INTRODUCTION TO ISO 9001:2015 1
ISO 9001:2015 HAS BEEN APPROVED The revised standard will be published and available to purchase on September 23, 2015. 2
TRANSITION Organizations who are currently certified to ISO 9001 :2008 have a three year transition period from the date of publication for ISO 9001:2015. 3
RECOMMENDED ACTIONS Identify organizational gaps Develop an implementation plan Provide training and awareness for all parties that have an impact on the effectiveness of the organization Update the existing QMS to meet the revised requirements, if necessary Conduct liaison activities with certification body to determine their transition plans 4
CHANGES 1) Structure 2) Terminology 3) Context of the organization 4) Documented information 5) Process Approach 6) Quality Manual 7) Preventive Action (dropped) 9) Management Rep. 10) Quality Management principles 11) Exclusions 12) Planning 13) Work environment 14) Supplier 15) Purchased product 8) Risk based approach 5
CHANGES Fewer prescribed requirements Improved applicability for services Requirement to define the boundaries of the QMS Greater emphasis on achieving results to Improve customer satisfaction 6
REVIEW OF CHANGES
1. STRUCTURE CHANGES ISO 9001:2015 ISO 9001:2008 0. Introduction 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 0. Introduction 1. Scope 2. Normative references 3. Terms and definitions 4. Quality management system 5. Management Responsibility 6. Resource Management 7. Product Realization 8. Measurement, analysis and improvement 8
2. TERMINOLOGY CHANGES: ISO 9001:2015 (DIS) ISO 9001:2008 Products and services Products Documented information Documentation and Records Environment for the operation of processes Work environment Externally provided products and services Purchased product External provider Supplier ---Not Used -- Exclusions 9
NO MANDATORY PROCEDURES. No mandatory procedures. Where the ISO9001:2008 required six procedures, the recently released ISO9001:2015 does not suggest any specific procedures to be developed. 10
3. CONTEXT OF THE ORGANIZATION There are two new clauses relating to the context of the organization, 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties. Together these clauses require the organization to determine the issues and requirements that can impact on the planning of the quality management system This will require the organization to consider itself and its context, to determine the scope of its quality management system. 11
4. DOCUMENTED INFORMATION Replaces both procedures and records. Documented information is found in the 4.3 and 4.4 sections of the standard while there is more clarification in the Annex A. Where ISO 9001:2008 would have referred to documented procedures, it is now expressed as a requirement to maintain documented information. Where ISO 9001:2008 would have referred to records this is now expressed as a requirement to retain documented information. 12
PROCEDURES The recently released ISO9001:2015 FDIS does not suggest any specific procedures to be developed. This has been left open for organizations to decide based on the context of the organization. This gives more flexibility to the organization to decide. 13
5. PROCESS APPROACH ISO 9001:2015 promotes the process approach beyond the existing requirements of ISO 9001:2008. A whole sub-section within the Introduction section is dedicated to explaining the Process Approach. It also has its own clause 4.4. That requires businesses to systematically define and manage not just their processes, but also the interaction between them. 14
5. PROCESS APPROACH CONTINUED The process approach is a way of obtaining a desired result, by managing activities and related resources as a process. Although the clause structure of ISO 9001:2015 follows the Plan-Do-Check- Act sequence, the process approach is still the underlying concept for the QMS. Further guidance, please refer to the Support Package module: Guidance on the Concept and Use of the Process Approach for management systems. 15
6. QUALITY MANUAL, No specified requirement for a "Quality Manual". Organization s are still required to maintain documented information necessary for the effectiveness of the quality management system (QMS). But there are many ways to do this and a quality manual is just one. If it is convenient and appropriate for an organization to continue to describe its quality management system in a quality manual then that is perfectly acceptable. This reflects the fact that many of todays businesses manage their documentation (policies, procedures, instructions, forms, records etc.) electronically e.g. shared drives, public folders, intranet etc. 16
7. PREVENTIVE ACTION HAS BEEN DROPPED. The explanation for removing Preventative Action is the QMS itself is supposed to act as a preventive tool. The Annex A of the Standard states that "one of the key purposes of the QMS is to act as a preventive tool". As a result the formal preventive active requirement no longer exists in the current draft. This has been replaced with risk based approach 17
9. MANAGEMENT REPRESENTATIVE No requirement for a person to be specifically assigned. Instead, there will be an increased demand on top management to demonstrate organizational leadership. Replaced by new section/ requirement 5 Leadership - 5.1 Leadership and commitment Top management shall demonstrate leadership and commitment with respect to the quality management system 18
9. MANAGEMENT REPRESENTATIVE There is no requirement for a person to be specifically assigned. Instead, there is an increased demand on top management to demonstrate organizational leadership Although the prescriptive title of a management representative has been deleted, it is up to top management to ensure that the roles and responsibilities are assigned for reporting on the performance of the QMS. Some organizations might just maintain their current structure, with a single person carrying out this role. Others might take advantage of the flexibility to consider other structures depending on their organization s structure. 19
8. RISK BASED APPROACH More emphasis is on risk based thinking when setting up the quality management system (QMS). It will be a requirement to identify and understand risks and opportunities from external as well as internal factors and take these into account when setting up the management system. Although it is required by the organization to determine and address risks, there is no requirement for implementing a formal risk management process. 20
10. QUALITY MANAGEMENT PRINCIPLES There are now seven quality management principles on which the ISO portfolio of standards are based: a) Customer focus b) Leadership c) Engagement of People d) Process approach e) Improvement f) Evidence-based decision making g) Relationship management (suppliers) The Annex B provides a statement describing each principle and a rationale explaining why an 1703 21 organization should address the principle.
11. EXCLUSIONS There will no longer be a requirement to specify and justify Exclusions. Annex A of the standard clarifies that the organization can-not decide a requirement to be not applicable if it falls under the scope of its QMS. Also non-applicability is not allowed if that could lead to failure to achieve the conformity or to enhance customer satisfaction However, it is recognized that an organization might need to review the applicability of requirements due to the size of the organization, the management model it adopts, the range of the organization s activities, and the nature of the risks and opportunities it counters. 22
EXCLUSION S ALLOWED? ISO 9001:2015 no longer refers to exclusions in relation to the applicability of its requirements to the organization s quality management system. However, an organization can determine the applicability of requirements. All requirements in the new standard are intended to apply. The organization can only decide that a requirement is not applicable if its decision will not affect its ability or responsibility to ensure the conformity of products and services and the enhancement of customer satisfaction. 23
12. PLANNING: Now has its own section (6) and requires risks and opportunities to be taken into account when planning the QMS. Other requirements for planning i.e. planning to achieve quality objectives and changing the QMS in a planned manner have been carried forward from ISO 9001:2008. 24
WHAT CHANGED IN TERMS OF PLANNING? ISO 9001:2015 requires the organization to address risks and opportunities, quality objectives and planning of changes throughout the organization. When new products, technologies, markets and business opportunities develop, we expect organizations will want to take full advantage of the opportunities. This must be done in a controlled manner, and be balanced against the potential risks involved, which could lead to undesirable side-effects. 25
13. WORK ENVIRONMENT The term "work environment" used in ISO 9001:2008 has been replaced with "Environment for the operation of processes 14. SUPPLIER The term "supplier" has been replaced with "External provider". Organizations do not need to change this term in their QMS as well. Organizations can still maintain the term "supplier", "vendor", "contractor", "consultant" etc. as per their own need. 26
15. PURCHASED PRODUCT The term "purchased product" has been replaced with "externally provided products and services". This now refers to the "external provider" as opposed to the "supplier" to help clarify that activities (products and services) which are outsourced e.g. subcontract treatments, services and hire are included and must be controlled as appropriate. Previously the emphasis was on controlling purchased product 27
RISK - BASED THINKING Risk-based thinking is something we all do automatically and often subconsciously to get the best result The concept of risk has always been implicit in ISO 9001 this revision makes it more explicit and builds it into the whole management system Risk-based thinking ensures risk is considered from the beginning of a process and throughout the process Risk-based thinking makes preventive action part of strategic planning Risk is often thought of only in the negative sense. Risk-based thinking can also help to identify opportunities. This can be considered to be the positive side of risk 28
RISK IN THE ISO9001:2015 CLAUSES In the Introduction the concept of risk-based thinking is explained. In Clause 4 (Context of the Organization) the organization is required to determine the risks which can affect its ability to meet business/quality objectives. In Clause 5 (Leadership)- top management is required to commit to ensuring Clause 4 is followed. In Clause 6 (Planning for the quality management system) - the organization is required to take action to identify risks and opportunities 29
RISK IN THE ISO9001:2015 CLAUSE (CONT D) 5) Clause 8 (Operation) - the organization is required to implement processes to address risk 6) Clause 9 (Performance evaluation) - the organization is required to monitor, measure, analyze and evaluate the risks and opportunities 7) In Clause 10 (Improvement) - the organization is required to improve by responding to changes in risk 30
WHY RISK-BASED THINKING? Successful companies intuitively take a risk-based approach because it brings benefits To improve customer confidence and satisfaction To assure consistency of the quality of products and services To establish a proactive culture of prevention and improvement. 31
WHAT SHOULD MY COMPANY DO TO PREPARE? Use a risk driven approach in all organizational processes: - Identify what the risks and opportunities are in your organization. - Have a Readiness audit performed by an accredited and certified senior lead auditor. Notes: - ISO9001:2015 does not require a formal risk assessment or a specific single document. - The information must be kept available and could be electronic, audio, video, written or any other type of media. 32 - ISO31000 (Risk management Principles and Guidelines) may be useful for companies that want a more formal process but it is not mandatory.
SUMMARY In a nutshell, Risk based thinking is to: 33 Analyse and prioritize the risks and opportunities in your organization what is acceptable? what is unacceptable? which opportunities should be acted on? Plan actions to address the risks and opportunities how can I avoid, eliminate or mitigate the risk? how can I realize opportunities? Implement the plan take action Check the effectiveness of the actions does it work? Learn from experience continual improvement
REMEMBER! Risk Based thinking is not New! It is: something you do already is continuous ensures greater knowledge and preparedness increases the probability of reaching objectives reduces the probability of poor results makes prevention a habit 34
Thank you for joining us. 35