insight into the new

Insight into the new ISO 9001:2015

Prepared by:- Anupam Ray

Key perspectives

ISO 9001 needs to change, to: • adapt to a changing world • reflect the increasingly complex environments in which

organizations operate• provide a consistent foundation for the future• reflect the increasingly complex environments in which

organizations operate• ensure the new standard reflects the needs of all relevant

interested parties • Ensure alignment with other management system standards

Key feature changes

10-clause structure and core text for all Management System Standards (MSS)

More compatible with services and non-manufacturing users Clearer understanding of the organization’s context is required “one

size doesn’t fit all” Process approach strengthened/more explicit Concept of preventive action now addressed throughout the standard

by risk identification and mitigation The term documented information replaces the terms document and

record Control of externally provided products and services replaces

purchasing/outsourcing Increased emphasis on seeking opportunities for improvement

Module 1

Some common myths, truth and lies about ISO 9002:2015

Myth , Truth or Lie ??

• Myth• Truth• Lie

ISO means “International Sightseeing Organization ” Myth, Truth Lie ??


LIE !!!

• “ISO” = International Organization for Standardization

• Confederation of National Standards Bodies Based in Geneva

• BIS is the National Standards Body for India• ANSI is the National Standards Body for USA• BSI is National Standards Body for UK• etc

ISO 9001:2005 will revolutionize quality management- Myth, Truth, Lie

??

Making revolutionary Changes•Myth

•Truth

•Lie

Myth !!

ISO 9001- evolution, not revolution !• ISO 9001:1987/1994

• Prescriptive: clause - by – clause• ISO 9001:2000/2008

• Process approach less documentation• ISO 9001:2015

• Performance- based• Process + Risk based thinking+ PDCA

• Forecast life span till 2030 !!

ISO has a portfolio of almost 20,000 standards- Myth, Truth or Lie ??


Truth !!

Collections of 19,777 ISO standards

165 national members98% of world GNI

97% or world population

229 active TC’s/ PC’s3483 technical bodies

4518 documents under development

• 138 FTE

ISO’s standards are written by a bunch of bureaucrats in Geneva-Myth, Truth or Lie

??


Lie !

• Standards development work is done by Technical committees comprising expert nominated by the national standards body of liaison organization.

• “TC1” was the first Technical Committee (1948)Standardization of screw threads

• “TC 176”= Technical committee Number 176 for Management and Quality Assurance.

• TC 176/SC2 is the subcommittee responsible for ISO 9001 9004 standards, among others

• 80 countries voted on ISO 9001:2015, 75 vote in favor and 5 negative vote

ISO 9001 is ISO’s biggest selling standard of all time- Myth, Truth or Lie ??


TRUTH !!

• ISO 9001 is the top of the list !• Others in the “top 10” include:

• ISO 14001( Environmental Management)• ISO 9000 ( Quality Fundamentals & Vocabulary)

• ISO 9004 ( Using QMS for Sustained Success)• ISO/IEC 17025 ( Laboratory requirements )

• ISO/IEC 27001 ( Information Security)• ISO 19011 (Auditing management systems)

In Order to use ISO standards, you have to become certified- Myth,

Truth or Lie ??

• Myth • Truth• Lie

LIE ??

ISO Mission:-ISO develops high quality voluntary International

Standards which facilitate international exchange of goods and services, support

sustainable and equitable economic growth, promote innovation and protect health, safety

and the environment

ISO/TC176/SC2 Mission • To devolve, maintain and support a portfolio of

products that enable organization to improve their performance and benefits from the implementation of robust quality management system

• To establish generic quality management system requirement that provides the foundation to build confident in goods and services delivered throughout the supply chain to organization and people world wide

• To provide guide and support where needed, to ensure the continued credibility of our products

ISO 9001

• “Specifies quality management system” requirement for organization to:

• Demonstrate its ability to consistently provide product and services that meets customer and applicable regulatory requirement

• Enhance customer satisfaction…..

An organization that demonstrate it is meeting these requirements can than chose to be “ÏSO 9001 certified” by an

independent certification body.

ISO 9001 has an important role to play in sustainable development-

Myth, Truth or Lie ??


Truth !

• ISO/TC176/SC2 Vision

“SC2 is products” are recognized and respected worldwide, and used by organizations as an integral component of sustainable development.

DEAMING OF A SUSTAINABLE FUTURE !

.

Environmentalintegrity

Social responsibly

Economic growth

SustainableDevelopment

…….BUT SIMPLY DREAMING IS NOT ENOUGH !!!

• Dr. W. Edwards Deming“How could there be life without aims and hopes ?

Everyone has aims, hopes plans. But a goal that lies beyond the means of accomplishment will lead

to discouragement, frustration, demoralization

In other words, there must be a method to achieve an aim…. BY WHAT METHOD ??”

“The Method”….• Management system• “Set of interrelated or interacting elements of an organization to establish

policy and objective and to achieve those objectives”( ISO 9000:2015 definition)

In other words…… RESULTS FOCUSED.

• ISO 9001- “Consistent conforming products”• ISO 14001- “Prevention of pollution”• ISO 45001- “Safe working conditions”• ISO 50001- ”Efficient energy usage”• ISO 22000- “Safe food”• Etc

ISO 9001 promotes documentation and inhabits innovation- Myth, truth

or lie??


Myth !

“Management system”A “documented system”- NOT a “ system of documents”IMPORTANT:• System should not be “carved in stone”• Should allow flexibility and agility

• To seize opportunities as they arise• Adapt to the risk posed by the ever-changing business context

ISO 9001:2015 has abandoned the “Process approach”-Myth, truth

or lie ??


Lie !

3 Core concept for ISO 9001:2015….• Identify the processes needed to achieve the

planed results• Continually monitor the risks (“Risk-based

thinking”) • Understanding “cause and effect”

• Manage the processes and the system using “PDCA”

PDCA

.

ActHow to

improve next time?

PlanWhat to doHow to do

Generic Process“How to carry out Process”-Documented or not

Extent of planning depends on RISK

Interrelated Activities

INPUTSDESIRED OUTPUT

PRODUCT

CUSTOMER(Internal or External

Other interested parties•Effect on Product conformance

•Environmental Aspects/Impacts•Health and safety Risk•Social Implications•Energy usage etc

UNDESIRED OUTPUT(“WASTE/POLLUTION”)

MONITOR/ MEASURE ( also depend on risk)

Generic Process

P

D

C

AInterrelated

ActivitiesINPUT

DESIREDOUTPUT CUSTOMER

(Internal or External)PRODUCT

•Effect on Product conformance•Environmental Aspects/Impacts•Health and safety Risk•Social Implications•Energy usage etc

MONITOR/ MEASURE ( also depend on risk)

Other interested parties

How to carry out Process”-Documented or notExtent of planning depends on RISK

System of Processes

A P

DC

A P

DC

A P

DC

A P

DC

A P

DC

EXTERNAL

CUTOMER

EXTERNAL

CUTOMER

Interaction of Improvement of many PDCA cycle

ISO 9001 does not guarantee business excellence- Myth, truth lie ??


Truth…. The Quality Journey

No thoughtsOf quality

DisjointedQualityinitiative

ISO 9001

ISO 9004

BUSINESS EXECELLENCEMODELES

Increasing QMS Maturity

Scientific and Technicalexcellence

Use of Appropriate qualityTool and methodology

Different Perspective

ISO 9004

ISO 9001

ISO 9004 perspective:confidence in the organization

ISO 9001 perspective :Confidence in the organization products

ISO 9004

• Provide “Guideline” for achieving sustained (Long-term) success using the Quality management system.

• Focus on efficiency. includes topics such as:• Financial resources and results

• Use of natural resources• Competence and motivation

• Allow for self-assessments ( Maturity model)• Not for certification• Work on new revision begins Nov 2015

Every management system standards is written in a different way- Myth, truth

or lie ??


Currently true:Becoming Lie !

.

ISO 14064

TL 9000

ISO 5001

ISO 14001

ISO 14004

ISO 14006

As 9100

ISO27001

ISO/TS 16949

Energy management

EMS Requirement

EMS Guideline

EMSGreenhouse

gas

EMS Guideline

Eco system

ISO 9001

ISO 18001

ISO 20121

ISO 3100ISO 22000

Telecom

QMS

Food safety

Automobile

IT Security

Aerospace

Risk Management

sustainable event

management

OHSAS

Alignment of Management system standards !

• ISO Joint Technical Coordination Group (“JTCG”)• Joint vision for management system standards• High level structure for all ISO management system

standards• Identical sub clause titles under the high level structure• Generic core vocabulary for management system standards• Aim is to make life easier for those who wish to

have a “Single management system”

ISO Directives “Annex SL”

• Incorporates the recommendation of the JTCG work

• Defines the common structure and format for all new ISO management system standards and revision to existing standards

• Common text ( approx 30% or more of each standard will be identical text)

• Significant impact on revisions of ISO 9001 and ISO 14001

“Annex SL” High Level Structure1. Scope2. Normative references3. Term and definitions4. Context of the organization• Understanding the organization and its

context• Need and expectation of interested parties• Determining the scope• Management system

5. Leadership• Leadership and commitment• Policy• Role responsibilities6. Planning• Action to address risks & opportunities• Objective and plans to achieve them7. Support

• Resources• Competence• Awareness• Communication• Documented information8. Operation• Operational planning and control9. Performance Evaluation• Monitoring, measurement, analysis &

evaluation• Internal audit• Management review10. Improvement • Non conformity and corrective action• Continual improvement

ISO

/TC

176/

SC 2

/ N

1282

42

The common structure and ISO 9001:2015 additions

4 Context of organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance

Evaluation 10 Improvement

4.1 Understanding context

4.2 Interested parties

4.3 Scope

4.4 QMS

5.1 Leadership and commitment

6.1 Risks and opportunities

6.2 Planning

7.1 Resources

9.1 Monitoring, measurement, analysis and evaluation

10.1 General

10.3 Continual improvement

7.3 Awareness

7.4 Communication

7.5 Documented information

7.2 Competence 9.2

Internal audit

9.3 Management review

8.1 Operational planning and control

5.2 Policy

5.3 Organizational roles, responsibilities and authorities

10.2 Nonconformity and corrective action

ISO

/TC

176/

SC 2

/ N

1282

43

8.1 Operational planning and control

8.3.6 Design and development changes

8.5.3 Property belonging to customers or external providers

8.5 Production and service provision

8.5.1 Control of production and service provision

8.5.2 Identification and traceability

8.5.6 Control of changes

8.7 Control of nonconforming process outputs

8.5.4 Preservation

8.5.5 Post-delivery activities

8.6 Release of products and services

8.2 Requirements for products and services

8.2.1 Customer communication

8.2.2 Determination of requirements related to products and services

8.2.3 Review of requirements related to products and services

8.3 Design and development of products and services

8.4 Control of externally provided processes, products and services

8.4.1 General

8.4.2 Type and extent of control

8.4.3 Information for external providers

8.3.1 General

8.3.2 Design and development planning

8.3.3 Design and development Inputs

8.3.4 Design and development controls

8.3.5 Design and development outputs

4 Context of

organization

5 Leadership

6 Planning

7 Support

8 Operation

9 Performance and

Evaluation

10 Improvement

8.2.4 Changes to requirements for products and services

New ”Matrix” structure of Management System Standards

Core structure format and text ( “Annex SL)”

++Quality (ISO 9001) Environmental (ISO 14001) HSMS (ISO 45001) etc

Oil & GasTelecomAerospaceAutomobile etc

+

Vodafone etcAirtel Honda

ISO 9001 : 2015 is based on 7 Quality Management Principles-

Myth, Truth or Lie ??


Truth !!

• 7 ( Yes, now only SEVEN !!) “Quality Management Principles”

• Customer focus• Leadership• Engagement of people• Process approach• Improvement• Evidence-based decision making• Relationship Management

Details in ISO 9001:2015and free Boucher on ISO website

Industry sectors are abandoning ISO 9001 and will “decouple” their

standards- Myth, Truth or Lie


Lie !!

• All the major sectors are adapting their own standards to align with ISO 9001:2015

• Telecom (TL-9000)• Aerospace (AS-9100)• Automobile (TS-16949)

ISO 9001:2015 gives organizations a lot more flexibility about how to

implement their QMS- Myth, Truth or Lie ??


Truth !!

Some examples• No specific requirement for “Quality manual”• No specific documented procedure• Context of the organization• What are the internal and external factors that affect the organization ability to achieve

planned results• Every organization is different

• Identification of “Interested parties”• Relevant needs and expectation of relevant interested parties.• Customer continue to be the primary ( but not the only) interested party

• Action to address risks and opportunity• Not all processes have the same impact• Don’t all need the same level of planning and control

Organization will need to THINK more !!

ISO 9001:2015 no Longer requires preventive action-Myth, Truth or Lie??


Myth !!

• ISO 9001:2015 no longer require uses of term “Preventive action” and there is no longer a separate clause in the standard.

BUTThe concept still remains, and is actually

reinforced throughout the standard ( by addressing “RISK”)

Chang in FocusOld (Wrong !!)• “A” in the “PDCA” cycle

• Correction• Corrective action• Preventive action

New ( Correct !!)• “P” of the “PDCA” cycle:

• Risk identification and treatment/Mitigation ( Prevention)• “A” of the “PDCA” cycle:

• Containment• Correction

• Corrective action 9 to prevent recurrence)• Improvement ( includes Kaizen, but also breakthrough improvements innovation

etc.)

ISO 9001:2015 will require organizations to conduct formal risk

assessment-Myth, Truth or Lie ??


Myth !!

ISO 9001:2015 Annex A4 explains…..“Although Clause 6.1 specifies that the organization

shall plan actions to address risks , there is no requirement for formal methods for risk management or a documented risk management process”

Organizations can decide whether or not to develop a more extensive risk management methodology than is required by ISO 9001:2015, e.g. Through the application of other guidance or standards”

ISO is preparing guidance on the implementation of ISO 9001:2015-

Myth, Truth or LIE??


Truth !!• ISO 9001 Annex A provides clarification of new

structure, terminology and concept for ISO 9001:2015.• Work is underway to develop generic implementation

guidance for ISO 9001:2015• Numbered as ISO/TS 9002• DTS ( Draft Technical Specification ) due out soon

• ISO/TC 176 “Small Business Handbook” is also being updated/

• Plus a lot of free guidance on the ISO website www.iso.org

http://www.iso.org/

Module 2

A “ walk – through some of the changes introduced in ISO 9001:2015”

Annex A

• Clarification of new structure, terminology and concepts for ISO 9001:2015

• There is a lot of good , useful guidance and explanations in Annex A

• Many examples of what ISO 9001:2015 does not require

• I recommend to start here !!

Beneficial changes to ISO 9001

• Enhanced leadership involvement in the management system

• Risk-based thinking

• Simplified language, common structure and terms

• Aligning QMS policy and objectives with the strategy of the organization

Potential benefits to the user

• Focus on achieving planned results• Flexibility for documented information• Improved risk control• Better process control leading to improved results• Improved customer satisfaction• Customer retention and loyalty• Improved image and reputation• Greater credibility

Key benefits of thecommon clause structure

A new common format has been developed

• All ISO management systems standards will look the same with the same structure (some deviations)

More efficient to address multiple management system requirements

• Provides the option of integrating management systems

• Standardized core definitions

A “sneaky” word in ISO 9001:2015 –“DETERMINE”

• Determine ”Establish or find out with certainty by research examination or calculation”

• ISODTS 9002:• Based on what is to be determined and the completely critically or inherent risk , the result

may need to be maintained or retained as documented information• It is the option of the organization to determine when documented information is needed

unless a specific documented information requirement is identified in ISO 9001(… or other relevant standards)

• Auditors need to take care not be OBLIGE organization to keep recorded, there may be other ways of obtaining objective evidence

• Remember- it is the organization’s responsibly to provide objective evidence of conformity • Objective evidence- “Data supporting the existence or verity of something ”

(ISO 9001:2015)• Note 1: Objective evidence can be obtained by observation, measurement, test or other

means • Note 2: Objective evidence for the purpose of audit generally consist of records, statements

of facts or other information which are relevant to the audit criteria verified

4.1“Understanding the organization and its context”

• Organization shall:• Determine external and internal issues that are relevant to

purpose and strategic direction and that affect ability to achieve the intended result(s) of QMS.

• Monitor and review the information about these internal and external issues.

“Context of the organization”

• External context includes*• Cultural, Social, Political ,Legal, regulatory, financial ,Technological,

Economic ,natural and competitive , environmental, Whether, international ,national ,regional or local

• Relationships with ,and perceptions/values of external stockholders

• Internal context includes*• Corporate culture • Governance ,organizational structure ,roles and accountability :• Policies ,objectives and strategies• Resources (Capital time ,people processes , system, technologies):• Information system ,information flow and decision-making processes (both

formal and informal)

*(Taken from ISO 31000)

4.2“Understanding the needs and expectation of interested parties”

• The Organization shall:• Determine the interested parties that are relevant to the QMS.• Determine the related requirement of these interested parties that are

relevant to the QMS.• Monitor and review the information about these interested parties and

their relevant requirements

• ISO 9001:2015focuses attention on those interested parties that can impact the organization’s ability consistently provide conforming products and services

(no significant change for FDIS)

4.3 Determining the scope of the QMS

The organization shall determine the boundaries and applicability of the QMS to establish its scopeMust consider • The external and internal issues referred to in 4.1• The requirement referred to in 4.1• Products and services provided

ISO 9001:2015 includes comments that:• All requirements are applicable • If a requirement can not be applies, it must • Not affected the ability to provide conforming products

• Be justified

4.4 Quality management system and its processes

“Establish implement ,maintain and continually improve the QMS , including the processes needed and their interactions, In accordance with the requirements of this standard”

( This is key to maintaining the “process approach ”Which will now be embedded in ALL ISO management system standards)Plus a “ beefed–up” version of current clause 4.1 of ISO 9001:2008, with new requirement as follow:

4.4 QMS and its processes (contd..)

Organization shall determine:• Input required and output expected from the QMS

processes:• Criteria ,methods, including monitoring,

measurements and related performance indicators;• Assignment of the responsibilities and authorities for

processes ;• Address risks and opportunities

5.1 Leadership and commitment • Top managements shall demonstrate leadership and commitment with

respect to the quality management system by • Taking accountability for effectiveness of the QMS• Ensuring policy and objectives are compatible with strategic direction • Ensuring quality policy is communicated , understood and applied.• Ensuring integration of the QMS requirement in to business processes• Promoting awareness of the process approach and risk based thinking );• Communicating importance of effective quality management ;• Ensuring that the system achieve its intended result • Engaging direction and supporting person • Promoting continual improvement • Supporting other relevant management roles

5.2 Customer Focus

Top management is also required to ensure :• Customer requirement and applicable

statutory/regulatory requirements are determine ,understood and met :

• Risk and opportunity that can affect conformity of products and services are determined and addressed

• The focus on enhancing customer satisfaction is maintained

5.3 Quality Policy

……………….The quality policy shallBe available to interested parties ,as appropriate.

5.4 Organizational roles responsibility and authorities

• Top management shall assign the responsibility and authority for ….

• Ensuring that the processes are delivering their intended outputs;

• Reporting on the performance of the quality management system and opportunity for improvement

• Reporting to top management ;No requirement for a specific MR and the responsibility now

handle with top management

6.1 Actions to address risk & opportunities

• Determine the risk and opportunities that need to address to • give assurance that the QMS can achieve its intended result(s)• Enhance desirable effects• Prevent or reduce undesired effects• Achieve improvementsPlan:a) Action to be address these risk and opportunities and b) How to • Integrate and implement these actions in to the QMS processes • Evaluate the effectiveness of these action.Action taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.Note : Option can include: avoiding risk in order to pursue an opportunity ,eliminating the risk sources, changing the likelihood or consequences sharing the risk or retaining risk by informed decision .

6.2 Quality objectives and planning to achieve them

“ The organization shall establish quality objective at relevant function, level and processes ”“ when planning how to achieve its quality objectives, the organization shall determine • What will be done.• What resources will be required .• Who will be responsible• When it will be completed• How the result will be evaluated ”

6.3 Planning of changes

Where there is a need for change the QMS this must be done in a planned and systematic manner considering :• The purpose of the change potential

consequences • The integrity of the QMS• The availability of resources;• Allocation or reallocation of responsibilities and

authorities.

ISO

/TC

176/

SC 2

/ N

1282

77

Clause 6.3Changes to the QMS should be carried out in a planned mannerThe standard has evolved to enable organizations to adapt to changing environments or circumstances

Note: It is important to know that change is addressed in the following clauses:

Clause 6.3 - Planning/implementing changes to the QMS

Clause 7.1.6 - Organizational knowledge - for addressing changing needs and trends, with respect to knowledge

Clause 8.1 - Controlling operational changes, planned and unintentional

Clause 8.5.6 - Addressing changes affecting products & services

6 Planning

6.1 Actions to address risk and

opportunity

6.2 Objectives and planning

6.3 Planning of changes

7.1 Resources • ……..Consider • Capabilities or constraints on existing internal resources :• What need to be obtained from external provider :• ISO 9001:2015 will include additional requirements:• People • Infrastructure • Process environment • Monitoring and measuring resources• Organizational Knowledge .

7.1.6 Organizational Knowledge• Determine knowledge necessary of operation and process and

conformity of products and services .• Knowledge shall be maintained and made available to be extent

necessary.• When addressing changing needs and trends, consider its current

knowledge and how to acquire or access the necessary additional knowledge

• Can include information such as intellectual property and lesson learned

• (eg. failure and successful project capturing undocumented knowledge and experience of logical expert ):

• External sources (eg. Standers ,academia, conferences, gathering ,knowledge with customs or providers)

7.2 Competence

The organization shallDetermine the necessary competence of person(s) doing work under its control that affects its quality performance and QMS effectiveness Note: Applicable actions may include ,for example : the provision of training to ,the mentoring of ,or reassignment of currently employed person :or hiring or contracting of competent person.”

7.3 Awareness• “Relevant person doing work under the

organization’s control shall be aware of:• The Quality policy and relevant objectives • Their contribution to the effectiveness of the

QMS, including the benefits of improved quality performance .

• The implication of not conforming with the QMS requirements.”

7.4 Communication

• “The organization shall determine the internal and external communication relevant to the QMS including

• On what it will communicate • When to communicate • With whom to communicate • How to communicate • Who communicates”


• Previously known as “Documents and records”• “Documents” needs to be “maintained ”as

documented information “• “Records” needs to be “retained” as

documented information.

ISO

/TC

176/

SC 2

/ N

1282

84

Clause 7.5.1

Requirements that used to be required for a quality manual have been enhanced and made more flexible to allow for the use of documented information needed for the quality management system

Clause 7.5.2

Enhanced requirement for the creation and updating of documented information, e.g. description, format & suitability

Clause 7.5.3

Control of documented information – now explicitly includes confidentiality, integrity and access

7 Support

7.1 Resources

7.3 Awareness

7.4 Communication


7.2 Competence

7.1.4 Environment for operation of

processes

7.1.5 Monitoring and measuring

resources

7.1.2 People

7.1.3 Infrastructure

7.1.6 Organizational knowledge

8.1 Operation planning and control “Plan implement and control processes needed to meet requirements for provision of products and services by:• Establishing criteria for the processes and acceptance criteria • Determining resources needed • Implementing the control processes• Determining the need for documented information ” “Control planned changes and review the consequences of unintended changes taking action to mitigate any adverse effects ,as necessary ”

“ Ensure that outsourced processes are controlled ”

8.2 Requirements for products and services

8.2.1 Customer communication • Establish the process for communicating with customer in

relation :• Specific requirements for contingency action when relevant 8.2.2 Determination of requirements• When determining requirements for products and services to

be offered to customer • Ensuring organization can meet the claims for the products and

services it offered8.2.2 Review of requirements8.2.2 Changes of requirements

8.3 Design and development of product and services

• Organization shall establish ,implement and maintain a design and development process appropriate to ensure subsequent provision of products and services.

• Reminder of design and development clauses has been maintained and/or simplified compared to ISO 9001:2006

ISO

/TC

176/

SC 2

/ N

1282

88

Clause 8.3

This section on design and development of products and services has substantively changed and simplified:

Clause 8.3.2 Design and development has been restructured to allow for a

more process orientated approach Involvement of customers and users as part of design

planning to be considered

Clause 8.3.3 Design and development inputs – explicit requirements for

internal and external resource needs, potential consequences of failure, level of control expected by customers

Clause 8.3.4 Design and development controls – new clause combining

Reviews, Verification & Validation

8 Operation

8.3.6 Design and development changes

8.3 Design and development of products and services

8.3.1 General

8.3.2 Design and development planning

8.3.3 Design and development inputs

8.3.4 Design and development controls

8.3.5 Design and development outputs

8.4 Control of externally provided processes, products and services

• Ensure that externally provided processes ,products and services conform to requirements

• Apply the specified requirement for control of externally provided product and services when;

• Product and services provided by external provider for incorporation in the organization’s own product and services

• Product and services are provided directly to the customer(s) by external provider on behalf of the organization . (Technical support ,maintains etc.)

• A process or part of the process is provided by an external provider as a result of a decision by the organization.(Outsourced)

• Type and extend of control to be applied depends on :• Potential impact of the external provider process ,product and services• Perceived effectiveness of control applied by external provider.

8.5 Production and service provision

• Implement control condition for production ands services provision ,including delivery and post- delivery activities can include :

• Definition of product and service characteristics activities to be performed and measurement and acceptance criteria:

• Monitoring measurement and acceptance criteria• Suitable infrastructure and process environment:• Availability and use of suitable monitoring and measuring resources :• Competent and ,where applicable ,qualified persons• Validation and periodic revalidation ,of “special processes”:• Action to prevent human error.• Release ,delivery and post- delivery activities.

8.5 Production and services provision ( Continued..)

• Identification and traceability• Property belonging to customers or external

providers • Preservation• Post-delivery activities- Consider

• Control of changes

• Statutory and regulatory requirements• Potential undesired consequences• Nature, use and intended lifetime• Customer requirements and feedback

• Review and control changes to ensure continuing conformity

8.6 Release of products and services

• ( Previously Clause 8.2.4 of ISO 9001:20080

8.7 Control of nonconforming outputs

• Action to be based on nature of the NC and its effect on conformity of products and services.

• Deal with NC in in or more of the following ways:

• Document details of concessions and person or authority that made the decision regarding dealing with the NC

•Correction:•Segregation, containment, return or suspension of provision of products and services:•Informing the customer:•Obtaining authorization for acceptance under concession:

9.1 Monitoring , measurement, analysis and evaluation

• Determine

• Retain appropriate documented information• Evaluate quality performance and QMS Effectiveness• Customer satisfaction• Analysis and evaluation

• NOW INCLUDES “RISK AND OPPOPRTUNITIES”

•What needs to be monitored and measured •Methods for monitoring, measurement , analysis and evaluation as applicable to ensure valid result.•When the monitoring and measuring shall be performed•When the results from monitoring and measurement shall be analyzed and evaluated

ISO

/TC

176/

SC 2

/ N

1282

95

Clause 9.1.3 There are specific requirements for analysis and evaluation

when using results as inputs to management review Effective implementation of planning and actions to

address risks and opportunities are new requirements in this clause

9 Performance

evaluation

9.2Internal audit


9.1.2Customer satisfaction

9.1.3 Analysis and evaluation

9.1.1 General

9.1 Monitoring, measurement,

analysis and evaluation

9.2 internal audit

• Auditor can not audit its own work

Nothing Really new

ISO

/TC

176/

SC 2

/ N

1282

97

Clause 9.2 Internal audit program now has explicit

considerations for: quality objectives, customer feedback and changes impacting the organization; management responsibility for action is now implicit whereas previously this was explicit

An auditor is now required to be impartial versus in the previous version they could not audit their own work

9 Performance

Evaluation

9.1 Monitoring, measurement,

analysis and evaluation

9.2Internal audit


9.1.2Customer satisfaction

9.1.3 Analysis and evaluation

9.3.1 General

9.3.3 Management review output

9.3 .2Management review input


Includes requirements to consider:• Status of actions from previous reviews• Changes in external and internal issues that are relevant

to the QMS and strategic direction:• Information on the performance and effectiveness of

QMS Including Trends• Adequacy of resources• Effectiveness of actions taken to address risks and

opportunities• Opportunities of improvements

10.1 ImprovementImplement actions to meet customer requirements and enhance

customer satisfaction by:

NOTE: “Improvement” includes more than just continual improvements (“Kaizen”)

•Improving product and services to meet requirements and future needs and expectations:•Correcting , preventing or reducing undesired effects•Improving performance & effectiveness of QMS

•May also include correction, corrective action, breakthrough change, innovation and re-organization

10.2 Nonconformity and corrective action

“When a nonconformity occurs (includingcomplaints). Organization shall:React to nonconformity as applicable

• Evaluate need for action to eliminate the cause of NC, in order that it does not recur or occur elsewhere by:

• Implement any action needed:• Review effectiveness' of corrective action taken:• Update risks and opportunities determined during planning• Make changes to the QMS, if necessary”

• Take action to control and correct it and•Deal with the consequences:

• Analyzing NC•Determining the causes•Determining if similar nonconformities exist, or could potentially occur

10.3 Continual improvement

• Continually improve suitability, adequacy, and effectiveness of QMS

• Consider results of analysis and evaluation, and outputs from management review, to determine if there are needs or opportunities to be addressed as part of continual improvement.

Summary Determining the organizational context enables a more effective

implementation of the quality management system Greater emphasis on processes being managed to achieve planned

results Alignment with strategic direction Integration of the QMS into organization’s business processes Determining risks and opportunities increase the effectiveness of the

organization’s QMS Change management has been expanded to add emphasis that the

QMS should be carried out in a planned manner The concept of organizational knowledge introduced to ensure the

organization acquires and maintains the necessary knowledge Communication expanded to include external

Module 3

ISO 9002:2015- Challenges for internal and external auditors

ISO 0001:2015 has to be auditable

“Auditable ”

X“Easy to audit”

Not the same thing

•15 Years ago……

• Feature of ISO 9001:2000…..• More “soft” requirements ( harder to audit)

• Commitment• Awareness•Work environment•Communication•Customer perception

Today ( 2015)

• The challenges remain very similar…..• ISO 9001:2015 has:

• Less focus on documents• Greater focus on achieving outcomes

• Typical comment received during validation process for DIS 9001:2015

• “Auditing will requite auditors who understand the business…. “tick-the-box” auditors will find this almost impossible to audit”

Difficulties in Auditing ( 2000)

• “Understanding the business of the organization”• Quality Management vs Quality Assurance• Timidity in dealing with top management • Need to focus more one results and less on

documentation.• Need to look outside the MR office !• Common sense in auditing “ Subjective”

requirements

Difficulties in Auditing ( 2015)

• Difficulties identified in Validation of DIS 9001

• Further emphasizes the need to move away

from “clause-by- clause auditing”

•“Organizational Context•Relevant Interested parties•Actions to address risks and opportunities•Organizational knowledge•Type and extent of control of external provision”

The common link- “Risk”

Risk = “The effect of uncertainty” ( on objectives/ expected results)

• ISO 9001:2015 recognizes that not all processes have the same impact on the organization’s “ability to consistently provide conforming product”

• ISO 19011_ recognizes that organizations can focus audit effort on matters of significance to the management system.

• ISO/IEC 17021:2015 introduces the principle of “risk based auditing”

ISO 19011:2011• “Priority should be given to allocating resources to audit those

matters of significance within the management system”• May include:

• NOTE This concept is commonly known as risk-based auditing

•Key characteristics of product quality•Hazards related to health and safety•Significant environmental aspects•etc

Auditor competence (ISO 19011:2011)

• Auditors should understand:• The types of risks associated with auditing.• Risk management principles, methods and

technique relevant to the discipline and sector, such that the auditor can evaluate and control the risks associated with the audit programme

ISO 19011 Annex B- Sampling

• Objective of sampling is to provide information for the auditor to have confidence that audit objectives will be achieved.

• Risk is that samples may not representation: auditor’s conclusion may be biased

• B.5.2 judgment based sampling• B.5.3 Statistical sampling

IAF ID 9:2015

• Developed in liaison between SO/TC 176/SC2 WG23 and IAF TC

•Summary of main changes to ISO 9001•Guidance for relevant interested parties

I. Organizations certified and/ or using ISO 9001:2008II. Accreditation Bodies (ABs)III. Certification Bodies (CBs)IV. Training bodies and consultants

Specific guidance for interested parties

• Degree of change necessary will depend on:

• Impact analysis/ gap assessment is strongly recommended in order to identify realistic resource and time implications.

•Maturity and effectiveness of the current management system•Organizational structure and parties

Organization using ISO 9001:2008

• Identify gaps that need to be addressed • Develop implementation plan• Provide appropriate training and awareness

for all relevant parties• Update existing QMS to meet the revised

requirements and verify effectiveness• Where applicable, liaise with CB for transition

arrangements

Thank You!