role models at all levels of the organization. The leadership should Establish trust and eliminate
  24. 24. ISO 9001:2015 23fear. The leadership should provide people with the required resources training and freedom to act with responsibility and accountability. The leadership should Inspire, encourage and recognize people contributions. 3 – Engagement of People It is essential for the organization that all people are competent, empowered and engaged in delivering value. Competent, empowered and engaged people throughout the organization enhance its capability to create value. Rationale To manage an organization effectively and efficiently, it is important to involve all people at all levels and to respect them as individuals. Recognition, empowerment and enhancement of skills and knowledge facilitate the engagement of people in achieving the objectives of the organization. Explanation: This is the third of the seven principles of Quality management and the term “Involvement of People” has been change to “Engagement of People“. The Eight principle definition stated “People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization’s benefit.” The Seven principle definition states “It is essential for the organization that all people are competent, empowered and engaged in delivering value. Competent, empowered and engaged people throughout the organization enhance its capability to create value.” Engaging people means employees are committed to their organization’s goals and values, motivated to contribute to organizational success, and are able at the same time to enhance their own sense of well-being. An engaged employee experiences a blend of job satisfaction, organizational commitment, job involvement and feelings of empowerment. When we talk of engagement of people it means that all the employees are competent, empowered and they are delivering value. An engaged employee will have a better perception of job importance. An engaged employee will have better clarity of job expectation. There will be more improvement opportunities. There will be regular feedback and dialog with supervisors. The Quality of working relationships of an engaged employee with peers, superiors, and subordinates is much improved. There is effective employee communication. 4 – Process Approach Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system. Rationale The quality management system is composed of interrelated processes. Understanding how results are produced by this system, including all its processes, resources, controls and interactions, allows the organization to optimize its performance.
  25. 25. ISO 9001:2015 24Explanation: This is the fourth of the seven principles of Quality management and there is no change in the heading of this principle. The Eight principle definition stated “A desired result is achieved more efficiently when activities and related resources are managed as a process.” The Seven principle definition states “Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system.” Processes are dynamic-they cause things to happen. Processes within an organization should be structured in order to achieve a certain objective in the most efficient and effective manner.  It helps us in systematically defining the activities necessary to achieve/obtain desired results.  It helps us in establishing clear responsibility and accountability for managing key activities.  It helps us in analyzing and measuring of the capabilities of key activities.  It helps us in identifying the interfaces of key activities within and between the functions of the organization.  It helps us in evaluating risks, consequences and impacts of activities on customers, suppliers and other interested parties. Quality Management System are constructed by connecting interrelated processes together to deliver the system objectives which is the satisfaction of the interested parties.  This helps us in structuring a system to achieve the organizations objectives in the most effective and efficient way and understanding the interdependencies between the processes of the system.  It also helps us in providing a better understanding of the roles and responsibilities necessary for achieving common objectives and thereby reducing cross functional barriers and targeting and defining how specific activities within a system should operate. 5 – Improvement Successful organizations have an ongoing focus on improvement. Rationale Improvement is essential for an organization to maintain current levels of performance, to react to changes in its internal and external conditions and to create new opportunities.
  26. 26. ISO 9001:2015 25Explanation: This is the fifth of the seven principles of Quality management and can be mapped to the sixth of the Eight Quality principle which is “Continual Improvement”. The term “Continual Improvement” has been change to “Improvement“. The fifth principle of the Eight Quality principle “System approach to management” no longer exist in the seven principle of quality management. The Eight principle definition stated “Continual improvement of the organization’s overall performance should be a permanent objective of the organization.” The Seven principle definition states “Successful organizations have an ongoing focus on improvement.” Improvement is the improvement in organizational efficiency and effectiveness. The organization should employ a consistent organization- wide approach to improvement of the organizations’ tools of improvement. The organization should provide people with the training in the methods and tools of improvement. The organization should make improvement of products, processes, and the system an objective for every individual in the organization. “The organization should establish the goals to guide and lead” 6 – Evidence-based Decision Making Decisions based on the analysis and evaluation of data and information are more likely to produce desired results. Rationale Decision-making can be a complex process, and it always involves some uncertainty. It often involves multiple types and sources of inputs, as well as their interpretation, which can be subjective. It is important to understand cause and effect relationships and potential unintended consequences. Facts, evidence and data analysis lead to greater objectivity and confidence in decisions made. Explanation: This is the sixth of the seven principles of Quality management and can be mapped to the seventh of the Eight Quality principle which is “Factual approach to decision making “. The term “Factual approach to decision making “has been change to “Evidence-based Decision Making“. The fifth principle of the Eight Quality principle “System approach to management” no longer exist in the seven principle of quality management. The Eight principle definition stated “Effective decisions are based on the analysis of data and information” The Seven principle definition states “Decisions based on the analysis and evaluation of data and information are more likely to produce desired results.” Evidence is information that shows or proves that something exists or is true. Evidence can be collected by performing observations, measurements, tests, or by using any other suitable method. Any decision making should away be based on evidences. The organization should
  27. 27. ISO 9001:2015 26ensuring that data/information is sufficiently accurate and reliable. The organization should make data accessible to those who need them. The organization should analyze data using appropriate tools. The organization should make decision and take actions based on analysis of data, balanced with experience and intuition. 7 – Relationship Management For sustained success, organizations manage their relationships with interested parties, such as suppliers. Rationale Interested parties influence the performance of an organization. Sustained success is more likely to be achieved when an organization manages relationships with its interested parties to optimize their impact on its performance. Relationship management with its supplier and partner network is often of particular importance. Explanation: This is the seventh of the seven principles of Quality management and can be mapped to the eighth of the Eight Quality principle which is “Mutually beneficial supplier relationships “. The term “Mutually beneficial supplier relationships “has been change to “Relationship Management“. The fifth principle of the eight Quality principle “System approach to management” no longer exist in the seven principle of quality management. The Eight principle definition stated “An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value“ The Seven principle definition states “For sustained success, organizations manage their relationships with interested parties, such as suppliers. “An interested party is a person or group that has a stake in the success or performance of an organization. Interested parties may be directly affected by the organization or actively concerned about its performance. Interested parties can come from inside or outside of the organization. Examples of interested parties include customers, suppliers, owners, partners, employees, unions, bankers, or members of the general public. Interested parties are also referred to as stakeholders. Relation management with interested parties meaning sharing knowledge, vision, values, understanding and suppliers are not treated as adversaries. The organization establishes a relationships that balance short-term gains with long term considerations. There is pooling of expertise and resources with partners. The Organization identifying and selecting key suppliers. There is clear and open communication with the stake holders. There is sharing of information and future plans. The organization establishes a joint development and improvement activities. The organization inspiring, encourages and recognize improvements and achievement by suppliers. Process Approach
  28. 28. ISO 9001:2015 27Introduction All organizations use processes to achieve their objectives. As per ISO definition “A process: set of interrelated or interacting activities that use inputs to deliver an intended result NOTE: Inputs and outputs may be tangible (e.g. materials, components or equipment) or intangible (e.g. data, information or knowledge).” The process approach is the foundation upon which your QMS must be developed. The ISO 9001 Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. ISO 9001:2008 promoted the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system. ISO 900:2015 makes this more explicit (in 4.4) by expanding the requirements around QMS Processes – specifying requirements considered essential to the adoption of a process approach. For example, determining the inputs required and outputs expected from these processes , then after determining the-risks and opportunities and plans to address these in 6.1 – integrate these into its QMS processes(4.1.f – plan and implement actions), related performance indicators (4.4.1c.), assignment of responsibilities and authorities for these processes (4.4.1 e). For an organization to function effectively, it has to identify and manage numerous linked activities. Any activity, using resources and managed in order to enable the transformation of inputs into outputs, can be considered a process. Often the output from one process directly forms the input to the next. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as the “process approach”. An advantage of the process approach is the ongoing control that it provides over the linkage between the individual processes within the system of processes, as well as over their combination and interaction. When used within a quality management system, such an approach emphasizes the importance of:  An understanding of the intended results and requirements  Consideration of processes in terms of adding Value and effective performance  Improvement of processes based on evaluation of data and information  Consistent and predictable results  Meeting requirements and customer satisfaction  Activity understanding and management of interrelated processes
  29. 29. ISO 9001:2015 28 The model of a process-based quality management system shown in figure illustrates the process linkages presented in clauses 4 to 10. This illustration shows that customers’ requirements, the needs and expectations of relevant interested parties along with the organization and its context plays a significant role in defining requirements as inputs. The output of the process is the result of the QMS that includes product and service the organization provides, which should result in Customer satisfaction. The model shown in figure covers all the requirements of this Standard, but does not show processes at a detailed level. Understanding Process : Let’s understand some basics about processes.  All work generally involves a process – things go in (inputs); get worked upon (conversion); and come out differently (output). The value-adding conversion activity within a process transforms inputs into outputs, e.g. takes raw materials (the input) and manufactures (the value-adding conversion activity using various resources) a product (the output).  Process inputs and outputs can be tangible such as raw materials or finished product or intangible like INFORMATION – e.g. computerized drawing or specification.  All processes have a supplier and a customer. These suppliers and customers may be internal processes or external to your organization. Each process must have an accountable owner, i.e., having defined responsibility and authority to operate, control and improve their process.  All processes require the use of resources, e.g. – people, equipment, materials, technology etc. These resources can be used as inputs (raw materials or information such as a customer specification) as well as for the value-adding conversion activity (e.g. use of machinery, equipment,
  30. 30. ISO 9001:2015 29 computers, technology, people, etc.) to transform raw material (input) into finished product (output).  All processes must meet customer, organizational and applicable regulatory requirements. The performance of all processes can be monitored and measured. Gather performance data that can be analyzed to determine process effectiveness and whether any corrective action or improvement is needed. As an example, the below process contains a set of activities that are interrelated (showing links from/to), interacting (showing inputs/ outputs), and the transformation of process inputs into process outputs.
  31. 31. ISO 9001:2015 30 Schematic Representation of the elements of single process Procedures are typically used to control deviation where risk/hazards are present. It is defined as a specified way to carry out an activity or a process’, which may be a documented set of instructions, or simply an established way of doing a specific task that itself forms part of a larger process. In ISO 9001:2015 this might be considered captured, in the main, by’the availability of documented information that defines: the characteristics of the products to be produced, the services to be provided, or the activities to be performed. An organization’s QMS processes may be grouped or categorized in many ways. One logical way would include the following:
  32. 32. ISO 9001:2015 31Customer Oriented Processes (COP’s): These are product realization processes that determine customer requirements (inputs), design, make, deliver and service product (outputs) to customers and determine customer satisfaction. These processes generally have the greatest degree of interaction with external customers. COP’s includes marketing and sales, design and development, production, shipping, packaging, servicing/ warranty, customer satisfaction etc., whether performed onsite or off-site. Support Oriented Processes (SOP’s): These processes provide the necessary resources to COP’s to facilitate product realization. These processes generally have the greatest degree of interaction at an operational level with COP’s and to a lesser degree with other internal QMS processes. SOP’s includes human resources, information technology, purchasing and receiving, laboratory, maintenance, tooling, facility management etc., whether performed onsite or off-site. Management Oriented Processes (MOP’s) These processes provide the commitment, leadership, resources, review and decision-making by top management. These processes generally interact with all QMS processes at the QMS planning and review level. MOP’s includes business planning, management review, quality planning, resource planning, communication, etc., whether performed offsite or on-site. Quality Management Processes (QMP’s): It includes all process which are used to document, measure, analyze and improve all processes. These processes provide quality management support to and interact with all QMS processes. QMP’s includes document control, records control, monitoring and measurement of processes and product, internal audits, control of nonconforming product, corrective and preventive action, continual improvement, etc. whether performed onsite or off-site. Outsourced Processes (OP’s): An “outsourced process” is a process that the organization has identified as being needed for its quality management system (QMS), but one which it has chosen to be carried out by an external party outside the managerial control of your facility and not subject to the your QMS. These could include MOP’s, COP’s or SOP’s. They may be performed onsite or off-site. These processes may include – strategic planning done at head office; purchasing or design done at head office or another location; heat treating; painting; welding, calibration; testing; sort; HR; etc., done by an outside organization.
  33. 33. ISO 9001:2015 32Implementing QMS using Process Approach QMS is made up of a network of these value-adding processes that link, combine and interact with one another to collectively provide product or service. These processes are inter-dependent and can be defined by complex interactions. For example, any of the COP processes, could interact with some or all of the MOP’s, SOP’s, QMP’s. Also note that resources (SOP’s) and QMP’s may also be applied to all other processes. Interactions between QMS processes may occur at any of the three process stages (input, output or conversion activity). The interaction may occur in many different ways – physical, documentary, verbal, electronic, etc. For each process, we must identify these interactions, assess the risks of problems that may occur and implement appropriate controls to prevent them, e.g., if orders are communicated verbally by sales personnel to production, what is the risk that production errors will occur? Therefore, in general, in order to plan and implement your QMS using the ‘Process Approach’, you must:  Identify the processes needed for the QMS.  Determine their sequence and interaction(show the sequence and interaction of your COP’s). There are many ways to document this, e.g., a high level flowchart or a process map.  Determine the application of QMS processes throughout the organization (show how MOP’s; SOP’s and QMP’s are applied to each COP and to each other). There are many ways of documenting this. A popular way is through graphical representation, e.g. process maps.  Determine (plan) the criteria, methods, information, controls and resources needed for each QMS process.  Identify the internal/external customer-required output.  Describe the process activity that produces the output.  Identify the resources needed for the process activity.  Identify the inputs for the process – information, materials, supplies, etc.  Define the process methods, procedures, forms etc., that may be needed to produce the output.  Define the controls to prevent or eliminate risk of errors, omissions, or nonconformities in process activity. controls may come from the IS standards; customer; regulatory and your own organizational requirements  Interaction with sources that provide the inputs (internal process or external supplier), uses the output (internal process or external customer), or provide the resources (internal support process) to perform the process activity.  Implement your QMS according to your plan.  Monitor, measure and improve each QMS process and its interaction with other processes. Performance indicators to monitor and measure process performance may come from the IS
  34. 34. ISO 9001:2015 33 standard, customer, regulatory and your own organizational requirements.Performance indicators may relate to the process output as well as the process activity.  Performance indicators for process output must focus on meeting customer and regulatory requirements. Performance indicators for process activity should focus on measuring process effectiveness and efficiency. It is useful to point out that while we do need to identify all QMS processes and describe their interaction, not all identified QMS processes need to be documented or documented in the detail described above. PLAN-DO-CHECK-ACT (PDCA) In addition, the methodology known as “Plan-Do-Check-Act” (PDCA) can be applied to all processes. PDCA can be briefly described as follows. Plan: Establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organization’s policies. Do: Implement the processes Check: Monitor and check processes and product against policies, objectives and requirements for the product and report the results Act: Take actions to continually improve process performance PLAN-DO-CHECK-ACT (PDCA) is a very effective tool for business management and the ISO 9001 standard strongly recommends its use. PDCA is a dynamic cycle that can be applied to each of the organization’s processes, and also to the system of processes as a whole. It may be used to plan, implement, control and continually improve both product realization and other QMS processes. Maintenance and continual improvement of QMS processes can be achieved by applying PDCA to processes at all levels within the organization right from the executive high-level strategic processes,
  35. 35. ISO 9001:2015 34as business planning or management review to operational processes such as product realization or calibration. PLAN : For each QMS process you must establish:  Process owner and his/her accountability.  Process inputs, outputs, value adding or conversion activities and sequence/interaction of these activities (sub-processes) within the process. Many of the COP’s and SOP’s may have sub- processes.  Process policies, responsibilities and accountability.  Process objectives and performance indicators and methods to monitor and measure process performance to these objectives and indicators.  Resources such as facility, equipment, labor, materials, time, etc needed.  Preventive and detective controls needed for process activity, input, output and resources used.  Process documentation such as procedures, forms, work instructions, specification, etc.  The nature, method, frequency and timing of interaction with other processes and where this interaction will occur – input, output, use of resources, conversion activity, etc.  You must pay a lot of attention to this stage of your QMS development. Planning must also consider how you will meet customer, applicable regulatory, and your own organizational requirements, in addition to ISO 9001 requirements. DO: Deploy and implement your QMS processes and manage and control them according to your plan as documented above.
  36. 36. ISO 9001:2015 35CHECK: Monitor and measure the effectiveness of your QMS processes against policies and objectives that you established under PLAN. Monitoring and measuring activity may focus on any or all of a process’s inputs; outputs; use of resources for conversion; and interaction with other processes. ACT: Collect and analyze your monitoring and measurement information and use it to determine the effectiveness of each process as well as your overall QMS in meeting requirements. Use the information to correct problems and continually improve individual processes. CONTINUOUS IMPROVEMENT PROCESS MODEL The above figure shows the macro level application of the PDCA model to an entire organization. The organization’s QMS as depicted by the processes within the circle is used to PLAN the controls over all inputs, resources, value-adding activities and outputs. We DO implement our plan by using various resources to convert customer inputs (requirements) into outputs (product) that meet customer requirements. We CHECK – by monitoring and measuring QMS performance and through customer feedback. We ACT by using this information to continually improve QMS effectiveness. At the micro level, this same model can be applied to each QMS process. The process approach in ISO 9001:2015 **(Taken from white paper at website)
  37. 37. ISO 9001:2015 36The process approach includes establishing the organization’s processes to operate as an integrated and complete system.  The management system integrates processes and measures to meet objectives  Processes define interrelated activities and checks, to deliver intended outputs  Detailed planning and controls can be defined and documented as needed, depending on the organization’s context. These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk‐based thinking is used throughout the process approach to:  Decide how risk (positive or negative) is addressed in establishing the processes to improve process outputs and prevent undesirable results  Define the extent of process planning and controls needed (based on risk)  improve the effectiveness of the quality management system  maintain and manage a system that inherently addresses risk and meets objectives PDCA can be used to manage processes and systems.  Plan: set the objectives of the system and processes to deliver results (“What to do” and “how to do it”)  Do: implement and control what was planned  Check: monitor and measure processes and results against policies, objectives and requirements and report results  Act: take actions to improve the performance of processes PDCA operates as a cycle of continual improvement, with risk‐based thinking at each stage. STEPS IN THE PROCESS APPROACH WHAT TO DO? GUIDANCE
  38. 38. ISO 9001:2015 37 Define the context of the organization The organization should identify its responsibilities, the relevant interested parties and their relevant requirements, needs & expectations to define the organization’s intended purpose. Gather, analyze and determine external and internal responsibilities of the organization to satisfy the relevant requirements, needs and expectations of the relevant interested parties. Monitor or communicate frequently with these interested parties to ensure continual understanding of their requirements, needs and expectations. Define the scope, objectives and policies of the organization Based on the analysis of the requirements, needs and expectations establish the scope, objectives and policies that are relevant for the organization’s quality management system. The organization shall determine the scope, boundaries and applicability of its management system taking into consideration the internal and external context and interested party requirements. Decide which markets the organization should address. Top management should then establish objectives and policies for the desired outcomes. Determine the processes in the organization Determine the processes needed to meet the objectives and policies and to produce the intended outputs. Management shall determine the processes needed for achieving the intended outputs. These processes include management, resources, operations, measurement, analysis and improvement. Determine the sequence of the processes Determine how the processes flow in sequence and interaction. Define and describe the network of processes and their interaction. Consider the following:  The inputs and outputs of each process (which may be internal or external).  Process interaction and interfaces on which processes depend or enable.  Optimum effectiveness and efficiency of the sequence.  Risks to the effectiveness of process interaction.
  39. 39. ISO 9001:2015 38 Note: As an example, realization processes (such as those needed to provide the products or services delivered to a customer) will interact with other processes (such as the management, measurement, procurement in the provision of resources). Process sequences and their interactions may be developed using tools such as modeling, diagrams, matrices and flowcharts. Define people who take process ownership and accountability Assign responsibility and authority for each process. Top Management should organize and define ownership, accountability, individual roles, responsibilities, working groups, remits, authority and ensure the competence needed for the effective definition, implementation, maintenance and improvement of each process and its interactions. Such individuals or remits are usually referred to as the Process Owners. To manage process interactions it may be useful to also establish a management system team that has a system overview across all the processes and may include representatives from the interacting processes and functions. Define the need for documented information Determine those processes that need to be formally defined and how they are to be documented. Processes exist within the organization. They may be formal or informal. There is no catalogue or list of processes that have to be formally defined. The organization should determine which processes need to be documented on the basis of risk‐ based thinking, including, for example:
  40. 40. ISO 9001:2015 39  The size of the organization and its type of activities.  The complexity of its processes and their interactions.  The criticality of the processes.  The need for formally accountability of performance. Processes can be formally documented using a number of methods such as graphical representations, user stories, written instructions, checklists, flow charts, visual media or electronic methods including graphics and systemization. However, the method or the technology chosen are not the goals. They can be used to describe processes, which are the means to achieve the goals. Effective and organized processes can then deliver consistent and accountable operations and the desired objectives and results which can then be improved. Define the interfaces, risks and activities within the process Determine the activities needed to achieve the intended outputs of the process and risks of unintended outputs. Define the required outputs and inputs of the process. Determine the risks to conformity of products, services and customer satisfaction if unintended outputs are delivered. Determine the activities, measures and inherent controls required to transform the inputs into the desired outputs. Determine and define the sequence and interaction of the activities within the process. Determine how each
  41. 41. ISO 9001:2015 40 activity will be performed. Ensure that the management system as a whole takes account of all material risks to the organization and users. Note: In some cases the customer may specify requirements not only for the outputs but also for the realization of a process. Define the monitoring and measurement requirements Determine where and how monitoring and measuring should be applied. This should be both for control and improvement of the processes and the intended process outputs. Determine the need for recording results. Identify the validation necessary to assure effectiveness and efficiency of the processes and system. Take into account such factors as:  Monitoring and measuring criteria.  Reviews of performance  Interested parties satisfaction.  Supplier performance.  On time delivery and lead times.  Failure rates and waste.  Process costs.  Incident frequency.  Other measures of conformity with requirements. Implement Implement actions necessary to achieve planned activities and results. The organization should perform activities, monitoring, measures and controls of defined processes and procedures (which may be automated), outsourcing and other methods necessary to achieve planned results. Define the resources needed Determine the resources needed for the effective operation of each process. Examples of resources include:  Human resources.  Infrastructure.  Environment.  Information.  Natural resources (including knowledge).  Materials.  Financial resources.
  42. 42. ISO 9001:2015 41 Verify the process against its planned objectives Confirm that the process is effective and that the characteristics of the processes are consistent with the purpose of the organization. The organization should compare outputs against objectives to verify that all the requirements are satisfied. Processes are needed to gather data. Examples include measurement, monitoring, reviews, audits and performance analysis. D. Annex SL Introduction: Annex SL is not a standard, but rather a guide to help standards developers write management systems standards. It forms part of the ‘ISO Directives, Part 1 — Consolidated ISO Supplement — Procedures specific to ISO document, which is currently in its 6th edition. ISO has over the years published many management system standards for topics ranging from quality and environment to information security, business continuity management and records management. Despite sharing common elements, ISO management system standards come in many different shapes and structures. The guide was developed in response to standard users criticism that while current standards have many common components, they are not sufficiently aligned, making it difficult for organizations to rationalize their systems and to interface and integrate them. This, in turn, results in some confusion and difficulties at the implementation stage .Many organizations have implemented multiple management system standards such as ISO 9001 along with ISO 14001 and ISO 18001, or ISO 9001 along with ISO 27001 and ISO 20000 or ISO 9001 along with TS 16949. This has led to the need to easily combine or integrate them in an effective and efficient manner. To date subtle and not so subtle differences in requirements and terminology across Management Standard System have made such integration difficult. ISO has produced Annex SL with the objective of delivering consistent and compatible management system standards in an attempt to make this process easier. Annex SL describes the framework for a generic management system. However, it will require the addition of discipline-specific requirements to make a fully functional quality, environmental, service management, food safety, business continuity, information security and energy management system standard. Annex SL is freely available; it is contained within the ISO Supplement, Procedures specific to ISO. In future all new management system standards will have the same overall ‘look and feel’. Current management system standards will migrate during their next revision. This should be completed within the next few years. For management system implementers this will provide an overall management system framework within which they can pick and choose what discipline-specific
  43. 43. ISO 9001:2015 42standards they wish to include. Gone will be the conflicts and duplication, confusion and misunderstanding arising from different management system standards. In future all ISO management system standards should be consistent and compatible. For management system auditors, it will mean that for all audits there will be a core set of generic requirements that need to be addressed no matter which discipline is being examined. Overview The HLS (High Level Structure) is the outcome of the work of the ISO/TMB/JTCG ‘Joint technical Coordination Group on MSS’. The structure has been mandated by the ISO TECHNICAL MANAGEMENT BOARD (TMB) (based on ISO/TMB Resolution 18/2012) and the belief is that this will enhance consistency, make it more generic and more easily applicable to service industries. Accordingly, ISO 9001:2015 has adopted this. The HLS is based on published information related to Annex SL and not directly the result of any particular published study or survey. ‘The aim of the HLS is to enhance the consistency and alignment of ISO MSS by providing a unifying and agreed upon high level structure, identical core text and common terms and definitions. The aim being that all ISO Type A MSS (Requirements) and Type B where appropriate (Guidance) are aligned and the compatibility of these standards is enhanced. It is envisaged that individual MSS will add additional ‘discipline-specific’ requirements as required. The intended audience of this HLS is the ISO Technical Committees (TC), Subcommittees (SC) and Project Committees (PC) and others involved in the development of MSS.'(SL 9.1). This approach is intended to increase value of such standards to users: particularly those operating multiple MSS simultaneously contained within one MSS (Integrated) The HLS forms the nucleus of future and revised ISO Type ‘A’ MSS and Type ‘B’ MSS (where possible). The primary intention is for organizations to have one management system (ISO supports this approach). Annex SL, Appendix 2 will make it easier to work with more than one management. System standard simultaneously; as it has standardized terminology and requirements for fundamental Management Systems and provides a l0-clause high-level structure, common definitions and text for all management system standards. Annex SL addresses the requirements for proposals for management system standards. It consists of 9 clauses and 3 appendices. The audience for this annex is primarily ISO technical committees who develop management system standards; however the impact of Appendix 2 of Annex SL will be felt by all users of management system standards in the future. Appendix 2 is in three parts: • High level structure, • Identical core text, • Common terms and core definitions.
  44. 44. ISO 9001:2015 43In future all management system standards will need to have these elements. In addition, there will be less confusion and inconsistency because common terms will all have the same definition and there will be common requirements across all the management system standards, for example the requirement to establish, implement, maintain and continually improve the management system. So what changes can and cannot be made? The high level structure (i.e. major clause numbers and titles) cannot be changed, however sub-clauses can be added. Discipline-specific text can also be added; For example: • New bullets • Discipline-specific explanatory text (e.g. Notes or Examples) • Discipline-specific new paragraphs to sub-clauses • Adding text that enhances (but does not modify) the existing requirements The common terms and core definitions cannot be changed. However, terms and definitions may be added as needed and Notes may be added or modified to serve the purpose of each standard. To facilitate the adoption of the core text the device ‘XXX’ is used. Throughout Annex SL for ‘XXX’ the appropriate reference needs to be inserted; for example in ISO 22000 ‘XXX’ needs to be replaced by “food safety” and in ISO 14001 the ‘XXX’ needs to be replaced by “environmental”. In addition the term discipline is used to describe the nature of the management system i.e. quality, environmental, service management, food safety, business continuity, information security or energy. This Annex applies to all Management System Standards – full ISO standards, Technical Specifications (TS) and Publicly Available Specifications (PAS) – but not to International Workshop Agreements (IWA). Examples of standards that it applies to are:  ISO 14001:2004 Environmental management systems – Requirements with guidance for use.  ISO/TS 16949:2009 Quality management systems – Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations Examples of standards that it does not apply to are:  ISO 19011:2011 Guidelines for auditing management systems  IWA 2:2007 Quality management systems – Guidelines for the application of ISO 9001:2000 in education. High level structure The major clause numbers and titles of all management system standards will be identical They are:
  45. 45. ISO 9001:2015 44Introduction 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement. Example of identical definitions:  Organization  Interested party  Policy  Objective  Competence  Conformity Example of identical requirements:  “Establish, implement, maintain and continually improve the management system.”  “Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization.” The Introduction, Scope and Normative references will have content that are specific to each discipline and each standard can have its own bibliography. Overall there is a reorganizing of management system requirements into this structure that may be unfamiliar to those using and assessing current MSS. However, some management system standards (such as ISO 22301:2012 Societal security – Business continuity management systems – Requirements) have already successfully migrated to this new structure. For management system auditors, it will mean that for all audits there will be a core set of generic requirements that need to be addressed, no matter which discipline. There are subtle language changes such as the change from document and records to documented information. The new text recognizes the use of the broad concept of risk and the need to understand risk in the context of the management system. It also encourages everyone to view preventive action as a broader concept than simply preventing an incident from occurring. The term preventive action has been replaced
  46. 46. ISO 9001:2015 45with “actions to address, risks and opportunities” and features earlier in the standard. The concept of preventive actions is very much embedded in the risk assessment. The new HLS does not require an organization to renumber existing documents’ Identical core text There are 45 “shall” statements (generating 84 requirements) in Annex SL Appendix 2, therefore there must be at least 45 “shall” statements with 84 requirements in all future management system standards. Obviously each discipline will have their own requirements, so the total for any new standard will have more – this is the minimum. The detailed content is: 1. Scope The Scope should define what the ‘intended outcome(s)’ are of the discipline. The term ‘expected outcome’ will not be used. Auditors should expect alignment between what the organization has determined in clause 4 with what is stated here.The scope sets out the intended outcomes of the management system. The outcomes are industry specific and should be aligned with the context of the organization Clause 2: Normative references Provides details of the reference standards or publications relevant to the particular standard. Clause 3: Terms & definitions Details terms and definition applicable to the specific standard in addition to any formal related terms and definitions standard. 4. Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the XXX management system 4.4 XXX management system As the flagstone of a management system, clause 4 determines why the organization is here. As part of the answer to this question, the organization needs to identify internal and external issues that can impact on its intended outcomes, as well as all interested parties and their requirements. It also needs to document its scope and set the boundaries of the management system – all in line with the business objectives. At first glance, clause 4 is radical and daunting, but on further consideration it makes sense