You are on page 1of 171

ISO 9001:2015

By: MBA, M.A, Dipl. Vet. Specialist. Mohammed Ghorab


Handy : (+2) 01005474734, (+20) 01018717045, (+49) 017684345821, (+49) 015738597543
Ghorabmohammed@hotmail.com, M.ghorab@daad-alumni.de, M.ghorab@Egyptair.com

Introduction of participants
The 5 Ws
Who are you ?
What is your preferred name in class?

Where do you work?


What is your job title, and
What are your main responsibilities?
Why are you attending this course?
Please define your expectations

keep

Punctuality

Data forms

Participation

Certificates

Phones

No smoking

Documentation
3

Agenda:

Welcome and Administration


Introduction to ISO 9001 History
Content of ISO 9001
ISO 9001:2015

Course Objectives
ISO 9001 is a standard that sets out the
requirements for a quality management system.
It helps businesses and organizations to be more
efficient and improve customer satisfaction.
A new version of the standard, ISO 9001:2015,
has just been launched, replacing the previous
version (ISO 9001:2008).

Who must attend this course


Every body in the organization from different
levels as ISO is everybody concern.

Name Tag

What is ISO?

What is ISO 9001?


The ISO 9001 Quality Management System is the
worlds most popular quality improvement
standard, with over one million certified
organizations in 180 countries around the globe. It
is the only standard in the 9000 family of standards
published by the International Organization for
Standardization (ISO) that can be used for the
purpose of conformity assessment. ISO 9001 also
serves as the basis for many other important sectorspecific standards, as well as widely used
management system standards such as OHSAS
18001 and ISO 14001.

ISO 9001 Revision


The International Organization for Standardization
(ISO) is working on a major revision of the ISO
9001 standard. The last revision dates back to 2008
and introduced a small number of new
requirements. Publication of the final version of ISO
9001:2015 is expected at the end of 2015. The
working draft, ISO/DIS 9001:2015, is now available,
and has a clear objective.

Effectiveness and efficiency def:


Doing the right thing (Result)
Doing the thing in a right way (Methodology)
Group Task:
Give me example: A Football Match
Goals achieved (WON)
Performance and way in playing

W.I and SOP: How to do the Process


Objective
Procedures, Process
4W

WI, SOPS
How
Record
(Evidence)

ISO Introduction

Revision Timeline
The working draft, ISO/DIS 9001:2015 was distributed for
review and comment on May 8, 2014. The Committee Draft
(CD) published in the run-up to this draft received around
3,000 comments and was approved by 80% of the countries
in a preliminary vote. The international community has been
invited to submit their comments on this interim working
draft by July 2014.
Publication of the official draft international standard (DIS) is
expected in September 2014. After the commenting period,
the final draft international standard (FDIS) will then be
passed before its presentation, scheduled for November
2014. Publication of the final version of ISO 9001:2015 is
expected in September 2015.

New Structure
It is certain that a high-level structure will replace
the existing structure. This structure is in
accordance with the requirement of the ISO
Directive, Annex SL 2013.
All management system standards developed in the
future will use a consistent structure and outline
such as identical core texts, common terms and core
definitions. This is to ensure that all sections of
management system standards share the same
section headings and core texts. The ISO 14001 and
BS OHSAS 18001 standards will also be revised in
accordance with the same structure.

Summary of the Key Changes


The new draft is designed to make the standard
more generic and more easily applicable by
service industries. Therefore, the term product
has been replaced by products and services
when specifically referring to the deliverables for
the customer.

Context of the Organization


The high-level structure and the core text
established in Annex SL, Appendix 2, have
introduced two new clauses related to the
context of the organization:
4.1 Understanding the organization and its
context
4.2 Understanding the needs and expectations of
interested parties

These two clauses require the organization to determine the issues and
requirements that can impact the planning of the quality management
system (QMS) and can be used as input for the development of the QMS.
The stakeholder approach, considered one of the most modern corporate
governance principles, is new. This approach is based on the assumption
that long-term business success can only be ensured by considering the
requirements of company stakeholders. The approach has been described
for many years in ISO 9004:2009, Section 4.4 Interested parties, needs
and expectations, and has been introduced in the draft standard. In
comparison to Customer Relationship Management (CRM), which only
addresses the relationship between an organization and its customers, the
principle of Stakeholder Relationship Management (SRM) goes
significantly further. It tries to balance the relationship of the organization
with all, or with the most important, stakeholders/interested parties.
These could include direct consumers, suppliers and retailers and other
parties along the supply chain, authorities and other relevant interested
parties. As a new feature in this draft, the term interested parties now
also includes owners, people in an organization, bankers and even
competitors.

Although this DIS refers to the determination of


the requirements of major interested parties, it
does not require that products and services have
to fulfill the need and expectations of external
parties. This is with the exclusion of already
mentioned external parties in ISO 9001:2008,
i.e. customer and authorities, etc. Such a
requirement would require a change in the scope
of the standard, which is not covered under the
revision.

Process Approach
The ISO 9001:2008 standard promoted the
adoption of a process approach when developing,
implementing and improving QMS effectiveness.
The draft standard does so even more explicitly in
Section 4.4 Quality management system and its
processes. This sub-chapter lists the essential
requirements of a process-focused management
approach. Inputs and outputs of each process must
be defined. In the future, the standard will require
the measurement of performance indicators and the
assignment of responsibilities.

What is the process approach?

The systematic management of processes and


their interactions to achieve intended results

24

What is the process approach?


All organizations use processes to:
set interrelated or interacting activities
transform inputs into outputs
build in checks to meet objectives and
promote continuous improvement
The process approach integrates processes into
a complete system to achieve strategic and
operational objectives
25

How do I do it?
To use the process approach an organization
should:
understand and define the processes
needed to meet its objectives
recognize that the processes are unique to
its own context
integrate all of the processes and their
interactions into a system that utilizes
risk-based thinking
.
26

Process approach and risk-based


thinking
The process approach incorporates risk-based
thinking

Risk-based thinking ensures risk is


considered when establishing, implementing
and maintaining a management system, each
process and each activity

27

The process approach and PDCA


Processes can be managed using the PDCA
cycle
Plan

set objectives and build


processes necessary to
deliver results
Do
implement what was planned
Check monitor and measure processes
and results against the objectives
Act
take actions to improve results

28

Documented Information
The term documented information replaces
the previous terms documents and records.
The intention was to give users more flexibility.
This also applies to the description of processes.
The organization determines the extent of
documented information on processes,
depending on factors such as process complexity
or employee competence. Documented
procedures previously required by the standard
are no longer necessary.

Management Responsibilities
The draft standards increase management
responsibilities. In the future, responsibilities
previously held by the Quality Management
Representative will rest with top management
and a more precise assignment of roles and
responsibilities will be required.

Management Review
The scope of the management review is extended
by the addition of the aspects strategic direction
of the organization, consideration of the
relevant interested parties and assessment of
risks and opportunities at a strategic level.

Risk and Preventive Actions


The high-level structure and core texts specified in Annex SL,
Appendix 2, does not include a clause stating specific
requirements for preventive measures. The reason is
because acting as a preventive tool is one of the key
purposes of a quality management system (risk prevention).
The emphasis on a risk-based approach is referenced in many
places in the draft standard, from risk assessment in Section
4.4 Quality management system and its processes,
leadership issues in Section 5.1.1 and a separate sub-clause in
Section 6.1.2 Actions to address risks and opportunities to
risk-based approaches in Operational planning and control
(Chapter 8.1) and Management review (Chapter 9.3). While
the draft demands that risks are identified and acted upon,
there is no requirement for standardized risk management.

33
Dr.Mohammed Ghorab

Q: What is Risk:

What is Risk ?

"boiling frog syndrome," referring

to the
metaphor that a frog put in boiling water
will jump out, while one in cold water
won't notice the danger if the
temperature heats up slowly.

What the market needs to focus on now is the


temperature of the water," Howard Esaki,

global head of structured finance


research at Standard & Poor's, said at a
year-end 2014 commercial real estate
briefing.

What is Risk ?
Risk is
The level of exposure to uncertainties that the
enterprise/organization must understand and
effectively manage as it executes its strategies to
achieve its business objectives and create value.

Source: Alain LeBlanc, CD, B.Eng., M. Sc, M. Eng. 2011, Canadian Society of Value Analysis

Define the following according to your


business position giving examples:

Business objectives
Value
Lost value
Gained value-added value
Created value

Treatment Failure due to disease


description disorder

A true story for understanding the next


model:

Risk assessment and estimation differ from person to person

Risk: Internal or External ?


Internal

Your own Project


Your own Business
Inside the organization

External

Legislation
Market Forces
Exchange Rate Fluctuations

Risk is not only something bad will happen but also something
good will not happen (opportunities Vs. Problems)

Diagrams shows forming of risk appetite:


(Green, High normal, above normal, yellow
risky, dangerous

How Corporate Appetite could


eliminate Risks:

Risk Management Process


1. Identify Risks
2. Quantify Risks
3. Identify Countermeasures

4. Implement Countermeasures
5. Monitor and Review
Source: Andy Osborne, Risk Management Made Easy

Risk Management Process:

Flow Chart of Risk Process

1. Identify Risks
Categorize and differentiate between different
types of risks
Strategic Risks:
Business Planning
Business Growth
New Markets/ Products/Services
Mergers/Alliances

1. Identify Risks
Operational Risks:
Production
Distribution
Service delivery
Pollution/Environmental Issues

Financial Risks:
Cash Flow
Sales
Contracts

1. Identify Risks
Regulatory/Compliance Risks:

Breach of Regulation
Failure to meet Legal Requirements
Loss of Operating License

Healthy and Safety Risks:


Workplace Accidents
Injuries or Death
Litigation

1. Identify Risks
Technology Risks:
IT Failure
Data Loss
Equipment Failure

Project Risks:
Failure to meet time scales
Increased Costs
Failure to meet business requirements

1. Identify Risks
List all the risks the business may face
Assess the loss from each risk
Focus on the most critical type of risk

2. Quantify Risks
Here we want to assess:
How likely a certain risk will happen ?
Probability/ Likelihood to happen

How will it impact/hurt the business ?


Two Types of Impacts

2. Quantify Risks

Impacts
Ratings

2. Quantify Risks

Likelihood
Ratings

2. Quantify Risks

2. Quantify Risks

2. Quantify Risks
A Risk Matrix: a tool used to rate the
significance of the identified risks based on the
impacts and likelihood ratings.
Different forms of the risk matrix can be used,
however, the simplest one is

3 X 3 Grid

2. Quantify Risks

Example:
4 X 4 Matrix

2. Quantify Risks
Risk Assessment Summary

2. Quantify Risks
The risk rating which is a
combination of likelihood
and impact is a rating of
the significance of each
identified risk.
The nearer is the risk to
the top-right right corner
of the matrix,
the more significant is
the risk.
Impact

3. Identify Countermeasures
After the assessment of the identified risk and
prioritizing the risks.

How to deal with these risks ?

3. Identify Countermeasures
Risk responses based on significance

3. Identify Countermeasures
How to response to risks ?

3. Identify Countermeasures
Risk Acceptance: When ?
Likelihood = Low & Impact = Low
Costs of addressing risk > Potential loss

3. Identify Countermeasures
Risk Management: When ?
Likelihood = High & Impact = Low
Approaches through training, education and
monitoring, improving processes

3. Identify Countermeasures
Contingency Planning: When ?
Likelihood = Low & Impact = High
E.g. Large financial losses, reputation damage

3. Identify Countermeasures
Contingency Plans could be:
- Crisis

Management
- Communication with customers and
stakeholders
- Alternative ways of supply and
distribution
- Relocation and recovery of critical
business functions

3. Identify Countermeasures
Insurance

Outsourcing

Risk
Transfer

Example: To cross the road I may go directly or I


may use a nearby footbridge. Which process I
choose will be determined by considering the risks.
Risk is commonly understood to have only negative
consequences; however the effects of risk can be
either negative or positive.
In ISO 9001:2015 risks and opportunities are often
cited together. Opportunity is not the positive side of
risk. An opportunity is a set of circumstances which
makes it possible to do something. Taking or not
taking an opportunity then presents different levels
of risk.
Example:
Crossing the road directly gives me an opportunity
to reach the other side quickly, but if I take that
opportunity there is an increased risk of injury
from moving cars.

Risk-based thinking replacing preventive


action in ISO 9001:2015 The benefits
ISO 9001:2015 standard requires us to take a risk-based
approach to quality management. This involves taking a
greater strategic view of risk within your business, and
also ties in with the changes in leadership requirements
So, given that your top management team should now be
involved in the process of identifying, recording,
removing, and mitigating risk, then you can see that
from the start, using a risk-based thinking process
should far surpass preventive action in terms of
effectiveness. Ensuring that your management team has
a forum for identifying risk at the regular management
meetings can be a vital step toward this. Equally
important is ensuring that all employees at a lower level
have a channel where they can feed their opinions
upwards for consideration by the management team.

When these two processes are in place, you will have a


risk-based thinking process that is presided over by the
top management team, which holds all the key strategic
knowledge about threats to the business, and is
supported by information from all levels some of
which may have previously remained unknown to them.
So, in effect, in place of a one-dimensional preventive
action process, which usually was carried out at a lower
level and remained there, you now have a risk-based
thinking process presided over by the team who has all
information available to them from the pinnacle of the
company, filtering all the way down. With the decisions
made from this process, and the ensuing actions, it is not
difficult to see that the documented actions and
objectives will be more effective on a company-wide
basis than the preventive action process was.

what does your organization have to do to get up


to speed with this change?
There will be a transition period of up to three years for
implementation of the new standard, but some of the changes are
so beneficial that the sooner you start, the better. Encouraging
your top management team to embrace the changes in leadership
requirements and coupling this with a new risk-based thinking
process makes perfect sense. The sooner you can facilitate both,
and encourage the synergy between the two, the more in tune your
organization will be to the threats and risks you will have to
navigate in the coming months and years. And, as we all know,
where there are risks there are almost always opportunities, so
identification of these are another positive spinoff of adopting this
overall approach as soon as possible. Removal and mitigation of
risk almost always ensures company growth, which can only be
good news for your organization. ISO 9001:2015 is a standard that
goes far beyond company quality standards, and its outputs ensure
that your organization can be protected and improved, and new
opportunities identified, as stated above. Given that these changes
are so beneficial

Where is risk addressed in


ISO 9001:2015?

74

Risk-based thinking is in:


Introduction - the concept of risk-based thinking is
explained
Clause 4 - organization is required to determine its
QMS processes and address its risks and opportunities
Clause 5 top management is required to
Promote awareness of risk-based thinking
Determine and address risks and opportunities that
can affect product /service conformity
Clause 6 - organization is required to identify risks and
opportunities related to QMS performance and take
appropriate actions to address them

75

Risk-based thinking is in:


Clause 7 organization is required to determine and
provide necessary resources
Clause 8 - organization is required to manage its
operational processes
Clause 9 - organization is required to monitor,
measure, analyse and evaluate the effectiveness of
actions taken to address risks and opportunities
Clause 10 - organization is required to correct, prevent
or reduce undesired effects and improve the QMS and
update risks and opportunities
Note, risk is implicit whenever suitable or appropriate
is mentioned (clause 7 and 8)
76

Why use risk-based thinking?


Successful organizations intuitively apply riskbased thinking because it brings benefits that:
improve governance
establish a proactive culture of improvement
assist with compliance
assure consistency of quality of products and
services
improve customer confidence and satisfaction
77

How do I do it?
Identify what your risks are it depends on
context
Use risk-based thinking to prioritize the way you
manage your processes

ISO 9001:2015 does not require formal risk


management
ISO 31000 Risk management Principles and
guidelines may be a useful reference for
organizations that want or need a more formal
approach to risk (but its use is not obligatory)
78

How do I do it?
Balance risks and opportunities

Analyse and prioritize your risks


what is acceptable?
what is unacceptable?
Plan actions to address the risks
how can I avoid, eliminate or mitigate
risks?
Implement the plan; take action
Check the effectiveness of the action; does it
work?
79

Conclusions
Risk-based thinking:

is not new
is something you probably do already
is ongoing
ensures greater knowledge of risks and improves
preparedness
increases the probability of reaching objectives
reduces the probability of negative results
makes prevention a habit
80

How Can You Prepare?


At this stage, it is relatively easy to predict the
updated QM-specific contents that will be
included in the ISO 9001:2015. The
requirements of the above sections will only be
subject to minor changes. Organizations that
have established management systems should
familiarize themselves with the changes and
subsequently upgrade their management
systems accordingly in 2015 and 2016.

There will be a three-year transition period


during which both the old and the new standard
will apply in parallel. However, within the scope
of certification, organizations should not leave
the upgrade until the very end of the transition
period. We recommend that organizations
upgrade their systems to the new standard at an
early stage within the scope of a regular recertification audit.

Your Business Benefits


Save money and time through quality management
practices that increase your organizational efficiency,
productivity and profitability.
Minimize risk by consistently achieving a level of quality
defined by the standard, thus ensuring your products and
services are less likely to fall short of customer expectations.
Profit from an expert partnership an internationally
recognised and respected brand.
Increase your competitiveness with a quality
management system that attracts investors and lowers trade
barriers to your business.
Gain market recognition with the worlds most widely
known quality management system, which can help establish
your presence as a supplier when entering a new market.

History

ISO 9000 was first published in 1987. It was based on


the BS 5750 series of standards from BSI that were
proposed to ISO in 1979. However, its history can be
traced back some 20 years before that, to the publication
of the United States Department of Defense MIL-Q-9858
standard in 1959. MIL-Q-9858 was revised into the
NATO AQAP series of standards in 1969, which in turn
were revised into the BS 5179 series of guidance
standards published in 1974, and finally revised into the
BS 5750 series of requirements standards in 1979 before
being submitted to ISO. The first revision was done in
1994, and the standard was issued as a quality assurance
system. At this point, the standard had three substandards: ISO 9001, ISO 9002, and ISO 9003. The next
revision of the standard was done in the year 2000, and
this standard defined the Quality Management System.
In 2008 the third revision was published, and now the
2015 revision is the current revision

What are the major differences ?


The most noticeable change to the standard is its new
structure. ISO 9001:2015 now follows the same overall
structure as other ISO management system standards
(known as the High-Level Structure), making it easier
for anyone using multiple management systems. More
information can be found in Annex SL of ISO/IEC
Directives Part 1 (the rules for developing ISO
standards).
Another major difference is the focus on risk-based
thinking. While this has always been part of the
standard, the new version gives it increased
prominence. More information on how to adapt to this
risk-based thinking can be found on the Website run by
ISO/TC 176/SC 2, the group of experts behind the
standard (www.iso.org/tc176/sc2/public).

ISO 9001:2015 version follows the new highlevel structure and comprises ten sections:
ISO 9001:2008

ISO 9001:2015

0. Introduction

0. Introduction

1. Scope

1. Scope

2. Normative reference

2. Normative reference

3. Terms and definitions

3. Terms and definitions

4. Quality management system

4. Context of the organisation

5. Management responsibility

5. Leadership
6. Planning

6. Resource management

7. Support

7. Product realisation

8. Operation

8. Measurement, analysis and


improvement

9. Performance evaluation
10. Improvement

DIFFERENT TERMINOLOGY IN ISO 9001:2008 AND ISO


9001:2015
ISO 9001:2008

ISO 9001:2015

Products

Products and services

Documentation, quality manual,


documented procedures, records,
instructions

Documented information

Work environment

Environment for the operation of


processes

Monitoring and measuring equipment

Monitoring and measuring resources

Purchased product

Externally provided products and


services

Supplier

External provider

Assignment 1:
What does it require to eat an excellent
sandwich?

Sandwich process:

Whats the new structure?


The new structure of 9001:2015 is similar to the
9001:2008 as the first 3 sections are Scope,
Normative References, & Terms and Definitions.
In the 2015 revision sections 4 through 8 are
now 4 through 10, but still based on the PDCA
model.

Detailed ISO:

So the structure is new, what else?


The standard will have a cross-reference in its Annex comparing the changes
between 2008 and 2015.
Risk management: This is probably the most significant change and is
mentioned throughout the standard. Formal risk management (e.g. according
to ISO 31000) is not required, but some form of consideration needs to be
applied.
Process approach: This no longer only relates to recognizing the workflows in
the company, but now managing the workflows in a more specific manner.
Documentation: Now more flexible. Records and documents will become
documented information. You shouldnt get rid of your documentation as
you still need objective evidence of meeting the requirements, but how you
document is more open to best fit for your organization
Leadership: A formal management representative is no longer specified, but
the standard still requires commitment, responsiveness, active support,
communication, and feedback from the organization to ensure the
establishment, implementation and the maintenance of system. In short,
someone still has to be responsible but the responsibility is shared.
Context of the Organization: Providing a high-level understanding of the issues
that can affect, either positively or negatively, the way the organization
manages its responsibilities for the system. Issues can include conditions,
characteristics, or changing circumstances that can affect the system.

I have an integrated ISO 9001 with ISO 14001 and/or


OHSAS 18001, how will this affect my system? ISO
9001:2015 HAS A HIGH LEVEL STRUCTURE (HLS)
The standards are now being based on Annex SL to allow
for easier integration. You will need to plan your
transitions carefully as they have different publication
dates.
As a result of the new arrangement in ten clauses, ISO
9001:2015 now has the same unambiguous structure as
all standardized management systems, known as a High
Level Structure (HLS).
The core elements of ISO 9001, ISO 14001, ISO 22000,
OHSAS 18001, etc. are therefore all the same from now
on. This has made the integration of various
management systems much simpler. If, for example, an
organization wishes to implement ISO 14001 in addition
to ISO 9001, the parts that cover the same topic can
easily be seen in the standards.

HLS

Some of the proposed changes in


the updated standard include:
New formatting of the Standard against Annex
SL
Removal of the Management Representative role
Identification and management of Interested
Parties
Removal of the preventive action principal
Addition of risk based assessment of
opportunities
Reduction of Quality Principles from 7 to 8

How Change is addressed within ISO


9001:2015
Purpose: To explain the new requirement for
Change in ISO 9001:2015

6.3 Planning of changes


8.1 Operational planning and control
8.3.6 Design and development changes
8.5.6 Control of changes

Purpose of this new requirement:


One of the goals of the ISO 9001:2015 revision is to
enhance the requirements for addressing changes at
system and operational levels. The ISO 9001:2015
requirements provide a strong basis for a
management system for business that supports the
strategic direction of the organization. Once the
organization has identified its context and interested
parties and then identified the processes that
support this linkage, addressing changes becomes
an increasingly important component of continued
success.

Once its processes are determined, an


organization will need to identify the risks and
opportunities associated with these processes.
To achieve the benefits associated with the
determination of risks and opportunities,
changes may be needed. These changes can be
related to any element of the process, such as
inputs, resources, persons, activities, controls,
measurements, outputs, etc.

Changes are intended to be beneficial to the


organization and need to be carried out as
determined by the organization. In addition,
consideration of new introduced risks and
opportunities need to be taken into account.

To achieve the benefits associated with changes, the


organization should consider all types of changes
that may need to occur. These changes may be
generated, for example, in:
Processes
Documented information
Tooling
Equipment
employee training
supplier selection
supplier management
and many others

The successful management and control of these


changes has become a core requirement within
the organizations QMS.

ISO 9001:2008
Clause 4.1 (Quality management system General
requirements) of ISO 9001:2008 requires:
The organization shall establish, document,
implement and maintain a quality management
system .
In addition clause 4.2.1 (Documentation
requirements General) of ISO 9001:2008 requires
organizations to have a Quality Manual as a part of
documentation.
Clause 4.2.2 (Quality manual) provides the details
on what should be included in the Quality Manual.

ISO 9001:2015 Quality Manual?


Clause 4.4.1 (Quality management system General) of ISO
9001:2015 Committee Draft (CD) requires:
The organization shall establish, implement and maintain a
quality management system .
Difference:
Newly release committee draft does not include the
requirement to document the Quality Management System.
Also there is no mention of the word Quality Manual any
where in the draft standard.
A Manual is not required to be produced for Environmental
Management System (ISO 14001) and some other
management standards. In an effort to ensure harmony
between different management systems the requirement to
produce a Quality Manual no longer

These new requirements are


referenced in ISO 9001:2015 as
outlined below.
6.3 Planning of changes
When the organization determines the need for
changes to the quality management system, the
changes shall be carried out in a planned and
systematic manner (see 4.4).
The organization shall consider the:
a) purpose of the changes and their potential
consequences;
b) integrity of the quality management system;
c) availability of resources;
d) allocation or reallocation of responsibilities and
authorities.

8.1 Operational planning


The organization shall control planned changes
and review the consequences of unintended
changes, taking action to mitigate any adverse
effects, as necessary.

8.3.6 Design and development


changes
During design and development changes that are
identified will be reviewed and controlled to
ensure there is no impact to the conformity of
the product or service.

8.5.6 Control of changes


The organization shall review and control
changes for production or service provision, to
the extent necessary to ensure continuing
conformity with requirements.
The organization shall retain documented
information describing the results of the review
of changes, the persons authorizing the change,
and any necessary actions arising from the
review.

Footnote: Other references to change are found


in clauses; 4.4, 5.3, 9.2, 9.3, 10.2)

Things to consider when implementing the


new requirement for Change
There are many triggers that can cause a change to the
Quality Management System:
Customer feedback
Customer complaint
Product failure
Employee feedback
Innovation
Determined risk

Determined opportunity
Internal audit results
Management review results
Identified nonconformity

Many others

NOTE: These recommendations not necessarily


applicable for every type of organization.
Background: Some changes need to be carefully
managed while others can be safely ignored. In order to
sort through this, the organization should consider a
method to prioritize. (Executed Item)
To determine the priority, the organization should
consider a methodology that allows them to take into
account:
Consequences of the change
Likelihood of the consequence
Impact on customers
Impact on interested parties
Impact on quality objectives
Effectiveness of processes that are part of the QMS
others

Typical steps to Implement changes


Define the specifics of what is to be changed
Have a plan (tasks, timeline, responsibilities,
authorities, budget, resources, needed information,
others)
Engage other people as appropriate in the change
process
Develop a communication plan (appropriate people
within the organization, customers, suppliers,
interested parties, etc. may need to be informed)
Use a cross functional team review the plan to provide
feedback related to the plan and associated risks
Train people
Measure the effectiveness

What changes may need to be made?


Change to a process (inputs, activities, outputs, controls,
etc.)
Communication with customers
Communication with the supply chain
Additional controls for processes
Inspection
Employee training
Implement a new process
Provide documented information
Change existing documented information
Improve employee competence
Outsource a process
Many others

Other considerations:
Prior to making a change, the organization
should consider unintended consequences
After making a change the organization should
monitor the change to determine its
effectiveness and to identify any additional
problems that might be created
Records of some changes may be needed as part
of the Quality Management System

Pyramid of Quality

Is there anything else companies need to know before


they get going with ISO 9001 or the new version ISO
9001:2015?
The requirement for formal procedures and a quality
manual have been scrapped in ISO 9001:2015, as was
stated above. Only relevant information has to be available
now.
Organizations that already have an ISO 9001 quality
management system do not have to discard their existing
procedures and documentation, of course. A good system
remains a good system and you will still need a proper
structure for your crucial documentation.
If something is no longer obligatory, it doesnt mean that
you have to scrap it right away, of course. Its better to hang
on to what you are happy with and what helps your
organization to progress.

Assignment 2: Draw all ISO 9001 Claus in


a organizational structure(Flow Chart)

CLAUSE
#

TITLE

CONTENT

Scope

Similar to ISO9001 : 2008 with the introduction of


the term "goods and services" as opposed to "
products"

Normative
references

Similar to ISO9001 : 2008

Terms and
definations

Many terms are defined and in this section; need


to wait to see if they stay or get moved to
ISO9000

Context of the organization

Need to define the organization's "purpose,


scope, environment, systems and interested
parties"
Expect the QMS to focus on " risks and threats"

Leadership

Roles and Responsibilities" need defining


Policies and objectives" need to be established
Similar to current Section 5 (ISO9001 : 2008)
but no "management representative"

Planning

Focus on how to address "risks" and


"opportunities"
Included are "structured planning processes",
planning for change , and clear planning
objectives"

10

Support

Includes section on "Infrastructure, work environment , and


control of monitoring and measuring equipment."
Includes terms focused on " competence , awareness,
communication" and a new concept called "knowledge"
Documented Information" is in this section; "quality manual"
and "documented procedures" are not specified.

Operation

This is the current (9001 : 2008) Clause 7.0 Product


Realization plus non conforming product (8.3)
Clause 8.5 is a new version of the current 7.3 (Design and
Development)

Performance
Evaluation

This clause includes "monitoring, measuring, analysis and


evaluation"
Internal audits, management review and customer
satisfaction perception" are in this section

Improvement

Focus on the improvement of "suitability, adequacy, and


effectiveness"
Corrective action" identified
Preventative action" and the term " continual improvement" is
not in the CD draft

Assignment 3: Formulate a Checklist:

Audit from ISO

ISO 9001:2015 certification introduces a few changes and revisions to


accommodate the changing business environment of the modern
world. Organizations operate in a quite dynamic business scenario
where they are supposed to alter and tune business strategies at
regular intervals. 2015 update takes care of it by including several
terminologies, information restructuring, and importance to riskbased thinking make it further applicable and relevant today.
For ISO 9001:2015 upgrade, organizations should review the current
approach. Business leaders are required to engage with process owners
and team members to understand the process change with respect to
the proposed version. They should identify, manage, and control these
modifications as quickly as possible so that there is a minimized
impact.
Organizations that are already certified for ISO 9001 should upgrade to
2015 version because it widens the horizon of applicability and
relevance. As per ISO norms, a transition period of three is given to
ISO 9001:2008 certified organizations. Organizations should apply the
principles of quality management for enhancing the business in such a
way that a sustainable business improvement can be obtained. It is the
biggest benefit of ISO certification. ISO 9001:2015 is beneficial for
small, medium and large organizations across industries.

What benefits does the new version


bring ?
The new version of the standard brings the user a
number of benefits. For example, ISO 9001:2015 :
Puts greater emphasis on leadership engagement
Helps address organizational risks and opportunities in a
structured manner
Uses simplified language and a common structure and
terms, which are particularly helpful to organizations
using multiple management systems, such as those for
the environment, health & safety, or business continuity
Addresses supply chain management more effectively
Is more user-friendly for service and knowledge-based
organizations

I am currently using ISO 9001:2008


What should I do ?
The 2015 edition has now replaced the 2008
version. Since it has been revised to meet the
needs of todays business world, we recommend
that you update your quality management
system to fit the new version.
Every organization is different, so the steps
needed to adjust your management system are
likely to be unique to your situation. However,
here are some tips that will help you get started
on the journey.

Tip 1
Familiarize yourself with the new document.
While some things have indeed changed, many
remain the same. A correlation matrix, available
from ISO/TC 176/SC 2, will help you identify if
parts
of the standard have been moved to other
sections.

Tip 2
Identify any organizational gaps which need to
be addressed to meet the new requirements.

Tip 3 Develop an implementation plan.


Tip 4 Provide appropriate training and awareness
for all parties that have an impact on the
effectiveness
of the organization.
Tip 5 Update your existing quality management
system to meet the revised requirements.
Tip 6 If you are certified to the standard, talk
to your certification body about transitioning
to the new version.

I am certified to ISO 9001:2008. What


should I do ?
If you wish to maintain your certification to ISO
9001, you will need to upgrade your quality
management system to the new edition of the
standard and seek certification to it.
You have a three-year transition period from the
date of publication (September 2015) to move to
the 2015 version. This means that, after the end
of September 2018, a certificate to ISO
9001:2008 will no longer be valid.

So how will it affect your Organization


and you?
It is likely that you and your Organization will have to:
Purchase a copy of the updated Standard
Conduct a gap analysis/impact assessment against
9001:2015
Alter the Management System to meet new requirements
Train staff in new 9001:2015 requirements as well as
new Management System procedures/controls
Train and update existing auditors with relevant
knowledge about 9001:2015.
To make sure that your Company keeps up with the
development of the 9001 update and how it will affect
your Company, keep reviewing this website for updates.

How can companies transition from


ISO 9001:2008 to ISO 9001:2015?
Assuming that a company is already ISO 9001
certified, I recommend taking the following
steps in order to comply with ISO 9001:2015:

1. Baseline measurement
Perform a baseline measurement in your
organization. Make a complete overview of the
current status of your quality management
system and your organization's conduct of
business.
2. Plan of approach
Draw up a plan based on the baseline
measurement. Thanks to this plan, you can take
the time to make changes and to implement
improvements step by step.

3. Implementation
Implement the changes in accordance with the
plan of approach. Incorporate measurement
points and milestones.
4. Auditing and process analysis
Measure whether the changes have had the
desired effect. Measure the input and output of
the processes you consider to be important
because they are critical or risky, for example.

5. Certification
Have your organization certified according to
ISO 9001:2015.
6. Communication with interested parties
Show your interested parties not just the
certificate, but also show them the results with
pride. Let them see how well your organization
manages its processes and continuously
improves them.

Conclusion: What is ISO about

Exam:
Retain and Maintain documented information
Differentiate and specify the clause Nr.
Checklist formation for one clause or a part- how
could you ask, please enumerate all available Q.
Risk Based Thinking is which Clause, please
identify according to the ISO Standard
What are the main differences between ISO
9001:2008 and ISO 9001:2015

References and further information


International Organization for Standardization
Tel: +41 22 749 01 11, Web: www.iso.org
ISO/TC 176/SC2/N1287
www.iso.org/tc176/sc02/public
http://www.iso-9001-2015.com/iso-9001-2015requirements.html
http://advisera.com/9001academy/iso-9001-2015-revision/
http://ferribygroupinternational.com/global-news/84/iso9001-2015-are-you-ready
http://webstore.ansi.org
https://www.pauwelsconsulting.com/blog/iso-9001-2015/
http://isotc.iso.org/livelink/livelink/open/tc176SC2public
http://www.slideshare.net/PECBCERTIFICATION/pecbwebinar-49304033

You might also like