ISO 9000 & ISO 22000

SUBMITTED BY

MASTAN VALI K

16FT1D7821

ISO 9000 Series

• The ISO 9000 family of QM standards is designed to help organizations ensure that they meet theneeds of customers and other stakeholders while meeting statutory and regulatory requirements relatedto a product or program.

• ISO 9000 deals with the fundamentals of quality management systems, including the seven qualitymanagement principles upon which the family of standards is based.

• ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill.

BACKGROUND

• ISO 9000 was first published in 1987 by ISO.

• It was based on the BS 5750 series of standards from BSI that were proposed to ISO in 1979.

EVOLUTION

• The ISO 9000 standard is continually being revised by standing technical committees and advisorygroups, who receive feedback from those professionals who are implementing the standard.

1987 version

• ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three "models" for qualitymanagement systems, the selection of which was based on the scope of activities of the organization

1. ISO 9001:1987 Model for quality assurance in design, development, production, installation, andservicing was for companies and organizations whose activities included the creation of new products.

2. ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically thesame material as ISO 9001 but without covering the creation of new products.

3. ISO 9003:1987 Model for quality assurance in final inspection and test covered only the finalinspection of finished product, with no concern for how the product was produced.

EVOLUTION

1994 version• ISO 9000:1994 emphasized QA via preventive actions, instead of just checking final

product, and continued to require evidence of compliance with documented procedures.

• As with the first edition, the down-side was that companies tended to implement itsrequirements by creating shelf-loads of procedure manuals, and becoming burdened with anISO bureaucracy.

• In some companies, adapting and improving processes could actually be impeded by thequality system

EVOLUTION2000 version

• The 2000 version sought to make a radical change in thinking by actually placing front and centre the concept ofprocess management (the monitoring and optimisation of a company's tasks and activities, instead of justinspection of the final product).

• The 2000 version also demanded involvement by upper executives in order to integrate quality into the businesssystem and avoid delegation of quality functions to junior administrators.

• Another goal was to improve effectiveness via process performance metrics: numerical measurement of theeffectiveness of tasks and activities.

ISO 9000 Requirements include:

• Approve documents before distribution;

• Provide correct version of documents at points of use;

• Use your records to prove that requirements have been met; and

• Develop a procedure to control your records.

EVOLUTION

2008 version• ISO 9001:2008 in essence re-narrates ISO 9001:2000. The 2008 version only introduced clarifications to the

existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO14001:2004.

• ISO 9001 is supplemented directly by two other standards of the family:

• ISO 9000:2005 "Quality management systems. Fundamentals and vocabulary"

• ISO 9004:2009 "Managing for the sustained success of an organization. A quality management approach"

• Other standards, like ISO 19011 and the ISO 10000 series, may also be used for specific parts of the qualitysystem.

EVOLUTION2015 version

• In 2012, ISO TC 176 - responsible for ISO 9001 development - celebrated 25 years of implementing ISO 9001, and concluded that it is necessary to create a new QMS model for the next 25 years. As a result of the intensive work from this technical committee, the revised standard ISO 9001:2015 was published by ISO on 23 September 2015.

• The 2015 version is also less prescriptive than its predecessors and focuses on performance. This was achieved by combining the process approach with risk-based thinking, and employing the Plan-Do-Check-Act cycle at all levels in the organization.

• Some of the key changes include:

• Greater emphasis on building a management system suited to each organization's particular needs

• A requirement that those at the top of an organization be involved and accountable, aligning quality with wider business strategy

• Risk-based thinking throughout the standard makes the whole management system a preventive tool and encourages continuous improvement

• Less prescriptive requirements for documentation: the organization can now decide what documented information it needs and what format it should be in

• Alignment with other key management system standards through the use of a common structure and core text

• Inclusion of Knowledge Management principles

PRINCIPLES

• QMP 1 – Customer focus

• QMP 2 – Leadership

• QMP 3 – Engagement of people

• QMP 4 – Process approach

• QMP 5 – Improvement

• QMP 6 – Evidence-based decision making

• QMP 7 – Relationship management

Principle 1 – Customer focus

• Organizations depend on their customers and therefore should understand current and future customer needs, should meet customerrequirements and strive to exceed customer expectations.

Principle 2 – Leadership

• Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in whichpeople can become fully involved in achieving the organization's objectives.

Principle 3 – Engagement of people

• People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization'sbenefit.

Principle 4 – Process approach

• A desired result is achieved more efficiently when activities and related resources are managed as a process.

Principle 5 – Improvement

• Improvement of the organization's overall performance should be a permanent objective of the organization.

Principle 6 – Evidence-based decision making

• Effective decisions are based on the analysis of data and information.

Principle 7 – Relationship management

• An organization and its external providers (suppliers, contractors, service providers) are interdependent and a mutually beneficialrelationship enhances the ability of both to create value.

ISO 9001:2015• Requirements

– Section 4: Context of the Organization

– Section 5: Leadership

– Section 6: Planning

– Section 7: Support

– Section 8: Operation

– Section 9: Performance evaluation

– Section 10: Improvement

• Essentially the layout of the standard is similar to the previous ISO 9001:2008 standard in that it follows the Plan, Do, Check, Act cycle in a process based approach, butis now further encouraging this to have risk based thinking.

• Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections4 to 10.

• Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, not that of the organization, their contentsmust be taken into account.

• The standard no longer specifies that the organization shall issue and maintain documented procedures, however ISO 9001:2015 requires the organization to documentany other procedures required for its effective operation.

• The standard also requires the organization to issue and communicate a documented quality policy, a Quality Manual (which may or may not include documentedprocedures) and numerous records, as specified throughout the standard. New for the 2015 release is a requirement for an organization to assess risks and opportunitiesand to determine internal and external issues relevant to its purpose and strategic direction.

PDCA Cycle

The PDCA cycle can be briefly described as follows:

• Plan: establish the objectives of the system and its processes, and the resources needed todeliver results in accordance with customers' requirements and the organization's policies,and identify and address risks and opportunities;

• Do: implement what was planned;

• Check: monitor and (where applicable) measure processes and the resulting products andservices against policies, objectives, requirements and planned activities, and report theresults;

• Act: take actions to improve performance, as necessary.

ISO 22000:2005

• ISO 22000, Food safety management systems - Requirements for any organization in the food chain, was firstpublished in 2005. The standard provides international harmonization in the field of food safety standards,offering a tool to implement HACCP (Hazard Analysis and Critical Control Point) throughout the food supplychain.

• The goal of ISO 22000 is to control, and reduce to an acceptable level, any safety hazards identified for the endproducts delivered to the next step of the food chain. (An end product is defined as a product that will not undergoany further processing or transformation by the organization.)

• The standard combines the following generally-recognized key elements to ensure food safety at all points of thefood chain:

1. Requirements for good manufacturing practices or prerequisite programs

2. Requirements for HACCP according to the principles of the Codex Alimentarius

3. Requirements for a management system

4. Interactive communication between suppliers, customers, and regulatory authorities

ISO 22000:2005

The ISO 22000 specifies the requirements for a food safety management system that involves the following elements:

• Interactive Communication

• system management

• prerequisite programs

• HACCP principles

• Critical reviews of the above elements have been conducted by many scientists.

• Communication along the food chain is essential to ensure that all relevant food safety hazards are identified andadequately controlled at each step within the food chain.

• This implies communication between organizations both upstream and downstream in the food chain.

• Communication with customers and suppliers about identified hazards and control measures will assist inclarifying customer and supplier requirements.

• The most effective food safety systems are established, operated and updated within the framework of a structuredmanagement system and incorporated into the overall management activities of the organization.

• ISO 22000 has been aligned with ISO 9001 in order to enhance the compatibility of the two standards.

• ISO 22000 can be applied independently of other management system standards or integrated with existingmanagement system requirements.

• ISO 22000 integrates the principles of the HACCP system and application steps developed by the CAC.

• ISO 22000 requires that all hazards that may be reasonably expected to occur in the food chain, including hazardsthat may be associated with the type of process and facilities used, are identified and assessed.

• ISO is developing additional standards that are related to ISO 22000. These standards will be known as the ISO 22000 familyof standards. At the present time, the following standards will make up the ISO 22000 family of standards:

• ISO 22000 - Food safety management systems - Requirements for any organization in the food chain.

• ISO 22001 - Guidelines on the application of ISO 9001:2000 for the food and drink industry (replaces: ISO 15161:2001).

• ISO/TS 22002- Prerequisite programmes on food safety—Part 1: Food manufacturing

• ISO/TS 22002-2:2013 Prerequisite programmes on food safety – Part 2: Catering

• ISO/TS 22002-3:2011 Prerequisite programmes on food safety – Part 3: Farming

• ISO TS 22003:2007 - Food safety management systems for bodies providing audit and certification of FSMS.

• ISO TS 22004:2005 - Food safety management systems - Guidance on the application of ISO 22000:2005.

• ISO 22005:2007 - Traceability in the feed and food chain - General principles and basic requirements for system design andimplementation.

• ISO 22006 - Quality management systems - Guidance on the application of ISO 9002:2000 for crop production.

• ISO 22000 is also used in the Food Safety Systems Certification (FSSC) Scheme FS22000. FS22000 is a Global Food SafetyInitiative (GFSI) approved scheme.

An example of the communication channels among interested parties of the food chain

HIGHLIGHTS OF THE STANDARD• While similar in philosophy to ISO 9001 and ISO 14001, ISO 22000 contains clauses that are specific to the food

industry, including:

• The establishment of prerequisite programs (PRPs), which define the basic conditions and activities needed tomaintain a hygienic environment, both within the organization and throughout the food chain (7.2, 7.5)

• The identification and control of food safety hazards, and the determination of an acceptable level of risk (7.4)

• The establishment of a HACCP plan, including the identification and monitoring of critical control points: processsteps at which controls can be applied to prevent or eliminate a food safety hazard, or reduce it to an acceptablelevel (7.6)

• The handling of potentially unsafe food products to ensure that they do not enter the food chain (7.10.3)

• The establishment of a food safety team responsible for tasks such as hazard analysis, selection of controlmeasures, establishment of PRPs, and planning of internal audits (5.5 and 7.3.2)

• The information and characteristics needed for both raw materials and end products to ensure that a properhazard analysis can be conducted (7.3.3)

• The establishment of a communications plan with external parties – such as suppliers, customers, and regulatoryauthorities – to ensure that food safety information is available to all (5.6.1)