asq buffalo roadshow rise above the revison maze … is09001-2015.pdf · sr. product manager,...

Implementing ISO9001:2015

Copyright © 2015 BSI. All rights reserved.

John DiMaria; CSSBB, HISP, MHISP, AMBCISr. Product Manager, Systems Certification - Americas

• Understanding the New Direction of Standards

• Navigating the ten clauses Annex SL/Directive 1

• Key changes that are expected for ISO 9001

• Breakout sessions I – Leadership and Planning

• Breakout sessions II – Risk and Planning

• Discussion and closing


Understanding the New Direction of Standards

Navigating the ten clauses Annex SLThe New High Level Structure (HLS)

19/10/2015Copyright © 2015 BSI. All rights reserved.


• Easier integration of multiple standards, using a common foundation and common language

• Increase involvement of Top Management

• Decrease the emphasis on Documentation

• Increase the emphasis on Achieving Value for the Organization and its customers

• Increase emphasis on Risk Management to achieve objectives

Reasons For The Changes


Annex SL

Annex SL

ISO 9001Quality management

system

ISO 14001Environmental

management system

ISO 45001Health & safety

ISO 22301Business continuity

management

ISO/IEC 27001Information security

TS 16949 Automotive


ANNEX SL (HLS)

• Annex SL • high level structure, • identical core text, • common terms and core definitions.

ISMS specific requirementsISMS specific requirements

EMS specific requirementsEMS specific requirements

QMS specific requirementsQMS specific requirements

BCMS specific requirementsBCMS specific requirements

Annex SLHigh level structure, identical core text, common terms and core definitions

Annex SLHigh level structure, identical core text, common terms and core definitions

Ten clauses of the new Annex SL –Directive 1 for ISO Management Systems

19/10/2015

• Annex SL describes the framework for a generic management system. However, it requires the addition of discipline-specific requirements to make a fully functional quality, environmental, service management, food safety, business continuity, information security and energy management system standard

• ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014

• High level structure, identical core text, common terms and core definitions – 10 Main Clauses


Directive 1 – 10 Clauses

19/10/2015

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organization

5. Leadership

6. Planning

7. Support

8. Operation

9. Performance evaluation

10. Improvement

Implement Once, Comply Many

High Level Structure4 Context of organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance and

Evaluation 10 Improvement

4.1 Understanding context

4.2 Interested parties

4.3 Scope

4.4 MS

5.1 Leadership and commitment (MS)

6.1 Actions to address risk and opportunity

6.2 Objectives and planning

7.1 Resources9.1 Monitoring, measurement, analysis and evaluation

10.1 Nonconformity and corrective action

10.2 Continual improvement5.2 Policy

5.3 Roles, responsibilities and authorities

7.3 Awareness

7.4 Communication

7.5 Documented information

7.2 Competence 9.2 Internal audit

9.3 Management review

8.1 Operational planning and control


Identical Core Text

4 Context of the Organization

6 Planning

9 Performance Evaluation

5 Leadership

7 Support

10 Improvement

8 Operation


4. Context of the organization

4.1 Understanding the organization and its context

Determine relevant external and internal issues that affect the ability to achieve the intended outcome(s)


4.2 Understanding the needs and expectations of interested parties

Interested party Needs and expectations

Customers Quality, price and delivery performance of products

Owners/shareholders Sustained profitabilityTransparency

People in the organization Good work environmentJob securityRecognition and reward

Suppliers and partners Mutual benefits and continuity

Society Environmental protectionEthical behaviorCompliance with statutory and regulatory requirements

Source ISO 9004


4.3 Determining the scope of the management system

Source: ISO 9001:2015Copyright © 2015 BSI. All rights reserved.

4.4 Management system

Establish, implement, maintain, and continually improve a management system, including the processes needed and their interactions, in accordance with the requirements of the International Standard

A “Process” can be defined as a “set of interrelated or interacting activities, which transforms inputs into outputs”Source: ISO/TC 176/SC 2/N 544R3

Interrelated or interacting elements of an organizationPolicies, Processes and Objectives


5. Leadership

5.1 Leadership and commitmentHow top management* demonstrates leadership and commitment with respect to the management system

• Policy and objectives must be established compatible with the strategic direction of the organization

• How top management integrates the management system requirements into your organization’s business processes• Do they provide proper resources?

• Communicating the importance of effective management and of conforming to requirements

* person or group of people who directs and controls an organization (3.01) at the highest levelCopyright © 2015 BSI. All rights reserved.

5.1 Leadership and commitment

• How do they ensure the management system achieves its intended outcome(s)

• Top management must show how they direct and support persons to contribute to the effectiveness of the management system

• How do they promote continual improvement and support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility


5.2 Policy

Top management must establish a documented policy:

• Appropriate to the purpose of the organization

• Set objectives

• Commitment to satisfy applicable requirements

• Commitment to continual improvement


5.3 Organizational roles, responsibilities and authorities

Top management must show that they ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization

They must assign responsibility and authority for:• Ensuring that the management system conforms to the

requirements of the International Standard • Reporting on the performance of the management system to

top management


6. Planning

6.1 Actions to address risks and opportunitiesLet’s discuss objectives first!

6.2 Objectives and planning to achieve them• Establish objectives at relevant functions and levels• Consistent with policy• Measureable• Consider applicable requirements• Monitored, communicated, updated• Determine resources, responsibilities, targets and how to

evaluate results


6.1 Actions to address risks and opportunities

Consider the issues referred to in 4.1* and the requirements referred to in 4.2** and determine the risks and opportunities that need to be addressed to:

• Give assurance that the management system can achieve its intended outcome(s);• prevent, or reduce, undesired effects; (mitigate)• achieve continual improvement

*4.1 Understanding the organization and its context**4.2 Understanding the needs and expectations of interested parties



What is “risk-based thinking”?

• Risk-based thinking is something we all do automatically and often subconsciously

• The concept of risk has always been understood in ISO 9001 and not new to ISO 14001 – this revision makes it more explicit and builds it into the whole of the management process

• Risk-based thinking should already part of the process approach

• Risk-based thinking makes preventive action routine

The organization shall plan:• actions to address these risks and opportunities

How to:• integrate and implement the actions into its management

system processes• evaluate the effectiveness of these actions



7. Support

7.1 Resources• Provide proper resources needed7.2 Competence• Competent on the basis of appropriate education, training,

or experience, keep records and evaluate effectiveness7.3 Awareness• Policy, contribution and implications of not conforming7.4 Communication• Determine relevant the internal and external

communications; what, when, who and how Copyright © 2015 BSI. All rights reserved.

7.5 Documented information

7.5.1 General• Determine required documentation

7.5.2 Creating and updating• Identification, format and review

7.5.3 Control of documented information• Available and suitable for use, where and when it is

needed;• Protected, stored, controlled, change control, retention

control


Source: ISO 9001:2015

“The organization’s quality management system shall include documented information required by the International Standard and determined by the organization as being necessary for the effectiveness of the quality management system.”

Documented information: Information required to be controlled and maintained by an organization and the medium on which it is contained.

Documented information can be in any format and media and from any source.

7.5 Documented Information


8. Operation

8.1 Operational planning and control• Plan, implement and control the processes needed to meet

requirements, and to implement the actions determined in 6.1*

*6.1 Actions to address risks and opportunities


9. Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation• What needs to be measured, methods, when (what intervals)

and when data should be analyzed and reported9.2 Internal audit• Conducted at planned intervals to ensure compliance with the

standard and internal requirements9.3 Management review• Review the organization's management system, at planned

intervals, to ensure its continuing suitability, adequacy and effectiveness


10. Improvement

10.1 Nonconformity and corrective action• React to the nonconformity and, as applicable

• Take action to control it• Evaluate the need for action to eliminate the causes

in order that it does not recur or occur elsewhere• Retain documented evidence

10.2 Continual improvement• Continually improve the suitability, adequacy, and

effectiveness of the management system.Copyright © 2015 BSI. All rights reserved.

19/10/2015

ISO 9001: 2015 Understanding the Revision



What is the aim of ISO 9001?

Increase customer satisfaction through improved operational consistency and

continual improvement.

ISO 9001: Evolution

1979

BS 5750:1979

ISO adopts BS 5750 as the basis for ISO standard

ISO 9001:1994 – Minor updates only

ISO 9001:1987

1987 1994

ISO 9001:2000 – Major update to introduce process approach

ISO 9001:2008 – Minor updates only

2000 2008 2015

ISO 9001:2015 – Major update

1,138,155 Companies Certified – ISO 2014 Survey



So, what’s new?

19/10/2015

• Greater emphasis for senior managers to be involved in the management systemLeadership

• ‘Risk-based’ thinking incorporated into requirements Risk

• Relevant needs of interested parties is emphasizedContext of Organization

• Ensure quality management is now integrated and aligned with the strategic direction of the organization

Quality Importance

• Adoption of a process approachProcess Approach

• More flexible approachDocumented Information

Control of changes • Review and control changes for production or service

Quality Management Principles

Was 8: Now 7:Customer focus Customer focusLeadership LeadershipInvolvement of people Engagement of peopleProcess approach Process approachSystem approach to management (Included in the process approach)Continual improvement ImprovementFactual approach to decision making Evidence based decision making

Mutually beneficial supplier relationships Relationship management



Major differences in terminology between ISO 9001:2008 and ISO 9001:2015

19/10/2015

ISO 9001:2008 ISO 9001:2015

Products Products and Services

Exclusions Not used(See Clause A.5 for clarification of applicability)

Management Representative Not used

Documentation, quality manual, documented procedures, records

Documented Information

Work environment Environment for the operation of processes

Monitoring and measuring equipment Monitoring and measuring resources

Purchased product Externally provided products and services

Supplier External Provider


Changes from FDIS

5.2.1 Developing the quality policy ChangeEstablishing the Quality Policy

replaces Developing the quality Policy

8.2.2 Determination of requirements related to products and services Change

Title changed to Determining the requirements for products and

services

8.2.3 Review of requirements related to the products and services Change

Title changed to Review the requirements for products and

services

PLAN DO CHECK ACT


Benefits

ISO 9001

Benefits of Certification


Leadership and effecting culture change


Clause 5 Defines Leadership

• Set policy and objectives and strategic direction

• Policy is communicated, understood and applied within the organization

• Integration of the management system’s requirements into the organization’s business processes and promoting the process approach

• Provide resources needed for the management system are available

• Ensure management system achieves its intended results

• Take accountability of the effectiveness of the management system

• Communicate the importance of an effective management system and of conforming to the management system requirements

• Engage, direct and support persons to contribute to the effectiveness of the management system

• Promote continual improvement • Support other relevant management

roles to demonstrate their leadership as it applies to their areas of responsibility.


Leadership and effecting culture change

19/10/2015

Leadership, the ability to motivate groups of people towards a common goal, is an important skill in today’s business world. Without strong leadership, many otherwise promising businesses fail.


The Difference Between Leadership and Management

19/10/2015

• Management is mostly about processes. Leadership is mostly about behavior

• Leadership relies on less tangible and less measurable things like trust, inspiration, attitude, decision-making, and personal character. These are all necessary to motivate an organization to achieve its management systems objectives


Top Management According to ISO

“Top management is the person or group of people who directs and controls an organization at the highest level.” Top management has the power to delegate authority and provide resources within the organization. If the scope of the management system covers only part of an organization, then top management refers to those who direct and control that part of the organization.


Leadership and Policy

Leadership needs to establish, review and maintain a policy, but also needs to ensure that it is applied within the organization.


Roles and Responsibilities

Leadership needs to ensure that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.


Organizational Change

• Leaders need to ensure the integrity of the management system is maintained when changes are planned and implemented.

• Some of these tasks will be delegated, but it is the management’s responsibility to ensure they are planned, implemented and achieved.


Breakout session Leadership and

Planning and Risk Based Thinking


Leadership and Planning

19/10/2015

Implement the new requirements on Leadership and Planning• Pick an industry from your team• Define organizational objectives and plans to achieve them

referencing 6.2• Must be measurable• How will they be evaluated• Define resources needed


Clause 5 Defines Leadership

• Set policy and objectives and strategic direction

• Policy is communicated, understood and applied within the organization

• Integration of the management system’s requirements into the organization’s business processes and promoting the process approach

• Provide resources needed for the management system are available

• Ensure management system achieves its intended results

• Take accountability of the effectiveness of the management system

• Communicate the importance of an effective management system and of conforming to the management system requirements

• Engage, direct and support persons to contribute to the effectiveness of the management system

• Promote continual improvement • Support other relevant management

roles to demonstrate their leadership as it applies to their areas of responsibility.


6. Planning

6.1 Actions to address risks and opportunitiesLet’s discuss objectives first!

6.2 Objectives and planning to achieve them• Establish objectives at relevant functions and levels• Consistent with policy • Measureable• Consider applicable requirements• Monitored, communicated, updated• Determine resources, responsibilities, targets and how to

evaluate results


Risk and Planning

19/10/2015

Implement the new requirements on Risk and Planning• Determine external and internal issues that are relevant to

your purpose and its strategic direction and that affect your ability to achieve the intended result(s) (Objectives) of your management system. (4.1)

• Apply risk based thinking to meet requirements under section 6.1 “Actions to address risks and opportunities”

• Pick Team Spokesperson• Present findings



Consider the issues referred to in 4.1* and the requirements referred to in 4.2** and determine the risks and opportunities that need to be addressed (6.1)to:

• give assurance that the management system can achieve its intended result(s);• prevent, or reduce, undesired effects; (mitigate)• achieve continual improvement

*4.1 Understanding the organization and its context**4.2 Understanding the needs and expectations of interested parties


The organization shall plan:• actions to address these risks and opportunities

How to:• integrate and implement the actions into its management system

processes• evaluate the effectiveness of these actions



19/10/2015

Likelihood : 1 - 5 (where 1 is highly unlikely and 5 is definite)Impact : 1 - 5 (where 1 is minimal and 5 is business closure)Risk Rating = Likelihood X Impact

Risk LikelihoodTotal

Impact Risk Rating Mitigating Controls Additional Controls implemented Owner Final Risk Rating


Conclusions –Feedback


What are the main changes that may affect you?

• The increased role that leadership must play

• Decrease in the amount of documentation needed

• Risk management processes may need to be developed to determine the level and extent of control for internal and external (supply-chain) processes and services, if not already in place.

• Auditors and stakeholders will need to become familiar with the revised standards and so training may need to be considered

• No Longer a requirement for a Quality Manual

• No Longer a requirement for a Management Representative

• Change managementCopyright © 2015 BSI. All rights reserved.

Benefits

• Bringing Quality into the heart of our business

• Quality management will be integrated and aligned with our business strategies which will improve performance and drive real value

• Introduction of Risk & Opportunity Management

• Will help identify and manage risk more effectively and opportunities that contribute to bottom line improvements

• An Integrated Approach

• It will be easier to implement more than one management system providing a more holistic view leading to cost savings

• Leadership

• Greater involvement by our leadership team will ensure that we’ll all be motivated towards the organizations goals and objectives


Copyright © 2015 BSI. All rights reserved. 19/10/2015

• ISO 9001:2015 & ISO 14001:2015 is available from your national standards body

• Associated standards could be useful

• ISO 9000 Quality Management Systems – Fundamentals and Vocabulary

• ISO 9004 Managing for the sustained success of an organization• ISO 10001 Quality management – customer satisfaction

– guidelines for codes of conduct• ISO 31000 Risk management – principles and guidelines

Buy the standard


Training

• Start your training as soon as possible• This will help embed the knowledge

19/10/2015

Senior management

briefing

Auditor training

Implementing training

Transition training

Deep dive training

19/10/2015

Transition CourseRisk Based

Thinking

Annex SL Lead Auditor


What you need to do

• Set up a project team to manage the changes

• Communicate the project across the whole organization

• Create an implementation plan and monitor progress

• Take a fresh look at your QMS/EMS

• Highlight the changes as opportunities for improvement

• Make changes to your documentation to reflect the new structure (as necessary)

• Implement the new requirements on leadership, risk and context of the organization

• Review the effectiveness of your current control set

• Carry out an impact assessment

08/12/2015

Thank You!

Address: BSI Group America Inc.

12950 Worldgate Drive, Suite 800

Herndon, VA 20170

Email John DiMaria – [email protected] Office Telephone: 1-800-862-4977

Fax: 703-437-9001

Email: [email protected]

Links: http://www.bsiamerica.comCopyright © 2014 BSI. All rights reserved.

asq buffalo roadshow rise above the revison maze … is09001-2015.pdf · sr. product manager,...

Documents