Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
ISO 9000-9001:2015 current standards, what a business must do to be certified Group 2a
Transcript of ISO 9000-9001:2015 current standards, what a business must do to be certified Group 2a
MGT 371-500 Dr. Fisher
Stephen F. Austin State University
(SFA) Fall 2015
Purpose of presentation
A Brief Overview of ISO 9001:2015 Current Standards
A Guide to Certification
ISO 9001 might be the Most Confusing Document in
The following information attempts to break down the
Requirements & Standards into plain English
and give the reader an outline to use on their path to Certification.
QMS Structure for ISO 9001:2015
ISO 9001:2015 will follow the new common structure for management system standards “Annex SL”
All quality management system standards will have common high level sections, text, and terms and Definitions
The common structure will especially benefit organizations with integrated management systems
The “needs and expectations of interested parties” must be Determined
*refers to customers and other stakeholders
The “context of the organization” must be determined
*i.e., internal and external issues relevant to the organization
Who, What, & When of ISO
4.1 Understanding the Organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4. Quality Management System
4.4.2. Process Approach
Clause 4. Context of The Organization
ISO 9001:2008 VS ISO 9001:2015
Key Requirements – Clause 4
Senior managers need to understand the expectations of all relevant parties
Know how internal and external challenges could affect their ability to meet these expectations
Quality Management Systems can no longer be held at arm’s length, but should form part of the strategic direction of the business
Determine process risk
Measures in place to ensure effective operation
Allocate responsibilities for particular processes or sets of processes
Clause 5. Leadership
Key Requirements – Clause 5
Ensure quality policies are aligned with strategic direction
Identify, assess and manage all risks that could stand in the way of meeting product requirements
Need to allocate responsibility for process management
Clause 6. Planning
Key Changes – Clause 6
risk and opportunities
that relate to
product conformity and customer satisfaction that
in a systematic manner
Clause 7. Support
7.5 Documented Information
Key Requirements – Clause 7
Manage changes to resources more effectively
Determine, present and maintain knowledge to continuously meet customer needs and improve their overall satisfaction
The competence requirements that relate to every process or set of processes within organizations
Clause 8. Operation
8.1 Operational Planning & Control
8.2 Determination of Market needs & interactions with customers
8.3 Operational Planning process
8.4 Control of external Provision of Goods & Services
8.5 Development of Goods & Services
8.6 Production of goods and provision of services
8.7 Release of goods and services
8.8 Nonconforming goods & services
Key Requirements – Clause 8
Contingency planning to improve customer communication
Ways to assess the suitability of a design before it reaches operations.
Importance of controlling all outsourced activities through efficient risk management
Clause 9. Performance evaluation
Key Requirements – Clause 9
Strong monitoring and measurement requirements
Its relation to risk and the effectiveness of an
organization’s quality management system
Analysis and Evaluation of records
Management Review of effective risk actions
Clause 10. Continual Improvement
Structured approach for Continual Improvement
Key Requirements – Clause 10
Clause 3.1 “information required to be controlled and
maintained by an organization and the medium on
which it is contained".
What should be “Documented” (1)
QMS and processes (4.4)
Monitoring and measurement resources (7.1.5)
Performance of processes (8.1)
What should be “Documented” (2)
Review of customer requirements (8.2.3)
External providers evaluation (8.4.1)
Characteristics of product (8.5.1.a)
Review of changes (8.5.6)
Dealing with nonconforming product
What should be “documented” (3)
Evidence of results (9.1.1)
Internal audit program and results (9.2.2)
Management review (9.3.2)
Where are my exclusions?
Where a requirement of this International Standard within the determined scope can be applied, then it shall be applied by the organization.
If any requirement(s) of this International Standard cannot be applied, this shall not affect the organization’s ability or responsibility to ensure conformity of products and services.
Where Do You Address Risk in ISO 9001:2015?
The concept of “risk” in the context of ISO 9001 relates to the uncertainty of achieving such objectives
The concept of “opportunity” in the context of ISO 9001 relates to exceeding expectations and going beyond stated objectives
To establish a proactive culture of prevention and
A dictionary definition of risk is “the possibility of loss or injury.”
Negative risk involves understanding potential problems that might occur in the project and how they might impede project success
Negative risk management is like a form of insurance; it is an investment.
Risk Can Be Positive
Positive risks are risks that result in good things happening; sometimes called opportunities
The goal of project risk management is to minimize potential negative risks while maximizing potential positive risks
قRisk and ISO 9001:2015
Risk is the effect of uncertainty on an expected result.
Risk is very detailed in the standards and Requirements of ISO 9001:2015
Think about adding/using words that are typical in the risk process, such as, risk determination, risk control, risk mitigation, acceptable level of risk.
Risk in ISO 9001:2015
3.09 Risk - effect of uncertainty (definition)
4.1 Organization shall take account of these issues for determining risk..
4.4.f “the risks and opportunities in accordance with the requirements of 6.1, and plan and implement the appropriate actions to address them
5.1.2.b “the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed”
Risk - Continued
6.1 “Actions to address risks and opportunities”
6.1.1 “determine the risks and opportunities that need to be addressed”
6.1.2.a “The organization shall plan: a) actions to address these risks and opportunities”
6.3 Planning and Controlling Changes 6.3.a "identification of risk and control measures associated with product"
8.4 Control of External Processes or Products- evaluation based on risks and risk control
8.5.1 Design and Development, define c) risk
8.5.3 Implement c) risk control measures
8.5.5 “the risks associated with the products and services”
8.6 Execution/Implementation 8.6.1h) implementation of risk controls
9.3.1 “the effectiveness of actions taken to address risks and opportunities”
Opportunities and Threats in Business
What organizations can do to insure certification
What should You do?
Use a risk-driven approach in your organizational processes
identify what the risks and opportunities are in your organization – it depends on context
ISO 9001:2015 will not automatically require you to carry out a full, formal risk assessment, or to maintain a “risk register”
ISO 31000 (“Risk management — Principles and guidelines”) will be a useful reference (but not mandated)
What should you do? (continued)
Analyze and prioritize the risks and opportunities in your organization
what is acceptable?
what is unacceptable?
Plan actions to address the risks
how can I avoid or eliminate the risk?
how can I mitigate the risk?
Implement the plan – take action
Check the effectiveness of the actions – does it work?
Learn from experience – continual improvement
What Should an Organization do Now?
Since risk is documented in most sections of ISO 9001:2015, consider starting your risk management plan, if you don’t have one. Begin thinking how to address risk in your business.
Insure your company has a QMS in place that is process approach, risk based, and built around the "Annex SL" scaffolding.
Document, Document, and Document some more
I need to ensure my organization . . .
understands the key concepts
plans to implement the standards and requirements
stays informed as we go through the process
takes full advantage of the QMS
Remember, document, document and document some more
What can you do now to prepare for ISO 9001:2015?
yourself and your organization
the gaps between your current system (if you have one) and the new requirements
implementation of the standards and requirements
Thank You !
Doug Del Rossi
ISO 9001:2015 is a Quality Management Standard
ISO standards are usually developed by its Technical Committees (“TC’s”) and Sub-committees (“SC’s”)
ISO/TC176/SC2 (Quality Systems) is responsible for ISO 9001
There are 7 Principles of Quality Management Standards
So What is ISO 9001:2015 ?
It Defines a Set of Quality Management Requirements
There are 7 Requirements
(starting with sect. 4 thru sect. 10) of the
ISO 9001:2015 Standards & Requirements Manual
So What is ISO 9001:2015 ?
Seven Quality Management Requirements
ISO 9001:2015 Quality Management System
Any Organization can achieve these objectives
if it Establishes a
Quality Management System (QMS)
Organizations use to formulate Quality Policies, Quality Objectives, and Establish Processes
A Quality Management System
is a set of
Interrelated / Interacting Elements
However, it will require the addition of discipline-specific requirements to make a fully functional QMS.
ISO 9001:2015 Standards consist of an introduction and ten sections.
The introduction and sections 1-3 are only in the Standard for guideline purposes. You
have to implement them as these sections are not used in the audits.
Define the Set of the Seven Quality Management Requirements and include the "shall" (requirements) of the Standards.
"Shall" is the operative word in ISO 9001:2015
The word indicates a requirement whenever it appears in sections 4-10; including subsections and parts a,b,c, etc...
A "shall" can often be satisfied by communicating a requirement, developing a process, documenting a procedure, keeping a record, training personnel, inspecting a product, or any number of other controls.
It is up to the organization to decide how it will address the requirement
Sections 4-10 and the "Shall" statements are the meat and potatoes of ISO 9001:2015 Standards.
The Low Down on ISO 9001:2015
0.3.1 Process approach "General" - An organization is composed of linked activities - processes that transform inputs to outputs.
The requirements of ISO 9001: 2015 are organized as processes, with explicit connections from one process to the next.
0.3.2 Plan-do-check-act cycle - The plan-do-check-act (PDCA) cycle is an improvement methodology that can be applied to any process.
0.3.3 Risk-based thinking - Risk-based thinking has been implicit in previous revisions of ISO 9001, but now it is an explicit requirement in ISO 9001: 2015.
Actions to address risks and opportunities are key drivers of the QMS.
0.4 Relationship with other management system standards.
The structure of ISO 9001: 2015 was modified to make it more compatible with other management system standards, such as ISO 14001.
ISO 9001:2015 makes use of two guidance documents that are designed to aid users in the interpretation of the standard.
These guidance documents are ISO 9001:2015 (Quality Management systems - Fundamentals and vocabulary) and ISO 9004:2009 (Managing for the sustained success of an organization).
0.1 General - Implementing a management system is a strategic decision, intended to drive the success of the organization.
The process approach is a key theme of ISO 9001: 2015, as is risk-based thinking.
0.2 Quality management principles - Seven principles are at the foundation of ISO 9001: 2015
Engagement of people
Evidence-based decision making
1) Scope ISO 9001: 2015 is intended to be used by organizations that desire to produce products and services that meet customer and applicable statutory and regulatory requirements, and that wish to enhance customer satisfaction through the use of a QMS.
ISO 9001: 2015 was written to apply to any organization, no matter what kind of product or services it produces, or what kind of processes it employs.
Sections 1-3 cont...
2) Normative references ISO 9000: 2015, the fundamentals and vocabulary standard, is the normative reference for ISO 9001: 2015.
In theory, this means that the definitions it provides may be used to clarify and reinforce requirements in ISO 9001: 2015.
Sections 1-3 cont...
3) Terms and definitions
The guidance document ISO 9000: 2015 provides the terms to be used in ISO 9001: 2015
The Requirements - Sections 4-10
4) Context of the organization - This section comprises foundational activities that influence the way the rest of the standard is applied in the organization.
These activities include:
understanding the organization and its context,
understanding the needs and expectations of interested parties
determining the scope of the QMS and its processes
These are not only the first auditable sections of ISO 9001: 2015, but they also represent the first sections that an organization would need to implement.
4.1) Understanding the Organization and its context:
This clause could be titled “Take a hard look around you.” That’s exactly what the requirement is asking you to do, and it’s a logical starting point for ISO 9001: 2015.
The organization must explore the major elements of its internal and external environment, being as objective and honest as possible, no matter what’s revealed.
This isn’t a minor exercise. It’s a significant process that establishes a foundation for the entire management system.
Examine the external and internal environments
Do it honestly and with a fresh perspective
Document what you learn and use it as an input to the rest of your management system
Monitor and review the information, and periodically go through the whole process again
Note: Documenting this is not a requirement of ISO 9001: 2015, though it would make the process sustainable and easier to communicate.
Say What You Do
Do What You Say