iso 9001 2015 asq workshop by colin gray

ASQ Denver ISO DIS 9001:2015

Workshop

01/21/12 © 2012 Cavendish Scott, Inc.www.CavendishScott.com

1

Agenda

• Introduction• The Current and Expected Development of ISO 9001• TS 9002• Quality Principles• Annex SL• The Structure of ISO 9001• Key Points

– Attachment to the Standard– Introduction to the Standard

• Key Definitions• Interesting Clauses• Auditability• Transition• Probable Implementation• Summary, Questions, Close

Colin Gray & Cavendish Scott, Inc.

• Consulting, training and auditing for 25+ years• IRCA/RABQSA professional auditor• Registrar Auditor

• Cavendish Scott, Inc.• Accredited IRCA Training Organization• Consulting – Guaranteed Certification• Training – in-house, public, accredited, customized• Auditing – internal auditing, consulting and support

ISO 9001 Development

• In the beginning…• 1979• 1987• 1994, 2000, 2008

– Was the process approach invented in 2000– “What Happened” in 2008!

ISO 9001 Development

• User Surveys (following release)• Strategic plans, committee structures

– 70+ Countries• TC 176, USTAG, SC/WG• CD, DIS, FDIS, ISO

ISO.ORG

Look it up! ISO.ORG

58 Swiss Fr = $65.04

Guide to the Stages

Current Stage

Original Design Specification

According to the draft design specification, the revised standard should (among other things) :

• •Provide a stable core set of requirements for the next 10 years or more• •Remain generic, and relevant to all sizes and types of organization operating in any sector• •Maintain the current focus on effective process management to produce desired outcomes• •Take account of changes in quality management systems practices and technology since the last

major revision in 2000• •Reflect changes in the increasingly complex, demanding and dynamic environments in which

organizations operate• •Apply Annex SL of the ISO Directives to enhance compatibility and alignment with other ISO

management system standards• •Facilitate effective organizational implementation and effective conformity assessment by first,

second and third parties• •Use simplified language and writing styles to aid understanding and consistent interpretations of its

requirements

ISO 9001:2015 and beyond - Preparing for the next 25 years of quality management standardsby Nigel H. Croft on 28 August 2012 Chair ISO/TC 176/SC 2, Quality systems

Timeline

Timescale

Date ISO 9001 (QMS)

August 2013 Close of CD ballot/CD Issued/Initiation of DIS Development

January 2014 DIS (Final draft)

March 2014 DIS draft to ISO (*Cavendish Scott to provide workshops)

April 2014 DIS ballot opens

August 2014 DIS ballot closes/DIS Issued/Initiation of FDIS Development

January 2015 Final draft FDIS

July 2015 FDIS Ballot opens (Jan-July FDIS avail. Cavendish Scott to provide Workshops)

August 2015 FDIS ballot closes

September 2015 ISO Publication

October 2015

November 2015

December 2015

March 2014

• The CD achieved a 78% approval.• 66% is required.

• Negative votes (12) included significant countries such as Germany, Japan, US, and Canada.

• 3,000 comments were received. • The need for an interim meeting was determined.• Interim working draft submitted – 1400 comments

received. March, Verseille could not address all.• Declared plan is to get the DIS to “countries” by April –

publication June/July• Get to “countries” for translation (previous issues)• NEW WORK TS 9002…guidance

TS 9002 – (Goal)

• Guidance – for suppliers (to implement) and customers (to understand)

• In drafting ISO 9001, ISO/TC 176/SC2 has an objective to write the standard in such a way as to make it understandable by all users.

• However, owing to the constraint of trying to write generic requirements that are applicable to all organizations and also due to translation issues, it is recognized that it is not always possible to achieve the level of clarity required, particularly for certain types of organization.

• It is expected that the provision of these application guidelines, supported by specific types of examples, will enable users to be able to put ISO 9001 more readily into their own context, and so have greater understanding of its requirements.

• SC2 March 2014

TS 9002 (Response)

• The US Expert Recommendation will be based on the following criteria. (DRAFT)

• The fact that we are writing a guidance document is evidence that the requirements cannot be effectively implemented by organization.

• From the earliest days of ISO 9001(also including 9002 and 9003 in the early days) the standard has been written in a language that line management, who are not quality experts, can understand. This has been an important contributor to the success of ISO 9001. Writing the next revision of ISO 9001 in a language that only quality experts can understand undermines 25 years of effort to make Quality Management Requirements Standards readily understandable by line management, and would be a giant step backwards.

• In addition, the generic level of the standard has existed in the standard since its inception. There is no evidence that the generic level of the standard requires guidance.

Quality Principles

NEW• QMP 1 – Customer Focus• QMP 2 – Leadership• QMP 3 – Engagement of People• QMP 4 – Process Approach

• QMP 5 – Improvement• QMP 6 – Evidence-based Decision

Making • QMP 7 – Relationship Management

ORIGINAL• Customer focus• Leadership• Involvement of people• Process approach• System approach to management • Continual improvement• Factual approach to decision

making• Mutually beneficial supplier

relationships

Annex SL – Why we Know What we Know!

• Purpose is a consistent (high level) structure, terminology and requirements (text) between different management system standards.• 9001, 14001, 27001, etc.

• 27001 published, 14001 in draft for publication (TC207)

• Currently in force (restricting what TC176 can do)

Annex SL – Why we Know What we Know!

• Annex SL, Appendix 2 allows discipline specific additions to the core text and this has been utilised for the following:– specific quality management system requirements

considered essential to meet the scope of the standard;– requirements that may appear to be generic but are

considered essential to reflect use of the Quality Management Principles that form the basis for the quality management system standards within the ISO 9000 family;

– requirements and notes that enhance or clarify the core text.

– (from CD)

The Old (current) Structure

• 4 Quality System• 5 Management Responsibility• 6 Resources• 7 Production Realization• 8 Monitoring, Measuring, and Improvement

The Structure of Annex SL……

• 4 Context of the organization• 5 Leadership• 6 Planning• 7 Support• 8 Operation• 9 Performance evaluation• 10 Improvement

The Structure of CD 9001:2015

• 4 Context of the organization• 5 Leadership• 6 Planning• 7 Support• 8 Operation• 9 Performance evaluation• 10 Improvement

DIS 9001:2015 Titles

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organization• 4.1 Understanding the organization and its context• 4.2 Understanding the needs and expectations of

interested parties• 4.3 Determining the scope of the quality

management system• 4.4 Quality management system and its processes

5. Leadership• 5.1 Leadership and commitment• 5.2 Quality policy• 5.3 Organizational roles, responsibilities and

authorities

6. Planning for quality management systems• 6.1 Actions to address risks and opportunities• 6.2 Quality objectives and planning to achieve them• 6.3 Planning of changes

7. Support• 7.1 Resources *• 7.2 Competence• 7.3 Awareness

• 7.4 Communication• 7.5 Documented information

8. Operation• 8.1 Operational planning and control• 8.2 Determination of requirements for products and

services• 8.3 Design and Development of products and

services• 8.4 Control of externally provided products and

services• 8.5 Production and service provision• 8.6 Release of goods and services• 8.8 Control of nonconforming process outputs,

products and services

9. Performance evaluation• 9.1 Monitoring, measurement, analysis and

evaluation• 9.2 Internal audit• 9.3 Management review

10. Improvement • 10.1 General• 10.2 Nonconformity and corrective action• 10.2 Continual improvement

Annex A Quality management principles (Informative)

Bibliography

Review of 9001:2015 – Key Points

• 2 areas• Attachment 1 to SC2/N1147• Introduction to CD – 0.3 Significant Changes


• Attachment 1 to SC2/N1147• a) Exclusions

• there should no longer be any technical reasons for an organization's QMS not to be able to meet all the requirements

• b) Goods and services• instead of Product (NOW – PRODUCTS AND SERVICES)

• c) Improvement• (continual) improvement - (delete continual)


• Introduction to CD – 0.3 Significant Changes• a) Redrafting to make the standard more generic and more

easily applicable by service industries• Goods and Services (versus Product)

• b) Context of the organisation• 4.1 Understanding the organization and its context and • 4.2 Understanding the needs and expectations of interested

parties• - determine the issues and requirements that can impact on the

planning of the QMS - used as an input into the development of the QMS

• - determining the requirements of relevant interested parties there is no new requirement to ensure ... meet the needs …of external parties other than those already identified in ISO 9001:2008. Such a change would require a change to the scope of the standard which is not permitted by the design specification for the revision.


Introduction to CD – 0.3 Significant Changes• c) Process approach

• This proposed revision to the standard makes (the adoption of a process approach) more explicit by including clause 4.4.2 Process approach – specifying requirements considered essential to the adoption of a process approach.

• d) Risk and Preventive Action• Annex SL does not include a clause giving specific requirements for

‘preventive action’ - key purposes of a formal management system is to act as a preventive tool.

• (4.1 Understanding the Org.) …external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s)’

• (6.1 Actions to add. risks) determine the risks and opportunities that need to be addressed to: assure the QMS can achieve its intended outcome(s); prevent, or reduce, undesired effects; achieve continual improvement.

• Although risks have to identified and acted upon there is no requirement for formal risk management.


Introduction to CD – 0.3 Significant Changes• e) Documented information

• The Annex SL Appendix 2 clause on Documented Information has been adopted without significant change or addition. Where appropriate, text elsewhere in the standard has been aligned with its requirements. Consequently the terms ‘document’ and ‘record’ have both been replaced throughout the requirements text by ‘documented information’.

• f) Control of external provision of goods and services (8.6)• addresses all forms of external provision, whether it is by purchasing from a

supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organisation or by any other means. The organisation is required to take a risk based approach to determine the type and extent of controls appropriate to each external provider and all external provision of goods and services.


1. Scope







authorities













Bibliography

DIS Definitions

• Went from 22 to 69 (this will not stand)• Includes the word “unicorn” – 3.36 (nor this?)

Key (new) Definitions

• 3.02• interested party (preferred term)• stakeholder (admitted term)• person or organization (3.01) that can affect, be affected by, or perceive themselves

to be affected by a decision or activity• • 3.09• risk• effect of uncertainty• Note 1 to entry: An effect is a deviation from the expected — positive or negative.• Note 2 to entry: Uncertainty is the state, even partial, of efficiency of information

related to, understanding or knowledge of, an event, its consequence, or likelihood.• Note 3 to entry: Risk is often characterized by reference to potential events (ISO

Guide 73, 3.5.1.3) and consequences (ISO Guide 73, 3.6.1.3), or a combination of these.

• Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (ISO Guide 73, 3.6.1.1) of occurrence.

Key (new) Definitions

• 3.11• documented information• information required to be controlled and maintained by an organization (3.01) and

the medium on which it is contained• Note 1 to entry: Documented information can be in any format and media and from

any source.• Note 2 to entry: Documented information can refer to• – the management system (3.04), including related processes (3.12);• – information created in order for the organization to operate (documentation);• – evidence of results achieved (records).• • 3.14• outsource (verb)• make an arrangement where an external organization (3.01) performs part of an

organization’s function or process (3.12)• Note 1 to entry: An external organization is outside the scope of the management

system (3.04), although the outsourced function or process is within the scope.


1. Scope







authorities













Bibliography

“Interesting” Clauses

• “Accountable”• Change management?• Documented Information !#*%$!!• Risk!• Control of External Processes (purchasing, outsourced

processes)

Accountable

• 5.1.1 Leadership and commitment for the quality management system

• Top management shall demonstrate leadership and commitment with respect to the quality management system by:

• a) taking accountability of the effectiveness of the quality management system;

• Of vs for

Change Management DIS

• 6.3 Planning of changes• Where the organization determines the need for change to the quality management

system (see 4.4) • the change shall be carried out in a planned and systematic manner. • The organization shall consider: • a) the purpose of the change and any of its potential consequences; • b) the integrity of the quality management system; • c) the availability of resources; • d) the allocation or reallocation of responsibilities and authorities.

• ISO 9001:2008 5.4.2 Quality management system planning • Top management shall ensure that:

– the planning of the quality management system is carried out in order to meet the requirements given in 4.1, as well as the quality objectives, and

– the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

Change Management CD

• 6.3 Planning of changes• The organization shall determine the needs and opportunities for change to maintain

and improve the performance of the quality management system.• The organization shall undertake change in a planned and systematic manner,

identifying risks and opportunities and reviewing the potential consequences of change.

• NOTE Specific requirements on control of changes are included in clause 8.

• 6.3 Planning of changes• Where the organization determines the need for change to the quality management

system (see 4.4) • the change shall be carried out in a planned and systematic manner. • The organization shall consider: • a) the purpose of the change and any of its potential consequences; • b) the integrity of the quality management system; • c) the availability of resources; • d) the allocation or reallocation of responsibilities and authorities.

Change Management DIS

• 7.5.3 Control of documented Information• …the organization shall address the following activities, …• control of changes (e.g. version control)• 8 Operation / 8.1 Operational planning and control• The organization shall plan, implement and control the processes needed to• … The organization shall control planned changes and review the

consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. (SL)

• 8.5.6 Control of changes• The organization shall review and control unplanned changes essential for

production or service provision to the extent necessary to ensure continuing conformity with specified requirements.

• The organization shall retain documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions.

Documented Information (2008)

• 4.2.3 Control of documents• Documents required by the quality management system shall be controlled. Records are a

special type of document and shall be controlled according to the requirements given in 4.2.4.• A documented procedure shall be established to define the controls needed

– A) to approve documents for adequacy prior to issue,– B) to review and update as necessary and re-approve documents,– C) to ensure that changes and the current revision status of documents are identified,– D) to ensure that relevant versions of applicable documents are available at points of use,– E) to ensure that documents remain legible and readily identifiable,– F) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation

of the quality management system are identified and their distribution controlled, and– G) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for

any purpose.

• 4.2.4 Control of records• Records established to provide evidence of conformity to requirements and of the effective

operation of the quality management system shall be controlled.• The organization shall establish a documented procedure to define the controls needed for the

identification, storage, protection, retrieval, retention and disposition of records.• Records shall remain legible, readily identifiable and retrievable.

Documented Information (SL)

7.5 Documented information• 7.5.1 General• The organization’s quality management system shall include • documented information required by this International Standard,• documented information determined by the organization as being necessary for the

effectiveness of the quality management system.• NOTE The extent of documented information for a quality management system can

differ from one organization to another due to– the size of organization and its type of activities, processes, products goods and services, – the complexity of processes and their interactions, and – the competence of persons.

• 7.5.2 Creating and updating• When creating and updating documented information the organization shall ensure

appropriate– identification and description (e.g. a title, date, author, or reference number),– format (e.g. language, software version, graphics) and media (e.g. paper, electronic),– review and approval for suitability and adequacy.

• 7.5.3

Documented Information (SL)

7.5 Documented information7.5.1, 7.5.2

• 7.5.3 Control of documented Information• 7.5.3.1 Documented information required by the quality management system and by

this International Standard shall be controlled to ensure– it is available and suitable for use, where and when it is needed, and– it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

• 7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable

– distribution, access, retrieval and use, – storage and preservation, including preservation of legibility,– control of changes (e.g. version control), and– retention and disposition.

• Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and controlled.

• NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.

Risks (SL)

• 6.Planning, 6.1 Actions to address risks and opportunities• When planning for the quality management system, the organization shall

consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to

– assure the quality management system can achieve its intended outcome(s), – assure that the organization can consistently achieve conformity of goods and services and customer

satisfaction,– prevent, or reduce, undesired effects, and– achieve continual improvement.

• 6.1.2 The organization shall plan:– actions to address these risks and opportunities, and– how to

• integrate and implement the actions into its quality management system processes (see 4.4), and• evaluate the effectiveness of these actions.

• Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.

• NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.

Risks

• 4.4.2 Process approach– Shall determine – d) determine the risks to conformity of goods and services and customer satisfaction

• 5.1.2 Customer Focus– Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring

that– b) the risks and opportunities that can affect conformity of products and services and the ability to enhance

customer satisfaction are determined and addressed;

External/Outsourced Processes

8.4 Control of external provision of goods and services• 8.4.1 General• 8.4.2 Type and extent of control of external provision• 8.4.3 Information for external providers

Other Observations

• No specific requirement for “procedures”

• 4.4 Quality management system and its processes• …The organization shall maintain documented information to the extent

necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.

– - basically requires a procedure for everything?

•

Other Observations

• Context of the organization• Interested Parties• Leadership (accountable)• Planning - Change• Risk (note – no requirement for risk management)• Organizational Knowledge• External processes• Management Rep. Special Processes. Preventive Action - missing. • Structure – Operations-Support


1. Scope







authorities













Bibliography

Auditability

• Standards are ultimately written for assessment (comparison)

• Problems with 2000 version and current misunderstanding of “process”

• Reluctance of auditors, certification bodies and accreditation agencies to “require” process

• Many inadequate applications of the standard• Training and competency of auditors in general

– In particular we some new “softer” requirements – strategy and direction, interested parties (IRCA Annex SL training)

• Stage 1/Document Review

Transition

• 3 years (certification cycle)• Upgrade at surveillance (with extra time)• Upgrade at re-certification (with ½ extra time)• Cut off time for the expiration of 2008 certificates• Early adopters• Stage 1/Document review for transition• Qualification requirements for auditors will be set (by

Auditor organizations) (IRCA 1 day on Annex SL 1 Day on 9001 specifically)

• Accreditation requirement set by accreditation agencies (e.g. ensuring they have implemented competency criteria)

Probable Implementation

• Quality Manual (not a requirement – but a “guide” will be useful/needed by customers) and terminology throughout

• New processes/documents– Context of the Organization– Interested parties– Risks and Opportunities– Objective setting, monitoring and achievement– Change Management– Communication (at least tools)


• Process Approach – could mean a complete re-write• Scope, Leadership, Quality Policy and Objectives

– Same – but need strengthening and “right”ing– Processes for monitoring and achieving objectives

• Knowledge (identify/define – does it change)• Change Record control (optional) (document control = documented

information)• Operations should be the same.

– Opportunity to update, “process-ize”, better define.– Change Purchasing (optional)– External providers (of goods and service)

• Change Preventive Action Process (optional)


• Book your CB– Date based on transition period, surveillance stage and

surveillance/certificate dates– Leader or laggard

• Book you consultant– This is usually a secondary function for you. This is what we do

every day– This is not a simple transition.– We have already designed solutions to address these

requirements– We can apply them quicker– Change is often easier when driven from outside– Guaranteed! Can you afford to fail – why risk it?


• Awareness training/management sessions• Document Review as your control document• Documentation changes• New process design and documentation• Informal auditing• Internal Audit

Cavendish Scott Implementation

• Training Workshops- (DIS forwards)• Standard upgrade packages based on QMS structure (process vs

standard)– Awareness training– Tweaking of existing documents– Generation of new documents (for new processes e.g. risk) – Training

and Support– Thorough cross reference/Document Review of documentation to new

requirements (proof of conformance)– Task list of Activities and actions– Review of evidence created (to early review process functionality)– Internal audit (to test new processes)

• Guaranteed ISO Success

Summary

• Background to the development of the standard– Importance of DIS, FDIS.

• Role of Annex SL– Rumors!!!

• Structure of the Standard• Review of content – probable and possible• Timeline for issue• Implementation

Contact

• Colin Gray• [email protected]

iso 9001 2015 asq workshop by colin gray

Business

requirements iso

iso publication

revision of iso

structure of iso

iso directives

drafting iso

success of iso

expected development