1. ADDENDUM 1 to ISO
Presentation
INTERPRETATION AND SUGGESTED
CHANGES TO SYSTEM
2. Reference documents
• ISO 9001:2008 standard
• ISO9001:2015 standard
• ISO 9001:2015 ppt uploaded in slideshare
3. Today’s Scenario
• After the new version of the standard has been
released, third party auditing agencies are
certifying organisations in a hurry.
• Some consultants are trying to reduce the
importance of changes by interpreting as if
standard supports status quo.
• Are we going to follow these people?
• Or are we going to remain passionate to the spirit
of Quality System?
• This slide show is an attempt to rekindle that
spirit of 90s.
5. 1. SIPOC- The definition of a process
• Six sigma process mapping speaks about
drawing SIPOC to understand process in the
first level. SIPOC can be expanded as Supplier,
Inputs, Process Outputs and customers.
• now this is included in ISO standard with the
terminology as sources of Inputs, Inputs,
activities, Outputs and Receiver of Outputs.
• The organisation may take note of this.
8. 2. PDCA Picture now has requirements
from interested parties
• As the standard expands it scope from customer to
interested parties inputs also have been shown to be
emanating from interested parties.
• The second new arrow mark is for organisation and its
context which must incorporate risks and
opportunities.
• It is very interesting that on other side satisfaction of
interested parties is not shown which means that
needs of interested parties are taken only to serve the
customer better and not to satisfy interested parties.
This is a key difference between ISO and award models.
9. 3. Risk based thinking
• In every process which is followed, there are
inherent risks. They could be due to changes in
materials, changes in people, customer or source
of power etc.
• Are these considered while implementing the
standard?
• If so, what are the counter measures proposed?
• Again, there is no requirement for documentation
of this exercise. But it is expected that FMEA
could be one of the documents expected.
• WHAT ARE POSITIVE RISKS? (To be debated)
10. Changes in clauses from 2008 to 2015
• 2008
• 4. Quality Management
system
• 5. Management
responsibility
• 6. Resource Management
• 7. Product Realisation
• 8. Measurement ,
Analysis and
Improvement
• 2015
• 4. Context of the
Organisation
• 5. Leadership
• 6. Planning
• 7. Support
• 8. Operation
• 9. Performance
evaluation
• 10. Improvement
11. How system should be defined to
address 4.1
• A mechanism to review latest regulatory
requirements and market changes
• Nomination of suitable agencies or managers
to identify the needs of interested parties
• After considering issues, needs of interested
parties, products and services of the
organisation the scope of QMS should be
defined/modified.
12. Process mapping
• A robust system of mapping the processes is
need to be introduced.
• Many make flow charts mechanically with no
purpose.
• The maps have to make the sixdimensions of
the process explicit.
• Sources of Inputs, Inputs, Activities, Outputs,
Receivers of outputs, Controls and measures.
13. Clause
no
2015 2008 Actions required for upgrade
programme
5.1.1 Scope of commitment
enhanced to include
especially
a) accountability for
effectiveness of QMS
b) integration of QMS
requirements into business
processes
c) promoting the use of
process approach and risk
based thinking
d) promoting improvement
e) supporting other
management roles
Restricted to
communicating,
establishing
policy, objectives
etc
Accountability of Top Management
needs to be understood as “Buck
stops here” . Theoretically, any
lapse in QMS implementation now
can be attributed to management .
Top management people need to
get visibly involved in QMS and
ensure integration of QMS and day
to day activities.
Since there is no MR, CEO should
now function as de facto MR and
encourage a team to supervise
QMS not on an audit to audit basis
but on daily basis.
14. Clause
no
2015 2008 Actions required for upgrade
programme
5.1.2 Scope of customer focus
enhanced to include
especially
a) customer, statutory and
regulatory requirements
are understood
b) Risks and opportunities in
products are determined
and addressed.
It was 5.2
Restricted to
ensuring
customer
requirements are
met and
enhancing
customer
satisfaction
Top Management should
document all statutory and
regulatory requirements for the
products and services in the
markets they serve. Now this
cannot be left to a routine
departmental functionary.
As Risk management is new in the
standard, the risk assessment
exercise for the products and
services should be led by top
management.
15. Clause
no
2015 2008 Actions required for upgrade
programme
5.2.1
5.2.2
Establishing Quality policy
Addition
Policy should support its
strategic direction
Addition
Communication should not
only be for employees but the
policy should be made
available to interested parties
also
It was 5.3 earlier Policy should support strategic
direction-. This means that after
every strategic meeting the
Management must review the
Quality policy (not just
periodically).
New businesses, new services and
new collaborations may demand
change in the policy.
Just like EMS standard, ISO 9001
also has asked the policy to be
made available to interested
parties through website or through
news letters.
16. Clause
no
20 15 2008 Actions required for upgrade
programme
5.3
Roles
and
responsi
bilities
This clause now combines
what was earlier under
Management Representative.
QMS planning is also
combined.
Emphasis
a) Ensuring that processes
are delivering their
intended outputs.
b)
It was 5.5 earlier Management representative post
can be dissolved and can be
replaced by Quality systems
Manager assisted by a team.
This team should have 4 functions
to enable that processes will
deliver the intended outputs.
1) Quality Planning
2) Quality system Audits
3) Process Measurement and
analysis
4) Product Quality measurement
and analysis
17. Clause
no
2015 2008 Actions required for upgrade programme
6.1
Actions
to
address
risks
and
opportu
nities
Determine risks and
opportunities which
would
a) Enhance
desirable effects
b) Reduce
undesirable
effects
c) Achieve
improvement
This was not
there
In the context of the external issues and internal
challenges, a risk assessment frame work should
be developed which would evaluate the risks
and opportunities.
A severity rating of 1-20 can also be defined so
that those who are of high risks can be selected.
The counter measures for these risks (avoidance
is the best) should be given so that they can be
followed.
Example
Diesel cars to be banned – counter measure
divert the plant capacity for diesel generator
production.
It would require intense work to work on
opportunities in the horizon. Note 1 and Note 2
can help.
18. Clause no 2015 2008 Actions required for upgrade programme
6.2
Quality
Objective
s and
planning
to
achieve
them
Objectives shall be
monitored and
updated.
Planning now has
been made clear
with what, when,
how etc
Earlier it was
covered
under 5.4.2
Objectives should be monitored and progress
reported.
Similarly, the objectives shall be updated if the
situation warrants.
19. Clause no 2015 2008 Actions required for upgrade programme
6.3
Planning
of
changes
Planning of changes
Emphasis
Allocation and
reallocation of
responsibilities
Somewhat
covered
under 5.4.2
Change Management should be now a defined
process.
This will help proper implementation.
20. Clause no 2015 2008 Actions required for upgrade
programme
7.1
Resources
7.1.1
7.1.2 People
7.1.3
Infrastructure
7.1.4
Environment
for the
operation of
processes
In 7.1.1 emphasis is on
Capabilities and
constraints on internal
resources and also
external providers
Emphasis from products
to processes
Nothing much added
Social, psychological and
physical now included
Similar to 6.1
Similar to 6.2
Similar to 6.3
Only physical
Constant updation of position of
resources and external providers is
needed.
--
---
It is going to be a big challenge to
know how social and psychological
environment will be determined and
provided and maintained. This is the
toughest clause in the standard.
21. Clause no 2015 2008 Actions required for upgrade
programme
7.1.5
Monitoring
and measuring
resources
7.1.5.1 general
7.1.5.2
Traceability
7.1.6
organisational
knowledge
Resources should be
provided for monitoring
and measurement.
Surprisingly, Knowledge
is separate clause under
7.1 resources and
competence is separate.
Partly replaces
7.6 for
calibration
and also
traceability
7.5.3
Identification
and
traceability
New
Apart from calibration of equipment
and devices, the entire monitoring
of products and services should be
governed with proper resources.
No extra requirement as far as the
calibration is concerned.
Knowledge management via
Libraries, standards, technical
bulletins and web sites (intra
company) are required to preserve
and spread knowledge as a
resource.
22. Clause no 2015 2008 Actions required for upgrade
programme
7.2
Competence
7.3 awareness
7.4
communication
By and large same with
determination of
competence required
and ensuring that the
competence is
maintained.
Except that now it says
“ performance and
effectiveness of Quality
Management system”
instead of product.
Specifically highlighted
for quality policy and
objectives.
Internal and external
communication
Earlier 6.2.2
but that time
it was only for
product.
Earlier part of
6.2.2
Internal was
5.5.3
Competence should be
determined not only for those
affecting product quality but also
for all activities concerned with
QMS. This will expand the
requirement of competence for
areas like Admin, Vendor
development and HR.
Nothing much added.
New system needs to be
developed for external
communication
23. Clause no 2015 2008 Actions required for upgrade
programme
7. 5
Documented
Information
7.5.1 general
7.5.2 Creating
and updating
7.5.3 Control
of
documented
information
All types of documents
namely procedures,
documents and records
are covered
Quality Manual is no
more mandated.
Pretty much the same
Protection of documents
and access control is now
included in the control.
Mention of obsolete
documents is deleted.
Earlier 4.2.1
Earlier 4.2.3
4.2.3 and
4.2.4
Unification of the treatment for all
documented information would be
required. The debate on what is a
record and want is a document is no
more relevant.
The clause now embraces electronic
versions more than paper versions
and hence it is needed to switch
over the implementation to
electronic documents.
24. Clause no 2015 2008 Actions required for upgrade
programme
8
8.1
Operational
Planning and
control
Determine how to
control the processes in
line with planning done
in clause no 6.
Criteria for both
processes and products
mentioned.
Documented information
necessary to the extent
of creating confidence
that processes have been
carried out and for
conformity of products.
It covers outsourced
processes also.
Link to higher
level plan was
absent.
Outsourced
processes was
not covered.
Operational plan has to be in
alignment with the plan for the QMS
or business.
Operational planning extends to
processes and products which
means those processes which are
not linked an output like a product
but which are essential for QMS like
Training are also covered now.
25. Clause no 2015 2008 Actions required for upgrade
programme
8.2
Requirements
for Products and
services
8.2.1 customer
communication
8.2.2
Determining
requirements
8.2.3
Review of
requirements
8.2.4 changes to
requirements
Customer property now merged
in this clause. Establishing
contingency actions is new.
No addition
No addition
Changes should be intimated to
all
Earlier 7.2.1
7.2.2 and
7.2.3
What are contingency
actions?
Change notification to be
strengthened
26. Clause no 2015 2008 Actions required for upgrade
programme
8.3 Design and
development of
products and
services
8.3.1 General
8.3.2 Design and
Development
planning
8.3.3 Design and
Development
Inputs
8.3.4 Design and
Development
Controls
Involvement of customers and users
in the design process mentioned
No additional requirement
The requirements in Design are
consolidated and explained in one
clause
7.3
7.3.1
7.3.2
---
System to involve users and
customers to be
strengthened
27. Clause no 2015 2008 Actions required for upgrade
programme
8.3.5 Design and
Development
outputs
8.3.6 Design and
development
changes
Referencing to “monitoring and
measuring requirements”
added instead of only
acceptance criteria
No addition
Actions taken to adverse
impacts added explicitly
7.3.3
7.3.7
Acceptance criteria was only for
product whereas monitoring
and measuring will encompass
28. Clause no 2015 2008 Actions required for upgrade
programme
8.4 Control of
Externally provided
processes , products
and services
8.4.1 General
8.4.2 type and
extent of control
8.4.3 information
for external
providers
Expanded to externally
provided processes instead
of limiting to purchasing
activity
External process should
remain within control of
QMS
No significant addition
7.4
7.4.2
This needs efforts to bring
outsourced processes within the
ambit of QMS.
Consolidated review is required to
be done to cover the
communication to vendors
29. Clause no 2015 2008 Actions required for upgrade
programme
8.5 production
and service
provision
8.5.1 control of
production and
service
provision
8.5.2
Identification
and traceability
8.5.3 Property
belonging to
customers
Implementation of actions to
prevent human error added
No additional requirement
No additional requirement
7.5
7.5.1
7.5.3
7.5.4
Poka Yoke to be started
30. Clause no 2015 2008 Actions required for upgrade
programme
8.5.4
Preservation
8.5.5 Post
Delivery
activities
8.5.6 Control
of changes
8.6 Release of
products and
services
No additional requirement
New requirements explicitly stated
now that the company should carry
out post delivery activities as agreed
or as required by regulatory
requirements.
Obvious requirement stated for
emphasis.
No addition
7.5.5
8.2.4
System for warranty provision
exists however system for
recycling and disposal need to
be developed.
Changes not only in design but
in production documents need
to be regulated
31. Clause no 2015 2008 Actions required for upgrade
programme
8.7 Control of
non
conforming
products
8.7.1
8.7.2
Terminological change done
as
Correction, segregation,
containment informing the
customer and obtaining
permission
Retain documented
information about the non
conformity and resolution of
the same
8.3
8.3
Suitable changes need to be done in
documents
32. Clause no 2015 2008 Actions required for upgrade
programme
9 Performance
evaluation
9.1 Monitoring ,
measurement,
analysis and
evaluation
9.1.1 General
9.1.2 Customer
satisfaction
9.1.3 Analysis and
evaluation
Language simpler and more
clear to indicate the way
measurement needs to be
organised.
No additional requirement
Language made clear about
analysis
8.1
8.2.1
8.4
Quality plans can be synchronised
with the requirement. Those having
Control plans may not require any
action.
33. Clause no 2015 2008 Actions required for upgrade
programme
9.2 Internal
audit
9.2.1
9.2.2
9.3
Management
review
9.3.1
9.3.2 Inputs
9.3.3 outputs
No significant addition
No significant addition
Effectiveness of actions taken to
address risks and opportunities
No addition
8.2.2
5.6
As a logical step management
review needs to review status of
counter measures to risks
34. Clause no 2015 2008 Actions required for upgrade
programme
10 Improvement
10.1 General
10.1.1
10.2.1 Non
conformity and
corrective action
10.2.2
Documentation
10.3 Continual
improvement
Preventing and reducing
undesired effects added
Corrective action explained
clearly
The intent behind this clause
is not clear. Earlier the
preventive action was clear
but now we need to debate
and find suitable way to
implement the clause.
8.5.1
Some take a view that since the
risks are already identified, the
preventive action clause is no ore
needed. Then the preventive
action can be maintained under
10.3