asq buffalo roadshow rise above the revison maze … is09001-2015.pdf · sr. product manager,...
TRANSCRIPT
Implementing ISO9001:2015
Copyright © 2015 BSI. All rights reserved.
John DiMaria; CSSBB, HISP, MHISP, AMBCISr. Product Manager, Systems Certification - Americas
• Understanding the New Direction of Standards
• Navigating the ten clauses Annex SL/Directive 1
• Key changes that are expected for ISO 9001
• Breakout sessions I – Leadership and Planning
• Breakout sessions II – Risk and Planning
• Discussion and closing
Copyright © 2015 BSI. All rights reserved.
Understanding the New Direction of Standards
Navigating the ten clauses Annex SLThe New High Level Structure (HLS)
19/10/2015Copyright © 2015 BSI. All rights reserved.
Copyright © 2015 BSI. All rights reserved.
• Easier integration of multiple standards, using a common foundation and common language
• Increase involvement of Top Management
• Decrease the emphasis on Documentation
• Increase the emphasis on Achieving Value for the Organization and its customers
• Increase emphasis on Risk Management to achieve objectives
Reasons For The Changes
Copyright © 2015 BSI. All rights reserved.
Annex SL
Annex SL
ISO 9001Quality management
system
ISO 14001Environmental
management system
ISO 45001Health & safety
ISO 22301Business continuity
management
ISO/IEC 27001Information security
TS 16949 Automotive
Copyright © 2015 BSI. All rights reserved.
ANNEX SL (HLS)
• Annex SL • high level structure, • identical core text, • common terms and core definitions.
ISMS specific requirementsISMS specific requirements
EMS specific requirementsEMS specific requirements
QMS specific requirementsQMS specific requirements
BCMS specific requirementsBCMS specific requirements
Annex SLHigh level structure, identical core text, common terms and core definitions
Annex SLHigh level structure, identical core text, common terms and core definitions
Ten clauses of the new Annex SL –Directive 1 for ISO Management Systems
19/10/2015
• Annex SL describes the framework for a generic management system. However, it requires the addition of discipline-specific requirements to make a fully functional quality, environmental, service management, food safety, business continuity, information security and energy management system standard
• ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014
• High level structure, identical core text, common terms and core definitions – 10 Main Clauses
Copyright © 2015 BSI. All rights reserved.
Directive 1 – 10 Clauses
19/10/2015
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
Implement Once, Comply Many
High Level Structure4 Context of organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance and
Evaluation 10 Improvement
4.1 Understanding context
4.2 Interested parties
4.3 Scope
4.4 MS
5.1 Leadership and commitment (MS)
6.1 Actions to address risk and opportunity
6.2 Objectives and planning
7.1 Resources9.1 Monitoring, measurement, analysis and evaluation
10.1 Nonconformity and corrective action
10.2 Continual improvement5.2 Policy
5.3 Roles, responsibilities and authorities
7.3 Awareness
7.4 Communication
7.5 Documented information
7.2 Competence 9.2 Internal audit
9.3 Management review
8.1 Operational planning and control
Copyright © 2015 BSI. All rights reserved.
Identical Core Text
4 Context of the Organization
6 Planning
9 Performance Evaluation
5 Leadership
7 Support
10 Improvement
8 Operation
Copyright © 2015 BSI. All rights reserved.
4. Context of the organization
4.1 Understanding the organization and its context
Determine relevant external and internal issues that affect the ability to achieve the intended outcome(s)
Copyright © 2015 BSI. All rights reserved.
4.2 Understanding the needs and expectations of interested parties
Interested party Needs and expectations
Customers Quality, price and delivery performance of products
Owners/shareholders Sustained profitabilityTransparency
People in the organization Good work environmentJob securityRecognition and reward
Suppliers and partners Mutual benefits and continuity
Society Environmental protectionEthical behaviorCompliance with statutory and regulatory requirements
Source ISO 9004
Copyright © 2015 BSI. All rights reserved.
4.3 Determining the scope of the management system
Source: ISO 9001:2015Copyright © 2015 BSI. All rights reserved.
4.4 Management system
Establish, implement, maintain, and continually improve a management system, including the processes needed and their interactions, in accordance with the requirements of the International Standard
A “Process” can be defined as a “set of interrelated or interacting activities, which transforms inputs into outputs”Source: ISO/TC 176/SC 2/N 544R3
Interrelated or interacting elements of an organizationPolicies, Processes and Objectives
Copyright © 2015 BSI. All rights reserved.
5. Leadership
5.1 Leadership and commitmentHow top management* demonstrates leadership and commitment with respect to the management system
• Policy and objectives must be established compatible with the strategic direction of the organization
• How top management integrates the management system requirements into your organization’s business processes• Do they provide proper resources?
• Communicating the importance of effective management and of conforming to requirements
* person or group of people who directs and controls an organization (3.01) at the highest levelCopyright © 2015 BSI. All rights reserved.
5.1 Leadership and commitment
• How do they ensure the management system achieves its intended outcome(s)
• Top management must show how they direct and support persons to contribute to the effectiveness of the management system
• How do they promote continual improvement and support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility
Copyright © 2015 BSI. All rights reserved.
5.2 Policy
Top management must establish a documented policy:
• Appropriate to the purpose of the organization
• Set objectives
• Commitment to satisfy applicable requirements
• Commitment to continual improvement
Copyright © 2015 BSI. All rights reserved.
5.3 Organizational roles, responsibilities and authorities
Top management must show that they ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization
They must assign responsibility and authority for:• Ensuring that the management system conforms to the
requirements of the International Standard • Reporting on the performance of the management system to
top management
Copyright © 2015 BSI. All rights reserved.
6. Planning
6.1 Actions to address risks and opportunitiesLet’s discuss objectives first!
6.2 Objectives and planning to achieve them• Establish objectives at relevant functions and levels• Consistent with policy• Measureable• Consider applicable requirements• Monitored, communicated, updated• Determine resources, responsibilities, targets and how to
evaluate results
Copyright © 2015 BSI. All rights reserved.
6.1 Actions to address risks and opportunities
Consider the issues referred to in 4.1* and the requirements referred to in 4.2** and determine the risks and opportunities that need to be addressed to:
• Give assurance that the management system can achieve its intended outcome(s);• prevent, or reduce, undesired effects; (mitigate)• achieve continual improvement
*4.1 Understanding the organization and its context**4.2 Understanding the needs and expectations of interested parties
Copyright © 2015 BSI. All rights reserved.
Copyright © 2015 BSI. All rights reserved.
What is “risk-based thinking”?
• Risk-based thinking is something we all do automatically and often subconsciously
• The concept of risk has always been understood in ISO 9001 and not new to ISO 14001 – this revision makes it more explicit and builds it into the whole of the management process
• Risk-based thinking should already part of the process approach
• Risk-based thinking makes preventive action routine
The organization shall plan:• actions to address these risks and opportunities
How to:• integrate and implement the actions into its management
system processes• evaluate the effectiveness of these actions
6.1 Actions to address risks and opportunities
Copyright © 2015 BSI. All rights reserved.
7. Support
7.1 Resources• Provide proper resources needed7.2 Competence• Competent on the basis of appropriate education, training,
or experience, keep records and evaluate effectiveness7.3 Awareness• Policy, contribution and implications of not conforming7.4 Communication• Determine relevant the internal and external
communications; what, when, who and how Copyright © 2015 BSI. All rights reserved.
7.5 Documented information
7.5.1 General• Determine required documentation
7.5.2 Creating and updating• Identification, format and review
7.5.3 Control of documented information• Available and suitable for use, where and when it is
needed;• Protected, stored, controlled, change control, retention
control
Copyright © 2015 BSI. All rights reserved.
Source: ISO 9001:2015
“The organization’s quality management system shall include documented information required by the International Standard and determined by the organization as being necessary for the effectiveness of the quality management system.”
Documented information: Information required to be controlled and maintained by an organization and the medium on which it is contained.
Documented information can be in any format and media and from any source.
7.5 Documented Information
Copyright © 2015 BSI. All rights reserved.
8. Operation
8.1 Operational planning and control• Plan, implement and control the processes needed to meet
requirements, and to implement the actions determined in 6.1*
*6.1 Actions to address risks and opportunities
Copyright © 2015 BSI. All rights reserved.
9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation• What needs to be measured, methods, when (what intervals)
and when data should be analyzed and reported9.2 Internal audit• Conducted at planned intervals to ensure compliance with the
standard and internal requirements9.3 Management review• Review the organization's management system, at planned
intervals, to ensure its continuing suitability, adequacy and effectiveness
Copyright © 2015 BSI. All rights reserved.
10. Improvement
10.1 Nonconformity and corrective action• React to the nonconformity and, as applicable
• Take action to control it• Evaluate the need for action to eliminate the causes
in order that it does not recur or occur elsewhere• Retain documented evidence
10.2 Continual improvement• Continually improve the suitability, adequacy, and
effectiveness of the management system.Copyright © 2015 BSI. All rights reserved.
Copyright © 2015 BSI. All rights reserved.
What is the aim of ISO 9001?
Increase customer satisfaction through improved operational consistency and
continual improvement.
ISO 9001: Evolution
1979
BS 5750:1979
ISO adopts BS 5750 as the basis for ISO standard
ISO 9001:1994 – Minor updates only
ISO 9001:1987
1987 1994
ISO 9001:2000 – Major update to introduce process approach
ISO 9001:2008 – Minor updates only
2000 2008 2015
ISO 9001:2015 – Major update
1,138,155 Companies Certified – ISO 2014 Survey
Copyright © 2015 BSI. All rights reserved.
Copyright © 2015 BSI. All rights reserved.
So, what’s new?
19/10/2015
• Greater emphasis for senior managers to be involved in the management systemLeadership
• ‘Risk-based’ thinking incorporated into requirements Risk
• Relevant needs of interested parties is emphasizedContext of Organization
• Ensure quality management is now integrated and aligned with the strategic direction of the organization
Quality Importance
• Adoption of a process approachProcess Approach
• More flexible approachDocumented Information
Control of changes • Review and control changes for production or service
Quality Management Principles
Was 8: Now 7:Customer focus Customer focusLeadership LeadershipInvolvement of people Engagement of peopleProcess approach Process approachSystem approach to management (Included in the process approach)Continual improvement ImprovementFactual approach to decision making Evidence based decision making
Mutually beneficial supplier relationships Relationship management
Copyright © 2015 BSI. All rights reserved.
Copyright © 2015 BSI. All rights reserved.
Major differences in terminology between ISO 9001:2008 and ISO 9001:2015
19/10/2015
ISO 9001:2008 ISO 9001:2015
Products Products and Services
Exclusions Not used(See Clause A.5 for clarification of applicability)
Management Representative Not used
Documentation, quality manual, documented procedures, records
Documented Information
Work environment Environment for the operation of processes
Monitoring and measuring equipment Monitoring and measuring resources
Purchased product Externally provided products and services
Supplier External Provider
Copyright © 2015 BSI. All rights reserved.
Changes from FDIS
5.2.1 Developing the quality policy ChangeEstablishing the Quality Policy
replaces Developing the quality Policy
8.2.2 Determination of requirements related to products and services Change
Title changed to Determining the requirements for products and
services
8.2.3 Review of requirements related to the products and services Change
Title changed to Review the requirements for products and
services
Clause 5 Defines Leadership
• Set policy and objectives and strategic direction
• Policy is communicated, understood and applied within the organization
• Integration of the management system’s requirements into the organization’s business processes and promoting the process approach
• Provide resources needed for the management system are available
• Ensure management system achieves its intended results
• Take accountability of the effectiveness of the management system
• Communicate the importance of an effective management system and of conforming to the management system requirements
• Engage, direct and support persons to contribute to the effectiveness of the management system
• Promote continual improvement • Support other relevant management
roles to demonstrate their leadership as it applies to their areas of responsibility.
19/10/2015Copyright © 2015 BSI. All rights reserved.
Leadership and effecting culture change
19/10/2015
Leadership, the ability to motivate groups of people towards a common goal, is an important skill in today’s business world. Without strong leadership, many otherwise promising businesses fail.
Copyright © 2015 BSI. All rights reserved.
The Difference Between Leadership and Management
19/10/2015
• Management is mostly about processes. Leadership is mostly about behavior
• Leadership relies on less tangible and less measurable things like trust, inspiration, attitude, decision-making, and personal character. These are all necessary to motivate an organization to achieve its management systems objectives
Copyright © 2015 BSI. All rights reserved.
Top Management According to ISO
“Top management is the person or group of people who directs and controls an organization at the highest level.” Top management has the power to delegate authority and provide resources within the organization. If the scope of the management system covers only part of an organization, then top management refers to those who direct and control that part of the organization.
Copyright © 2015 BSI. All rights reserved.
Leadership and Policy
Leadership needs to establish, review and maintain a policy, but also needs to ensure that it is applied within the organization.
Copyright © 2015 BSI. All rights reserved.
Roles and Responsibilities
Leadership needs to ensure that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.
Copyright © 2015 BSI. All rights reserved.
Organizational Change
• Leaders need to ensure the integrity of the management system is maintained when changes are planned and implemented.
• Some of these tasks will be delegated, but it is the management’s responsibility to ensure they are planned, implemented and achieved.
Copyright © 2015 BSI. All rights reserved.
Breakout session Leadership and
Planning and Risk Based Thinking
Copyright © 2015 BSI. All rights reserved.
Leadership and Planning
19/10/2015
Implement the new requirements on Leadership and Planning• Pick an industry from your team• Define organizational objectives and plans to achieve them
referencing 6.2• Must be measurable• How will they be evaluated• Define resources needed
Copyright © 2015 BSI. All rights reserved.
Clause 5 Defines Leadership
• Set policy and objectives and strategic direction
• Policy is communicated, understood and applied within the organization
• Integration of the management system’s requirements into the organization’s business processes and promoting the process approach
• Provide resources needed for the management system are available
• Ensure management system achieves its intended results
• Take accountability of the effectiveness of the management system
• Communicate the importance of an effective management system and of conforming to the management system requirements
• Engage, direct and support persons to contribute to the effectiveness of the management system
• Promote continual improvement • Support other relevant management
roles to demonstrate their leadership as it applies to their areas of responsibility.
19/10/2015Copyright © 2015 BSI. All rights reserved.
6. Planning
6.1 Actions to address risks and opportunitiesLet’s discuss objectives first!
6.2 Objectives and planning to achieve them• Establish objectives at relevant functions and levels• Consistent with policy • Measureable• Consider applicable requirements• Monitored, communicated, updated• Determine resources, responsibilities, targets and how to
evaluate results
Copyright © 2015 BSI. All rights reserved.
Risk and Planning
19/10/2015
Implement the new requirements on Risk and Planning• Determine external and internal issues that are relevant to
your purpose and its strategic direction and that affect your ability to achieve the intended result(s) (Objectives) of your management system. (4.1)
• Apply risk based thinking to meet requirements under section 6.1 “Actions to address risks and opportunities”
• Pick Team Spokesperson• Present findings
Copyright © 2015 BSI. All rights reserved.
6.1 Actions to address risks and opportunities
Consider the issues referred to in 4.1* and the requirements referred to in 4.2** and determine the risks and opportunities that need to be addressed (6.1)to:
• give assurance that the management system can achieve its intended result(s);• prevent, or reduce, undesired effects; (mitigate)• achieve continual improvement
*4.1 Understanding the organization and its context**4.2 Understanding the needs and expectations of interested parties
Copyright © 2015 BSI. All rights reserved.
The organization shall plan:• actions to address these risks and opportunities
How to:• integrate and implement the actions into its management system
processes• evaluate the effectiveness of these actions
6.1 Actions to address risks and opportunities
Copyright © 2015 BSI. All rights reserved.
19/10/2015
Likelihood : 1 - 5 (where 1 is highly unlikely and 5 is definite)Impact : 1 - 5 (where 1 is minimal and 5 is business closure)Risk Rating = Likelihood X Impact
Risk LikelihoodTotal
Impact Risk Rating Mitigating Controls Additional Controls implemented Owner Final Risk Rating
Copyright © 2015 BSI. All rights reserved.
What are the main changes that may affect you?
• The increased role that leadership must play
• Decrease in the amount of documentation needed
• Risk management processes may need to be developed to determine the level and extent of control for internal and external (supply-chain) processes and services, if not already in place.
• Auditors and stakeholders will need to become familiar with the revised standards and so training may need to be considered
• No Longer a requirement for a Quality Manual
• No Longer a requirement for a Management Representative
• Change managementCopyright © 2015 BSI. All rights reserved.
Benefits
• Bringing Quality into the heart of our business
• Quality management will be integrated and aligned with our business strategies which will improve performance and drive real value
• Introduction of Risk & Opportunity Management
• Will help identify and manage risk more effectively and opportunities that contribute to bottom line improvements
• An Integrated Approach
• It will be easier to implement more than one management system providing a more holistic view leading to cost savings
• Leadership
• Greater involvement by our leadership team will ensure that we’ll all be motivated towards the organizations goals and objectives
Copyright © 2015 BSI. All rights reserved.
Copyright © 2015 BSI. All rights reserved. 19/10/2015
• ISO 9001:2015 & ISO 14001:2015 is available from your national standards body
• Associated standards could be useful
• ISO 9000 Quality Management Systems – Fundamentals and Vocabulary
• ISO 9004 Managing for the sustained success of an organization• ISO 10001 Quality management – customer satisfaction
– guidelines for codes of conduct• ISO 31000 Risk management – principles and guidelines
Buy the standard
Copyright © 2015 BSI. All rights reserved.
Training
• Start your training as soon as possible• This will help embed the knowledge
19/10/2015
Senior management
briefing
Auditor training
Implementing training
Transition training
Deep dive training
19/10/2015
Transition CourseRisk Based
Thinking
Annex SL Lead Auditor
Copyright © 2015 BSI. All rights reserved.
What you need to do
• Set up a project team to manage the changes
• Communicate the project across the whole organization
• Create an implementation plan and monitor progress
• Take a fresh look at your QMS/EMS
• Highlight the changes as opportunities for improvement
• Make changes to your documentation to reflect the new structure (as necessary)
• Implement the new requirements on leadership, risk and context of the organization
• Review the effectiveness of your current control set
• Carry out an impact assessment
08/12/2015
Thank You!
Address: BSI Group America Inc.
12950 Worldgate Drive, Suite 800
Herndon, VA 20170
Email John DiMaria – [email protected] Office Telephone: 1-800-862-4977
Fax: 703-437-9001
Email: [email protected]
Links: http://www.bsiamerica.comCopyright © 2014 BSI. All rights reserved.