VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
ISO 9001:2015 Quality Management System Requirements
1.
2. Introduction of new clauses
Understanding organization and its context
Understanding needs and expectation of interested parties.
High level structure – Common clauses for QMS, EMS etc.
Leadership – Involvement of Top management.
Role of Management representative eliminated.
Quality policy and objective compatible with strategic direction
Integration of QMS requirements into business process.
Process approach as a requirement, instead of systematic approach.
Risk based thinking-Determination of risk to conformity of goods and services and to
customer satisfaction.
Product= Goods and Services.
Organizational resources: Knowledge as a resource= Knowledge bank.
Documented information= document and records. No mention of quality manual.
Vendors/ suppliers/outsourced process= External providers.
3. What is ISO?
ISO stands for International Organization for Standardization. It was founded in 1946
and is a non-governmental organization based in Geneva. It facilitates development of
consensus in formulating International Standards. These standards are voluntary in
nature.
What is ISO 9000?
It is an internationally recognized model for Quality Management System.
First published in 1987, revised in 1994, 2000 and again in 2008.
It is based on generally accepted practices and common sense.
It applies to manufacturing, process industries, software developers and service
companies.
It establishes a foundation to build a total quality management system.
The ISO 9000 series of standards is recognized by ove170+ countries.
4. Background to the Standards
The rules of ISO require that all standards are reviewed periodically to ensure that they
reflect the best practice in the particular subject and take into account any lessons that
have been learnt during the application of the standard. The outcome of these reviews is
that standards are either confirmed, revised or withdrawn.
In 1997, the Technical Committee (TC176) responsible for ISO 9000 series of standards
undertook a global survey of users and customers of the standards. The responses
received and the analysis of the same has formed an important input to the revision
process. In the same year 1997, TC176 also issued a document entitled “Quality
Management Principles and Guidelines on their application”. This document formed one
of the other design inputs to the ISO working group for the development of the revised
standards.
5. ISO 9000 Family of standards
The year 2015 family of ISO 9000 standards comprise of 3 primary standards:
ISO 9000: Quality Management Systems – Fundamentals and vocabulary
ISO 9001: Quality Management Systems – Requirements
ISO 9004:Quality Management Systems – Guidelines for Performance Improvements
Besides the above, there is a standard for auditing as described below:
ISO 19011: Guidelines for Quality And / Or Environmental Management System Auditing.
( IS/ ISO 19011:2002)
ISO 19011:2002 is intended to be applicable to both quality and environmental
management system audits.
Tailoring of the ISO 9001 requirements are permitted to omit requirements that do not
apply to an organization.
6. What does ISO 9000 Require?
Quality requirements must be clearly defined and communicated.
Everyone whose efforts will contribute to meeting the requirements of the standard
must have adequate training and documented procedures to follow.
The process of producing your product or service must be defined and controlled.
The organisation should establish objectives / Targets at functional level
The quality management system must be monitored by your internal audit system.
Corrective action / Preventive action programs must be in place to make needed
improvements.
Management must be actively involved in the system to assure that it is functioning
effectively.
Records and objective evidence must be maintained to demonstrate compliance with the
documented requirements of the system.
7. ISO 9000 Family of standards
The year 2015 family of ISO 9000 standards comprise of 3 primary standards:
ISO 9000: Quality Management Systems – Fundamentals and vocabulary
ISO 9001: Quality Management Systems – Requirements
ISO 9004:Quality Management Systems – Guidelines for Performance Improvements
Besides the above, there is a standard for auditing as described below:
ISO 19011: Guidelines for Quality And / Or Environmental Management System Auditing.
( IS/ ISO 19011:2002)
ISO 19011:2002 is intended to be applicable to both quality and environmental
management system audits.
Tailoring of the ISO 9001 requirements are permitted to omit requirements that do not
apply to an organization.
8. Customer focus
Organization depend on customers and therefore need to understand current and
future needs and meet/exceed requirements and expectation.
Leadership
Leaders establish unity of purpose and provide direction. They also provide an
environment in which people are involved and objectives are achieved.
Engagement of people
People are the essence of the organization, full involvement and realization of true
potential will maximize benefit of the organization.
Process approach
Desired results are achieved more efficiently when related resources and activities
are managed as a process.
Improvement
When considered to be a permanent objective helps the organization to go
forward.
Evidence-based decision making
Ensures decisions are based on established and analysed data.
Relationship management
Creates partnership with common goals.
9.
10.
11.
12. The Organization shall determine external and internal issues that
are relevant to its purpose and its strategic direction that affect its
ability to achieve the intended results of its QMS.
External context- Key drivers and trends which can have an impact
on the objective of the Organization including customers changing
needs.
Social, cultural, Legal, Regulatory, financial, technological, political,
economic, natural and competitive environment whether
international, national, regional or local.
Internal Context- Governance, Organizational structure, roles and
responsibility, policies, Objectives, Resources inadequacy,
relationship with internal stake holders and organization culture, the
form and extent of contractual relationship, information systems-
information flow and decision making processes.
13. What is the context of an organization?
Let’s begin with examples of your internal context.
Your company’s vision, mission, strategic objectives and direction,
your org chart, SOPs, resources, culture, contractual relationships –
these and more, are factors you should consider when making all
decisions and when addressing uncertainties about the future.
On the other hand, the legal, social, political, regulatory, financial,
economic, key drivers, trends, natural and competitive environment,
and perceptions of external stakeholders (or interested parties) are
all part of your external context. Each of these factors should be
considered in the course of business leadership, when managing risk
or uncertainty, and when making decisions that may affect the
quality or service you provide.
14. Due to their effect or potential impact on the organization`s ability to
consistently provide products and services that meet customer and
applicable statutory and regulatory requirements, the organization shall
determine:
◦ The interested parties that are relevant to the QMS.
◦ The requirements of these interested parties that are relevant to the QMS.
Organization shall monitor and review information about these
interested parties and their relevant requirements.
Interested parties : Are those groups or individuals who have ability to
impact or potential impact the organizations ability to meet customer,
statutory or regulatory requirements. E.g.-
Customers,shareholders,competitors, end users, suppliers, distributors,
retailers, regulators, and other relevant interested parties.
Intention:
◦ Anticipate current and future needs.
◦ Could lead to identification of opportunities for improvement and innovation.
15. Consider
◦ External and internal issues (Context) referred in 4.1 cla
◦ Requirement relevant to interested parties.
Describe in terms of:
◦ Products and services,
◦ Main processes involved
◦ Sites where processes are operated.
Exclusion: (New requirement)
◦ Justification when a requirement cannot be applied.
Scope must me documented.
ABC Company Scope
Location
Assembly of Dee-Blast Sandblasting Machines
Exclusions of the ISO 9001:2015 standard: Clause 8.3 Design and development, with
justification.
use,
16. The Organization shall establish, implement, maintain and continually
improve a QMS, including the process needed and their interactions.
The organization shall determine the process needed for QMS, the
organization shall determine:
◦ The inputs required and the outputs expected from these process.
◦ The sequence and interaction of these processes.
◦ Apply criteria and method including monitoring, measurement and related
performance indicator to ensure effective operation and control of these
processes.
◦ Resources needed for these processes and ensure their availability
◦ Assign responsibility and authorities for these processes.
◦ Address the risks and opportunities as determined
◦ Evaluate the process and implement any change needed to ensure that these
process achieve the intended results.
The Organization shall maintain documented information to the extent
necessary to support the operation of the processes and retain
documented information to the extent necessary to have confidence that
the processes are being carried out as planned.
19. 5.1.1 General
Top management shall demonstrate leadership and commitment with
respect to the quality management system:
Taking accountability of effectiveness of QMS
Ensuring quality policy and objectives are established for QMS and
are compatible with the context and strategic direction.
Integration of QMS requirement into the organization business
process
Promoting the use of process approach and risk based thinking
Ensuring that resources needed for QMS are available
Promoting improvement
20. 5.1.2 Customer focus
Top management shall demonstrate leadership and commitment with
respect to customer focus by ensuring that:
Customer requirement and applicable statutory and regulatory
requirements are determined and met
Identify and address risk sand opportunities that can affect the
conformity of the product and services.
Focus on enhancing customer satisfaction is maintained.
21. 1. Establishing the quality policy
Top management shall establish, implement and maintain a quality
policy that:
Is appropriate to the purpose and context of the organization and
supports its strategic direction
Provides framework for setting quality objectives
Commitment to satisfy applicable requirements
Commitment to continual improvement
2. Communicating the quality policy
The quality policy shall:
Be documented and maintained
Be communicated, understood and applied within the organization
Be available to relevant interested parties.
22. Top management shall ensure that the roles, responsibilities and
authorities are assigned, communicated and understood within the
organization.
Top management shall assign the responsibilities and authorities for:
Ensuring QMS conforms the requirements of the international
standard
Reporting performance of QMS and opportunities for improvement
to the top management
Ensuring promotion of customer focus throughout the organization
23.
24. 1.When planning for the QMS , the organization shall consider the
issues referred to in 4.1 clause( context of the organization) and the
requirements referred to in 4.2 clause( needs of interested parties) and
determine risk and opportunities that need to be addressed.
2. Organization shall:
Plan actions to address risk and opportunities-could include
avoidance, mitigation, elimination or acceptance.
Can use hierarchy of control- eliminate, substitute, engineering
control, administrative control, acceptance.
25. 6.2.1 The organization shall establish quality objectives at relevant
functions , levels and process needed for QMS:
The objectives shall :
Be consistent with the quality policy
Be measurable
Take into applicable requirement ( statutory and r
Be monitored
Be communicated
Be updated as appropriate.
The organization shall maintain documented information(records) on
quality objectives.
egulatory)
26. 6.2.2 The organization shall determine following things while defining
objectives:
What will be done
What resources will be required
Who will be responsible
When it will be communicated
How the results will be evaluated.
The organization shall maintain a matrix to define the following above
points.
27. When the organization determines the need for changes to the QMS
system the changes shall be carried out in planned manner.
The organization shall consider:
Potential consequence of change
Integrity of the QMS
Availability of the resources
Allocation or reallocation of responsibilities and authorities
A change management form can be defined which has Description of
change, resources required, impact of change, requester, approver,
stake holder, risks, date of change, planned date, actual date,
acceptance, exit plan- monitoring and evaluation.
28.
29. 1. General
Organization shall determine and provide resources needed for
establishment, implementation, maintenance and continual
improvement of QMS.
The organization shall consider
Capabilities of, and constrains on, existing internal resources.-
resource requirement and planning. Administrative resources, IT,
Maintenance, Manpower
What needed to be obtained from external providers.
2. People
The organization shall determine and provide the persons necessary for
the effective implementation of its QMS and for the operation and
control of its processes.
30. 3. Infrastructure
Organization shall determine, provide and maintain the infrastructure
required for operations of its process.
Infrastructure can include- building and associated utilities,
equipment's, hardware and software, transportation requirement, IT.
4. Environment for the operation of process
Organization shall determine, provide and maintain the environment
required for operations of its process.
E.g.- A suitable environment can be combination of human and physical
factor, such as
Social, psychological, physical factor.
31. 7.1.5 Monitoring and measuring resources
7.1.5.1 General
Organization shall determine and provide resources needed to ensure
valid and reliable results when monitoring or measuring is used to
verify the conformity of products and services to requirements.
The organization shall determine the monitoring and measuring
equipment's required for its process.
E.g.- Calibration equipment- Weighing scale for measuring weight etc.
Calibration of person in service industry- Call calibration.
Organization shall retain documented information (Calibration record)as
evidence of fitness.
32. 7.1.5 Monitoring and measuring resources
7.1.5.2 Measurement traceability
When traceability is a requirement for organization , monitoring and
measuring equipment shall be:
Calibrated or verified at specified interval against measurement
standards traceable to international or national standard , when no
such standard exist the basis used for calibration or verification
shall be retained as documented information.
Equipment shall be identified in order to determine the status. Tag
shall be provided determining the identification of equipment along
with calibration status on it.
Method of control of equipment for safeguard of equipment's from
adjustment, damage or deterioration.
33. 7.1.6 Organizational knowledge
The organizational shall determine the knowledge necessary for the
operation of its process and to achieve conformity of products and
services.
The knowledge shall be available to the extent necessary.
Organizational knowledge can be
◦ Internal sources e.g. Knowledge gained from experience, lessons
learned from failures, one page learning.
◦ External sources e.g. standards, academia, conferences, trainings
, knowledge from customer.
34. The organizational shall
Determine the necessary competence of persons doing work under
its control that affects the performance and effectiveness of the
QMS.
E.g.- Job description –Roles and responsibility for each position of
the company.
Ensure that these person are competent on the basis of appropriate
education, training or experience.
E.g.- Competency mapping for all employees.
Where applicable take actions to acquire the necessary competence,
and evaluate the effectiveness of the actions taken.
E.g.- Training need analysis shall be done.
Retain appropriate documented information as evidence of
competence.
E.g.- Competency matrix, Training need analysis, training record.
35. The organizational shall ensure the person doing work in organization
is aware of:
The quality policy
Relevant quality objectives
Their contribution to the effectiveness of the QMS, including
benefits of improved performance
The implication of not conforming with the quality management
system requirements.
36. The organizational shall determine the internal and external
communication relevant to the QMS , including:
On what it will communicate
When to communicate
With whom to communicate
How to communicate
Who communicates
E.g.- 1. Communication with interested parties like government bodies.
2.Communication on changes in QMS system to the company employees.
37. 7.5.1 General
The organization's QMS shall include:
Documented information which shall be a document or a record as
evidence.
Documentation is required for, but not limited to:
◦ Scope
◦ Processes
◦ Quality policy
◦ Quality objectives
◦ Measuring resources
◦ Competences
◦ Calibration report
38. 2.Creating and updating
When creating and updating documented information, the organization shall
ensure :
Identification and description ( e.g.- Title, date, author, revision number,
reference number).
Format (e.g.- language, software version) and media (e.g.- paper,
electronics)
Review and approval for suitability and adequacy.
E.g.- Document- SOP for Customer service, Document number- XXX-CS-
001, Date- 01.04.2017, Version- 1.0
3.Control of documented information
Documented information shall be
Available and suitable for use when and where required
Adequately protected
Distribution, access, retrieval and use
Storage, preservation, version control, retention and disposition
39. 8.1 Operational planning and control
The Organization shall plan, implement and control the process needed
to meet requirement for the provision of product and services.
The organization shall determine the requirements for product and
services.
Establish criteria for the process
Establish criteria for the acceptance of products and services
Determine the resources needed to achieve conformity
Implement actions to address risks and opportunities.
Determine, maintain and retain documented information to the
extent necessary.
Includes control over outsourced process
E.g.- Determine a process Do risk assessment implement action to
address risk.
40. 2. Requirements for products and services
1.Customer communication Communication
with customer shall include
Providing information relating to products and services
Handling enquiries, contracts or orders, including changes.
Obtaining customer feedback relating to products and services,
including customer complaints.
Handling or controlling customer property
Establishing specific requirements for contingency action, when
relevant.
2. Determining the requirements for products and services
The requirements for product and services are defined, including
Any applicable statutory and regulatory requirement
Those considered necessary by organization
41. 8.2 Requirements for products and services
8.2.3 Review of requirements for products and services
The organization shall conduct a review before committing to supply
products and services to a customer, to include:
Requirement specified by the customer, including delivery and post
delivery activities
Requirement not stated by the customer, but necessary for the
specified use.
Requirements specified by the organization
Statutory and regulatory requirements
Contracts or order requirements differing from previous one.
The customer requirements shall be confirmed by the organization
before acceptance, when the customer does not provide a
documented statement of their requirements.
Organization shall retain documented information on the results of
review, on any requirements for the products and services.
42. 8.2 Requirements for products and services
8.2.4 Changes to requirements for products and services
The Organization shall ensure that relevant documented information
is amended for any change in the order requirements.
Relevant person should be made aware about the changed
requirements.
43. 3. Design and development of products and services.
1. General
The organization shall establish, implement and maintain a design and
development process.
2. Design and development planning.
In determining the stages and control for design and development, the
organization shall consider:
The nature, duration, and complexity of the design and development
activities
Stages of design and development reviews.
Design and development verification and validation
Responsible and authorized person for design and development.
Resource required for design and development
Controls defined and documented information to demonstrate the
requirement.
44. 3. Design and development inputs
The organization shall consider:
Functional and performance requirements.
Information derived from previous similar design
Statutory and regulatory requirements.
Standards or codes of practice of the organization.
Documented information of inputs to be retained.
4. Design and development controls.
The organization shall apply control on design and development
process to ensure that:
The results to be achieved are defined.
Reviews are conducted to ensure requirements are met.
Verification and validation activities are conducted to meet the
requirements.
Necessary actions to be taken in case of deviation or design issue.
Documented information of the same is retained
45. 5. Design and development outputs
The organization shall ensure that design and development outputs:
Meet the input requirements.
Are adequate for the subsequent processes for the provision of products
and services.
Include monitoring and measurement criteria and acceptance criteria.
Specify characteristics of the products and services that are essential for
their intended purpose.
Documented information of outputs to be retained.
6. Design and development changes.
The organization shall identify, review and control changes of the
designs.
The organization shall retain documented information on:
◦ Design and development changes.
◦ The results of review
◦ The authorization of changes
◦ Actions taken to prevent adverse impacts.
46. 8.4 Control of externally provided processes, products and services.
8.4.1 General
The organization shall ensure that externally provided processes, products
and services conforms to requirements:
Externally provided means:
Products and services from external providers which are used in
organization`s own product and services.
Products and services provided directly to customer by external
providers on behalf of the organization.
A process, or part of a process, is provided by an external provided as a
result of a decision by the organization.
The organization shall determine and apply criteria for:
Evaluation
Selection
Monitoring of performance
Re-evaluation of external providers.
The organization shall retain documented information of these activities.
47. 2. Type and extent of control
The organization shall ensure that externally provided processes, products and
services do not adversely affect the organization`s ability to consistently deliver
conforming products and services to its customers.
The Organization shall:
Ensure that externally provided processes remain within the control of its QMS
Define controls on externally provider.
Consider potential impact it can have on the organizations products and process.
Consider effectiveness of controls applied by the external provider.
3. Information for external providers.
The organization shall communicate to external providers its requirements for:
The processes, products and services to be provided
The approval of products and services, methods, process and equipment, the
release of products and services.
Competence, including any required qualification
Control and monitoring of the external providers performance to be applied by
the organization.
48. 8.5 Product and service provision
8.5.1 Control of production and service provision
The Organization shall implement production and service provision
under controlled condition that includes:
The availability of documented information that defines the
characteristics of the product produced, the service to be provided,
or the activities to be performed and the results to be achieved.
The availability and use of suitable monitoring and measurement
resources.
Implement monitoring and measurement activities at various stages.
Appoint competent person.
Validation of process.
Implement action to prevent human error
Implementation of release, delivery and post delivery activities.
49. 8.5.2 Identification and traceability
The Organization shall use suitable means to identify outputs when
it is necessary to ensure the conformity of products and services.
The organization shall identify the status of outputs with respect to
monitoring and measurement requirements throughout production
and service provision.
The organization shall control the unique identification of the
outputs when traceability is a requirement,
A documented information shall be maintained to enable
traceability.
Example:
Ensure input materials and final products are:
– appropriately identified at receipt, and during processing, storage and
sale; and
– traceable both forward (to your immediate customers) and backwards
(to your suppliers).
50. 3. Property belonging to customers or external providers.
The Organization shall exercise care with property belonging to
customers or external providers while it is under the organizations
control or being used by the organization.
The organization shall identify, verify, protect and safeguard customer
or external provider`s property.
When the property of customer or external party is lost, damaged or
otherwise found to be unsuitable for use, organization shall report this
to customer or external provider.
Customer property – Materials provided by supplier, components, tools and
equipment's, premises, intellectual property or personal data.
4. Preservation
The organization shall preserve the outputs during product and service
provision to the extent necessary to ensure conformity to requirements.
Preservation include- Identification, handling, contamination control,
packaging storage, transmission or transportation and protection.
51. 5. Post delivery activities.
The Organization shall meet requirements for post delivery activities associated
with the products and services.
The Organization shall consider:
◦ Statutory and regulatory requirements
◦ The potential undesired consequences (RISK) associated with the products
◦ The nature, use and intended life time of its products and services.
◦ Customer requirements
◦ Customer feedback.
Post delivery activities are- under warranty provision, contractual obligation such as
maintenance services (AMC), supplementary services.
6. Control of changes
The organization shall review and control changes for production and service
provision, to the extent necessary.
Document shall be retained detailing the review of change, person authorizing the
change, any action arising from the review.
E.g.- A change management form can be defined which has Description of change,
resources required, impact of change, requester, approver, stake holder, risks, date of
change, planned date, actual date, acceptance, exit plan- monitoring and evaluation.
52. 8.6 Release of products and services.
The Organization shall implement planned arrangements, at
appropriate stages, to verify that the product and service
requirements have been met.
The release of products and services to the customer shall not
proceed until the planned arrangements have been satisfactorily
completed.
The Organization shall retain document for release of products and
services. The document shall include;
Evidence of conformity with the acceptance criteria.
Traceability of the person authorizing the release.
53. 7. Control of non conforming out puts.
The organization shall ensure that outputs that do not conform to
their requirements are identified and controlled to prevent
unintended use or delivery.
The organization shall do the following:
◦ Correction of the issue
◦ Segregation , containment, return or suspension of provision,
◦ Inform the customer ( for non conformity identified after the
delivery)
◦ Obtaining authorization for acceptance under concession.
The organization shall document
◦ Description of non conformity
◦ Action taken
◦ Authorized person to accept the non conformity.
54. 1. Monitoring, measurement, analysis and evaluation
1. General
Determine what to monitor and measure
Determine methods for monitoring, measurement, analysis and
evaluation.
Evaluate the quality performance and effectiveness of the QMS.
2. Customer satisfaction
Obtain information on customers views and opinions of the organization
and its products and services.
E.g.- Satisfaction surveys, feedbacks, market share analysis,
compliments etc.
3. Analysis and evaluation
The results of analysis shall be used to evaluate
◦ Conformity of products and services
◦ Degree of customer satisfaction
◦ Performance and effectiveness of QMS
Performance of external provider
◦ Improvements to QMS.
55. 9.2 Internal audit
The organization shall conduct internal audit at planned interval.
Audit to be conducted as per organizations own requirement for its
QMS and as per ISO 9001:2015 standard requirement.
The organization shall prepare the following:
◦ Audit plan
◦ Audit programme
◦ Audit checklist
◦ Responsible person
Select auditors and conduct audit to ensure objectivity and
impartiality of the audit process
Results of audit reported to management
Take appropriate correction, root cause analysis, corrective action
Retain documents of audit.
56. 9.3 Management review
1. General
Top management shall review the organizational QMS at planned interval to
ensure its continuing suitability, adequacy, effectiveness and alignment with the
strategic direction of the organization
2. Management review inputs
The inputs shall include
Status of actions from previous management reviews
Changes in external and internal issues that are relevant to QMS.
Performance and effectiveness of QMS for
◦ Customer satisfaction and feedbacks from relevant interested parties
◦ Status of quality objectives
◦ Process performance and conformity of products and services
◦ Non conformities and corrective actions
◦ Monitoring and measurement results
◦ Audit results
◦ Performance of external providers.
Adequacy of resources
Effectiveness of actions taken to address risks and opportunities
Opportunities for improvement
57. 9.3 Management review
9.3.3 Review outputs
• Opportunities for improvement
• Any need for change in QMS
• Resource needs.
58. 1. General
Determine and select opportunities for improvement
Implement necessary actions to;
◦ Improve processes
◦ Improve product and services
◦ Improve QMS results
Improvement can be effected:
◦ Reactively (e.g.-corrective action)
◦ Incrementally (e.g.- continual improvement)
◦ By step change (e.g.- breakthrough)
◦ Creatively (e.g.- innovation)
◦ By re-organization (e.g.- transformation)
59. 2. Non conformity and corrective action
React to non conformity
Take action to control and correct it
Deal with the consequences
Evaluate the need for action to eliminate the causes of the non
conformity, in order that it does not recur or occur elsewhere
(PREVENTIVE ACTION).
Record nature of the nonconformities and any subsequent action taken.
3. Continual Improvement
Continually improve:
◦ Suitability
◦ Adequacy
◦ Effectiveness of QMS
Consider output of:
◦ Analysis and evaluation
◦ Management review
Select and utilize applicable tools and methodologies to investigate
causes of underperformance.