ISO 9001:2015 Transition Lunch & Learn. Presenter: Conrad Soltero

ISO 9001:2015 Transition Lunch & Learn Presenter: Conrad Soltero

Purpose Background to the ISO 9001 development and revision timeline What the key changes are: New Structure New Content Risk Based Approach Quality Management Principles How Changes Might Effect You Communicate Revision Timelines

Key Points ISO 9001 is the most widely adopted QMS standard worldwide (1.1 million registrations) Under revision scheduled for September 2015 publication Currently under FDIS version Changes to impact senior management, quality professionals, audit professionals (assessors)

Why was ISO 9001:2008 Revised? Reflect a changing business environment Increased service prominence Align management system standards ISO scheduled review

Revision Timeline 2013 2014 2015 June 2013: CD (Committee Draft) May 2014: DIS (Draft International Standard) Transition Period July 2015 : FDIS (Final Draft International Standard) September 2015: IS (International Standard)

Development of ISO 9001 Series Quality Assurance (20 Elements) Quality Management (process approach) 1994 2008 2015 1987 2000 Small Revision Minor Revision New Structure (Risk Based Thinking)

Quality Management Principles-Annex 2008: 8 QMPs 1. Customer focus 2. Leadership 3. Involvement of people 4. Process approach 5. System approach to management 6. Continual improvement 7. Factual approach to decision making 8. Mutually beneficial supplier relationships 2015: 7 QMPs 1. Customer focus 2. Leadership 3. Engagement and competence of people 4. Process approach 5. Improvement 6. Informed decision making 7. Relationship management

What is Annex SL? Framework for a generic management system Annex SL (previously ISO Guide 83) is a publication which forms the basis of a generic management system It is designed to help streamline creation of new standards, and make implementing multiple standards within one organization easier

Why was Annex SL Developed? Help organizations with multiple management systems Save money and time for multiple systems Eliminate redundancy and confusion Rationalize business operations by integration of different areas of compliance

Annex SL and Management Systems 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 5. Leadership 6. Planning 7. Support PLAN 8. Operation DO 9. Performance evaluation CHECK 10. Improvement ACT

When will Annex SL Take Effect? ISO 22301 (Business Continuity) was the first to adopt Annex SL structure Other standards include: ISO 27001 Information technology ISO 9001:2015 (published) ISO 14001:2015 (published) AS9100/10/20 (currently under revision) ISO 13485:2003 (currently under revision) ISO/TS 16949 OHSAS 18001

Structure of ISO 9001 Family ISO 9001:2008 ISO 9000:2005 Sets out the requirements of a quality management system Certifiable Covers the basic concepts and terminology used in the entire ISO 9000 family Non certifiable ISO 9004:2009 ISO 19011:2011 Provides guidance on how to make the quality management system more successful Non certifiable Provides guidance on internal and external audits for quality management systems

Structure of ISO 9001:2008 Section 1 Section 2 Section 3 Section 4 Scope Normative references Terms and definitions Quality Management System Section 5 Section 6 Section 7 Management Responsibility Resource Management Product/ Service Realization Requirements Section 8 Measurement, Analysis and Improvement

ISO 9001 Main Changes Process approach Risk based thinking Documentation flexibility Better focus on stakeholders

ISO 9001:2015 New Structure Section 1 Section 2 Section 3 Section 4 Section 5 Section 6 Section 7 Section 8 Section 9 Section 10 Annex A Annex B Scope Normative references Terms and definitions Context of the organization Leadership Planning Support Operation Performance evaluation Improvement Clarification of new structure Other international standards managed by ISO TC/176 Requirements

Module 4: Introduction/Terms General Scope Normative References Terms & Definitions 0.1 General Scope 2 Normative References 3 Terms & Definitions 0.2 Quality Management Principles 0.3.1 Process Approach 0.3.2 PDCA 0.3.3 Risk Based Thinking 0.4 Relationship with MSS

0.1 General Strategic decision for the organization Help organizations achieve its objectives Reminded that the standard does not prescribe how the QMS should look Employs a process approach which incorporates the PDCA cycle and risk based thinking

0.1 General Shall indicates a requirement Should indicates a recommendation May indicates a permission Can indicates a possibility or a capability Note is for guidance in understanding or clarification

0.2 Quality Management Principles Standard based on the 7 quality management principles These reside within ISO 9000:2015

0.3 Process Approach Promotes the process approach beyond the existing requirements of ISO 9001:2008 The application will vary based on complexity, size and activities of the organization Organizations often identify too many processes Requirements for adopting the process approach are defined in clause 4.4

0.3.1 General StartingPoint End Point Sources of Inputs Predecessor Processes: (Internal or external) Inputs Matter, Energy, Information Activities Outputs Matter, Energy, Information Receivers of Outputs Subsequent Processes: (Internal or external) Possible controls & check points to monitor and measure performance

0.3.2 P-D-C-A

0.3.3 Risk Based Thinking Risk based thinking is something we all do automatically and often sub consciously The concept of risk has always been implicit in ISO 9001 this revision makes it more explicit and builds it into the whole management system Risk based thinking is already part of the process approach Risk based thinking makes preventive action part of the routine

0.3.3 Risk Based Thinking Risk: effect of uncertainty Risk is often thought of only in the negative sense. Risk based thinking can also help to identify opportunities. This can be considered to be the positive side of risk Negative or Positive Preventive Action

0.3.4 Relationship with other MSS ISO 9000 ISO 9004 Annex B provides details of other MSS developed by ISO/TC/176

Module 4: Introduction General Scope Normative References Terms & Definitions 0.1 General Scope 2 Normative References 3 Terms & Definitions 0.2 Quality Management Principles 0.3.1 Process Approach 0.3.2 PDCA 0.3.3 Risk Based Thinking 0.4 Relationship with MSS

1 Scope/ 2 References/ 3 Terms Scope Scope is not changed References to exclusions sub clause 1.2 Application has been removed Clause 4.3 requires the QMS scope to contain justification for any requirement deemed non applicable. Normative References ISO 9000:2015 referenced Terms and Definitions ISO 9000:2015

Module 4: PLAN 4. Context of the organization 4.1 Understanding the organization 4.2 Understanding the needs of interested parties 4.3 Determining the scope of the QMS 4.4 QMS and its processes 5. Leadership 6. Planning 7. Support 5.1 Leadership and commitment 5.2 Quality policy 5.3 Organizational roles, authorities, responsibilities 6.1 Actions to address risk and opportunities 6.2 Quality objectives and planning 6.3 Planning of changes 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information

4 Context of the Organization Organization person or group that has its own functions with responsibilities, authorities and relationships to achieve its objectives

4.1 Understanding the organization and its context This is a new requirement and a very important one Necessary to understand quality challenges and the risk inherent in that market segment The organization shall determine external and internal issues that are relevant and can prevent the success of the quality management system implementation The organization shall monitor and review information about these internal and external issues (not done just once)

4.1 Understanding the organization and its context Organization Environment Internal Environment (Internal Capability Analysis) Organization External Environment (Analysis of External Influencing Factors)

4.1 Understanding the organization and its context Analyzing the External Environment (PESTLE) Political Economic Social Cultural Technological Legal Environment Government type and policy Funding, grants and initiatives Inflation and interest rates Labor and energy costs Population, education, media Lifestyle, fashion, culture Emerging technologies, Web Information & communication Regulations and standards Employment law Weather, green & ethical issues Pollution, waste, recycling

4.1 Understanding the organization and its context Outcome of External Environment Analysis Global Opportunities National Regional Threats Local

4.1 Understanding the organization and its context Analyzing the Internal Environment Brainstorming 7s Assessment

4.1 Understanding the organization and its context Analyzing the Internal Environment Factors to Consider Values Culture Knowledge Brainstorming Performance of organization

4.1 Understanding the organization and its context Analyzing the Internal Environment Factors to Consider Shared values Skills Style 7s Assessment Strategy Staff Structure System

4.1 Understanding the organization and its context Outcome of Internal Environment Analysis Strengths Weaknesses

4.1 Understanding the organization and its context Strengths Weaknesses Internal Opportunities SWOT Threats External

4.1 Understanding the organization and its context Doing Something About It! BUILD ON YOUR STRENGTHS ADDRESS YOUR WEAKNESSES Risk Management CONSIDER YOUR OPPORTUNITIES GUARD AGAINST YOUR THREATS

4.2 Understanding the needs and expectations of interested parties Interested party person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity

4.2 Understanding the needs and expectations of interested parties Determine the interested parties that are relevant to the quality management system The organization shall: Determine the requirements for these interested parties that are relevant to the quality management system Monitor and review information about these interested parties and their relevant requirements

4.2 Understanding the needs and expectations of interested parties Identification and analysis of interested parties Financial Institutions Suppliers Customers Interest Groups Board of Directors Employees Organization Management Team Unions Legislator Media Public Shareholders

4.2 Understanding the needs and expectations of interested parties Analysis of their requirements and expectations 1. Identify the requirements and expectations Identify requirements Requirements may be implicit or explicit Example: On time delivery 98.5% 2. Validate requirements and expectations Analyze the quality needs and confirm if meeting requirement Example: Data, survey, interviews, focus groups 3. Identify roles and responsibilities Define what is expected from the interested parties Example: Roles, responsibilities, level of participation

4.3 Determining the scope of the QMS Apply all the requirements of the standard, if applicable Claimed non applicability does not affect conformity of product or services provided Scope: Is a required Documented Information Must include types of products or services Provide justification for non applications

4.3 Determining the scope of the QMS Consider the following to determine the scope: External and internal issues Requirements of interested parties Products and services of the organization Replaces ISO 9001:2008 Clauses: 1.2 & 4.2.2a)

4.4.1 Quality management system and its processes Organization shall identify the processes and determine: Inputs required and outputs expected The sequence and interaction of these processes The criteria, methods (monitoring/ measurement) The resources needed Assign responsibilities and authorities Address opportunities and risks Evaluate the processes and implement changes to achieve intended results

4.4 Quality management system and its processes Replaces ISO 9001:2008 Clauses: 4.1 Address risks and opportunities Focus on performance indicators for effective operation and control Outsourcing moved to Clauses 8.1 & 8.4

4.4.2 Maintain Documented Information Quality Manual Records Procedures

4.4.2 Maintain Documented Information Documented Information information required to be controlled and maintained by an organization and the medium on which it is contained Organizational freedom

4.4.2 Maintain Documented Information To extent necessary, the organization shall: Maintain documented information to support the operation of its processes (Documents/Procedures/WI) Retain documented information to have confidence that processes are being carried out as planned (Records)

5 Leadership Top Management person or group of people who directs and controls an organization at the highest level

5.1.1 Leadership and Commitment Ensuring: Someone else can do it Doing: they must do it themselves Management Representative

5.1.1 Leadership and Commitment Top management is required: Be accountable for the effectiveness of the QMS Ensure quality policy and objectives are in place Ensure integration of the QMS into business processes Promote use of process approach Ensure availability of resources

5.1.1 Leadership and Commitment Top management is required: Communicating the importance of effective and conforming QMS Ensuring the QMS achieves its intended results Engaging, directing and supporting persons to contribute to the effectiveness of the QMS Promoting improvement Supporting other relevant management roles to demonstrate their leadership to their areas of responsibility

5.1.2 Customer Focus New Addition: Regulatory requirements determined and met Risks and opportunities addressed Replaces ISO 9001:2008 Clause 5.2: Same focus on enhancing customer satisfaction

5.2 Quality Policy 5.2.1 Establish Policy Appropriate Provides framework for objectives Commitment to satisfy applicable requirements Commitment to continual improvement 5.2.2 Communicate Policy Maintained as documented information Communicated and understood within organization Available for relevant interested parties

5.3 Organizational Roles, Responsibilities and Authorities There is no explicit requirement to assigning a management representative, yet the responsibilities and authorities still remain Responsibilities and authorities for relevant roles are assigned, communicated and understand Ensuring that integrity of the QMS is maintained when changes are planned and implemented

6.1 Actions to Address Risks and Opportunities A consideration of these to determine the risks and opportunities that need to be addressed, specifically to: Give assurance that the QMS can achieve its intended results Enhance desirable effects Prevent, or reduce, undesired effects Achieve improvement

6.1 Actions to Address Risks and Opportunities The organization shall plan: Actions to address these risks and opportunities Integrate into QMS processes Evaluate effectiveness Proportionate to the potential impact on the conformity of products and services

Beyond Clause 6 4 Process Approach Determine the risks which can affect the ability to meet these objectives 5 Leadership Top management are required to commit to ensuring Clause 4 is followed 6 Planning Required to take action to address risks and opportunities

Beyond Clause 6 8 Operation Required to have processes which identify and address risk in operations 9 Evaluation Required to monitor, measure, analyze and evaluate risks and opportunities 10 Improvement Required to improve by responding to changes in risk

What Should I Do? Use a risk driven approach to organizational processes Identify what risks and opportunities are in your organization it depends on context ISO 9001:2015 will not automatically require you to carry out a full formal risk assessment, or to maintain a risk register ISO 31000 (Risk Management Principles and guidelines) will be a useful reference (but not mandated)

Where should I be looking for risks? You can hope or use a structured approach

What is Risk? Let s Recall Risk: An uncertain future event or condition which if happens affect the mission objective It could have a positive or negative effect Opportunity: Positive risks are called opportunities You want to take maximum advantage of these positive risks

What is Risk? Risk: Risk is associated with future event, which has not happened yet Issue: A risk which has already occurred

What is Risk? Risk Appetite: Amount and type of risk that an organization is prepared to take in order to meet their strategic objectives Risk Tolerance: Organization s readiness to bear the risk after risk treatments in order to achieve its objectives

What is Risk Management? Identification of risks Assessment of risks Prioritization of risks Resources Minimize Monitor Control Probability and/ or impact of unfortunate events Maximize Realization of opportunities

Risk Management Steps 1 2 3 4 5 Plan Risk Management Identify Risks Analyze Risks Plan Risk Response Monitor and Control Risks

Transition Timeline 2015 2016 2017 2018 September 15, 2015: Published International Standard) September 15, 2018: End of 3 years transition period

Validity of Certifications ISO 9001:2008 certifications will not be valid after three years from publication of ISO 9001:2015. The expiration date of certifications to ISO 9001:2008 issued during the transition period needs to correspond to the end of the three year transition period.

Best Time to Transition Contract Re Registration Stage 1 Assessment Surveillance 24 months Stage 2 Assessment Surveillance 12 months Registration

Key changes you do not need to make! REMOVE Management Representative RELEGATE Quality Manual and documented procedures to the trash bin RENUMBER Or rename existing QMS documentation RESTRUCTURE QMS to follow the sequence of requirements as set by the standard REFRESH Existing documentation to use the new terms and definitions

Planning To Do List Copy of the standard Gap analysis Develop an implementation plan Provide appropriate training and awareness Update the existing QMS Review registration cycle expected transition date Coordinate with your registrar

Thank You!