Implementing ISO9001:2015

John DiMaria; CSSBB, HISP, MHISP, AMBCI

Sr. Product Manager, Systems Certification - Americas

Copyright 2015 BSI. All rights reserved.

 Understanding the New Direction of Standards
Navigating the ten clauses Annex SL/Directive 1
Key changes that are expected for ISO 9001
Breakout sessions I Leadership and Planning
Breakout sessions II Risk and Planning
Discussion and closing

Copyright 2015 BSI. All rights reserved.

 Understanding the New
Direction of Standards
Navigating the ten clauses Annex SL
The New High Level Structure (HLS)

Copyright 2015 BSI. All rights reserved. 19/10/2015

 Reasons For The Changes

Easier integration of multiple standards, using a common

foundation and common language

Increase involvement of Top Management

Decrease the emphasis on Documentation

Increase the emphasis on Achieving Value for the Organization

and its customers

Increase emphasis on Risk Management to achieve objectives

Copyright 2015 BSI. All rights reserved.

 Annex SL

ISO 14001
Environmental
management system

ISO 9001 ISO/IEC 27001

Quality management Information security
system

Annex SL
ISO 45001 TS 16949
Health & safety Automotive

ISO 22301
Business continuity
Copyright 2015 BSI. All rights reserved. management
 ANNEX SL (HLS)
Annex SL
high level structure,
identical core text,
common terms and core definitions.

Annex SL
High level structure, identical core text, common terms and core definitions

ISMS specific EMS specific QMS specific BCMS specific

requirements requirements requirements requirements

Copyright 2015 BSI. All rights reserved.

 Ten clauses of the new Annex SL
Directive 1 for ISO Management Systems
Annex SL describes the framework for a generic management
system. However, it requires the addition of discipline-specific
requirements to make a fully functional quality, environmental,
service management, food safety, business continuity, information
security and energy management system standard

ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014

High level structure, identical core text, common terms and core
definitions 10 Main Clauses

Copyright 2015 BSI. All rights reserved. 19/10/2015

 Directive 1 10 Clauses

1. Scope 6. Planning

2. Normative references 7. Support

3. Terms and definitions 8. Operation

4. Context of the organization 9. Performance evaluation

5. Leadership 10. Improvement

Implement Once, Comply Many

19/10/2015
High Level Structure
4 Context of 9 Performance and
5 Leadership 6 Planning 7 Support 8 Operation 10 Improvement
organization Evaluation

4.1 5.1 Leadership 6.1 Actions to 9.1 Monitoring, 10.1 Nonconformity

7.1 Resources 8.1 Operational measurement,
Understanding and commitment address risk and and corrective
planning and control analysis and action
context (MS) opportunity evaluation

4.2 Interested 6.2 Objectives 7.2 Competence 9.2 Internal 10.2 Continual
5.2 Policy and planning improvement
parties audit

5.3 Roles, 7.3 Awareness

4.3 Scope 9.3 Management
responsibilities
review
and authorities
7.4 Communication

4.4 MS
7.5 Documented
information

Copyright 2015 BSI. All rights reserved.

 Identical Core Text

5 Leadership

10 Improvement
6 Planning

4 Context of the
Organization

9 Performance
Evaluation
7 Support

8 Operation
Copyright 2015 BSI. All rights reserved.
 4. Context of the organization

4.1 Understanding the organization and its context

Determine relevant external and internal issues that affect the

ability to achieve the intended outcome(s)

Copyright 2015 BSI. All rights reserved.

 4.2 Understanding the needs and
expectations of interested parties
Interested party Needs and expectations

Customers Quality, price and delivery performance of products

Owners/shareholders Sustained profitability

Transparency
People in the organization Good work environment
Job security
Recognition and reward
Suppliers and partners Mutual benefits and continuity

Society Environmental protection

Ethical behavior
Compliance with statutory and regulatory requirements
Source ISO 9004
Copyright 2015 BSI. All rights reserved.
 4.3 Determining the scope of the
management system

Copyright 2015 BSI. All rights reserved.

Source: ISO 9001:2015
 4.4 Management system

Establish, implement, maintain, and continually improve a management

system, including the processes needed and their interactions, in
accordance with the requirements of the International Standard

A Process can be defined as a set of interrelated or interacting activities,

which transforms inputs into outputs
Source: ISO/TC 176/SC 2/N 544R3

Interrelated or interacting elements of an organization

Policies, Processes and Objectives

Copyright 2015 BSI. All rights reserved.

 5. Leadership

5.1 Leadership and commitment

How top management* demonstrates leadership and commitment
with respect to the management system

Policy and objectives must be established compatible with the strategic

direction of the organization
How top management integrates the management system requirements
into your organizations business processes
Do they provide proper resources?
Communicating the importance of effective management and of
conforming to requirements
* person or group of people who directs and controls an organization (3.01) at the highest level
Copyright 2015 BSI. All rights reserved.
 5.1 Leadership and commitment

How do they ensure the management system achieves its intended

outcome(s)
Top management must show how they direct and support persons
to contribute to the effectiveness of the management system
How do they promote continual improvement and support other
relevant management roles to demonstrate their leadership as it
applies to their areas of responsibility

Copyright 2015 BSI. All rights reserved.

 5.2 Policy

Top management must establish a documented policy:

Appropriate to the purpose of the organization
Set objectives
Commitment to satisfy applicable requirements
Commitment to continual improvement

Copyright 2015 BSI. All rights reserved.

 5.3 Organizational roles, responsibilities
and authorities
Top management must show that they ensure that the
responsibilities and authorities for relevant roles are assigned and
communicated within the organization

They must assign responsibility and authority for:

Ensuring that the management system conforms to the
requirements of the International Standard
Reporting on the performance of the management system to
top management

Copyright 2015 BSI. All rights reserved.

 6. Planning

6.1 Actions to address risks and opportunities

Lets discuss objectives first!

6.2 Objectives and planning to achieve them

Establish objectives at relevant functions and levels
Consistent with policy
Measureable
Consider applicable requirements
Monitored, communicated, updated
Determine resources, responsibilities, targets and how to
evaluate results
Copyright 2015 BSI. All rights reserved.
 6.1 Actions to address risks and
opportunities
Consider the issues referred to in 4.1* and the requirements referred
to in 4.2** and determine the risks and opportunities that need to be
addressed to:

Give assurance that the management system can achieve its

intended outcome(s);
prevent, or reduce, undesired effects; (mitigate)
achieve continual improvement

*4.1 Understanding the organization and its context

**4.2 Understanding the needs and expectations of interested parties

Copyright 2015 BSI. All rights reserved.

 What is risk-based thinking?

Risk-based thinking is something we all do automatically and often

subconsciously
The concept of risk has always been understood in ISO 9001 and not
new to ISO 14001 this revision makes it more explicit and builds it
into the whole of the management process
Risk-based thinking should already part of the process approach
Risk-based thinking makes preventive action routine

Copyright 2015 BSI. All rights reserved.

 6.1 Actions to address risks and
opportunities
The organization shall plan:
actions to address these risks and opportunities

How to:
integrate and implement the actions into its management
system processes
evaluate the effectiveness of these actions

Copyright 2015 BSI. All rights reserved.

 7. Support
7.1 Resources
Provide proper resources needed
7.2 Competence
Competent on the basis of appropriate education, training,
or experience, keep records and evaluate effectiveness
7.3 Awareness
Policy, contribution and implications of not conforming
7.4 Communication
Determine relevant the internal and external
communications; what, when, who and how
Copyright 2015 BSI. All rights reserved.
 7.5 Documented information

7.5.1 General
Determine required documentation
7.5.2 Creating and updating
Identification, format and review
7.5.3 Control of documented information
Available and suitable for use, where and when it is
needed;
Protected, stored, controlled, change control, retention
control

Copyright 2015 BSI. All rights reserved.

 7.5 Documented Information
The organizations quality management system
shall include documented information required by
the International Standard and determined by the
organization as being necessary for the
effectiveness of the quality management system.

Documented information: Information required to

be controlled and maintained by an organization
and the medium on which it is contained.

Documented information can be in any format

and media and from any source.

Copyright 2015 BSI. All rights reserved.

Source: ISO 9001:2015
 8. Operation

8.1 Operational planning and control

Plan, implement and control the processes needed to meet
requirements, and to implement the actions determined in 6.1*

*6.1 Actions to address risks and opportunities

Copyright 2015 BSI. All rights reserved.

 9. Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

What needs to be measured, methods, when (what intervals)
and when data should be analyzed and reported
9.2 Internal audit
Conducted at planned intervals to ensure compliance with the
standard and internal requirements
9.3 Management review
Review the organization's management system, at planned
intervals, to ensure its continuing suitability, adequacy and
effectiveness

Copyright 2015 BSI. All rights reserved.

 10. Improvement

10.1 Nonconformity and corrective action

React to the nonconformity and, as applicable
Take action to control it
Evaluate the need for action to eliminate the causes
in order that it does not recur or occur elsewhere
Retain documented evidence

10.2 Continual improvement

Continually improve the suitability, adequacy, and
effectiveness of the management system.
Copyright 2015 BSI. All rights reserved.
 ISO 9001: 2015
Understanding the Revision

Copyright 2015 BSI. All rights reserved. 19/10/2015

 What is the aim of ISO 9001?

Increase customer satisfaction through

improved operational consistency and
continual improvement.

Copyright 2015 BSI. All rights reserved.

 ISO 9001: Evolution

1979 1987 1994 2000 2008 2015

BS 5750:1979

ISO adopts BS 5750 as the basis for ISO standard

ISO 9001:1987

ISO 9001:1994 Minor updates only

ISO 9001:2000 Major update to introduce process approach

ISO 9001:2008 Minor updates only

ISO 9001:2015 Major update

1,138,155 Companies Certified ISO 2014 Survey

Copyright 2015 BSI. All rights reserved.

 So, whats new?

Greater emphasis for senior managers to be involved

Leadership
in the management system
Risk Risk-based thinking incorporated into requirements

Context of Organization Relevant needs of interested parties is emphasized

Ensure quality management is now integrated and
Quality Importance aligned with the strategic direction of the
organization
Process Approach Adoption of a process approach

Documented Information More flexible approach

Control of changes Review and control changes for production or service

Copyright 2015 BSI. All rights reserved. 19/10/2015
 Quality Management Principles

Was 8: Now 7:
Customer focus Customer focus
Leadership Leadership
Involvement of people Engagement of people
Process approach Process approach
System approach to management (Included in the process approach)
Continual improvement Improvement
Factual approach to decision making Evidence based decision making

Mutually beneficial supplier relationships Relationship management

Copyright 2015 BSI. All rights reserved.

 Major differences in terminology between
ISO 9001:2008 and ISO 9001:2015
ISO 9001:2008 ISO 9001:2015

Products Products and Services

Exclusions Not used

(See Clause A.5 for clarification of
applicability)
Management Representative Not used

Documentation, quality manual, documented Documented Information

procedures, records
Work environment Environment for the operation of processes

Monitoring and measuring equipment Monitoring and measuring resources

Purchased product Externally provided products and services

Supplier
Copyright 2015 BSI. All rights reserved. 19/10/2015 External Provider
 Changes from FDIS

Establishing the Quality Policy

5.2.1 Developing the quality policy Change replaces Developing the quality
Policy

Title changed to Determining the

8.2.2 Determination of requirements related to
Change requirements for products and
products and services
services

Title changed to Review the

8.2.3 Review of requirements related to the
Change requirements for products and
products and services
services

Copyright 2015 BSI. All rights reserved.

 PLAN DO CHECK ACT

Copyright 2015 BSI. All rights reserved.

Benefits
Benefits of Certification

ISO 9001

Copyright 2015 BSI. All rights reserved.

 Leadership and effecting
culture change

Copyright 2015 BSI. All rights reserved. 19/10/2015

 Clause 5 Defines Leadership
Set policy and objectives and strategic
direction
Policy is communicated, understood and
applied within the organization
Integration of the management systems
requirements into the organizations
business processes and promoting the
process approach
Provide resources needed for the
management system are available
Ensure management system achieves its
intended results
Take accountability of the effectiveness of
the management system
Copyright 2015 BSI. All rights reserved.
Communicate the importance of an
effective management system and of
conforming to the management
system requirements
Engage, direct and support persons to
contribute to the effectiveness of the
management system
Promote continual improvement
Support other relevant management
roles to demonstrate their leadership
as it applies to their areas of
responsibility.
19/10/2015
 Leadership and effecting culture change

Leadership, the ability to motivate groups of people towards a

common goal, is an important skill in todays business world. Without
strong leadership, many otherwise promising businesses fail.

Copyright 2015 BSI. All rights reserved. 19/10/2015

 The Difference Between Leadership and
Management
Management is mostly about processes. Leadership is
mostly about behavior

Leadership relies on less tangible and less measurable

things like trust, inspiration, attitude, decision-making, and
personal character. These are all necessary to motivate an
organization to achieve its management systems objectives

Copyright 2015 BSI. All rights reserved. 19/10/2015

 Top Management According to ISO

Top management is the person or group of people who directs

and controls an organization at the highest level. Top
management has the power to delegate authority and provide
resources within the organization. If the scope of the
management system covers only part of an organization, then
top management refers to those who direct and control that
part of the organization.

Copyright 2015 BSI. All rights reserved.

 Leadership and Policy

Leadership needs to establish, review and maintain a policy, but also

needs to ensure that it is applied within the organization.

Copyright 2015 BSI. All rights reserved.

 Roles and Responsibilities

Leadership needs to ensure that responsibilities and authorities for

relevant roles are assigned, communicated and understood within
the organization.

Copyright 2015 BSI. All rights reserved.

 Organizational Change
Leaders need to ensure the integrity of the management system
is maintained when changes are planned and implemented.

Some of these tasks will be delegated, but it is the managements

responsibility to ensure they are planned, implemented and
achieved.

Copyright 2015 BSI. All rights reserved.

 Breakout session
Leadership and
Planning and Risk
Based Thinking

Copyright 2015 BSI. All rights reserved.

 Leadership and Planning

Implement the new requirements on Leadership and Planning

Pick an industry from your team
Define organizational objectives and plans to achieve them
referencing 6.2
Must be measurable
How will they be evaluated
Define resources needed

Copyright 2015 BSI. All rights reserved. 19/10/2015

 Clause 5 Defines Leadership
Set policy and objectives and strategic
direction
Policy is communicated, understood and
applied within the organization
Integration of the management systems
requirements into the organizations
business processes and promoting the
process approach
Provide resources needed for the
management system are available
Ensure management system achieves its
intended results
Take accountability of the effectiveness
of the management system
Copyright 2015 BSI. All rights reserved.
Communicate the importance of an
effective management system and of
conforming to the management system
requirements
Engage, direct and support persons to
contribute to the effectiveness of the
management system
Promote continual improvement
Support other relevant management
roles to demonstrate their leadership as
it applies to their areas of responsibility.
19/10/2015
 6. Planning

6.1 Actions to address risks and opportunities

Lets discuss objectives first!

6.2 Objectives and planning to achieve them

Establish objectives at relevant functions and levels
Consistent with policy
Measureable
Consider applicable requirements
Monitored, communicated, updated
Determine resources, responsibilities, targets and how to
evaluate results
Copyright 2015 BSI. All rights reserved.
 Risk and Planning

Implement the new requirements on Risk and Planning

Determine external and internal issues that are relevant to
your purpose and its strategic direction and that affect your
ability to achieve the intended result(s) (Objectives) of
your management system. (4.1)
Apply risk based thinking to meet requirements under
section 6.1 Actions to address risks and opportunities
Pick Team Spokesperson
Present findings

Copyright 2015 BSI. All rights reserved. 19/10/2015

 6.1 Actions to address risks and
opportunities
Consider the issues referred to in 4.1* and the requirements referred to
in 4.2** and determine the risks and opportunities that need to be
addressed (6.1)to:

give assurance that the management system can achieve its

intended result(s);
prevent, or reduce, undesired effects; (mitigate)
achieve continual improvement

*4.1 Understanding the organization and its context

**4.2 Understanding the needs and expectations of interested parties

Copyright 2015 BSI. All rights reserved.

 6.1 Actions to address risks and
opportunities
The organization shall plan:
actions to address these risks and opportunities

How to:
integrate and implement the actions into its management system
processes
evaluate the effectiveness of these actions

Copyright 2015 BSI. All rights reserved.

Likelihood : 1 - 5 (where 1 is highly unlikely and 5 is definite)
Impact : 1 - 5 (where 1 is minimal and 5 is business closure)
Risk Rating = Likelihood X Impact

Total
Risk Likelihood Impact Risk Rating Mitigating Controls Additional Controls implemented Owner Final Risk Rating

Copyright 2015 BSI. All rights reserved. 19/10/2015

 Conclusions
Feedback

Copyright 2015 BSI. All rights reserved.

 What are the main changes that may
affect you?
The increased role that leadership must play
Decrease in the amount of documentation needed
Risk management processes may need to be developed to determine the level
and extent of control for internal and external (supply-chain) processes and
services, if not already in place.
Auditors and stakeholders will need to become familiar with the revised
standards and so training may need to be considered
No Longer a requirement for a Quality Manual
No Longer a requirement for a Management Representative
Change management
Copyright 2015 BSI. All rights reserved.
 Benefits

Bringing Quality into the heart of our business

Quality management will be integrated and aligned with our business strategies
which will improve performance and drive real value
Introduction of Risk & Opportunity Management
Will help identify and manage risk more effectively and opportunities that
contribute to bottom line improvements
An Integrated Approach
It will be easier to implement more than one management system providing a
more holistic view leading to cost savings
Leadership
Greater involvement by our leadership team will ensure that well all be
motivated towards the organizations goals and objectives
Copyright 2015 BSI. All rights reserved.
 Buy the standard

ISO 9001:2015 & ISO 14001:2015 is available from your national standards body

Associated standards could be useful

ISO 9000 Quality Management Systems Fundamentals and

Vocabulary
ISO 9004 Managing for the sustained success of an organization
ISO 10001 Quality management customer satisfaction
guidelines for codes of conduct
ISO 31000 Risk management principles and guidelines

Copyright 2015 BSI. All rights reserved. 19/10/2015

 Training

Start your training as soon as possible

This will help embed the knowledge

Senior
Transition Implementing
management
training training
briefing
Transition
Deep dive Risk Based
Auditor training Course
training Thinking

Annex SL Lead Auditor

Copyright 2015 BSI. All rights reserved. 19/10/2015

19/10/2015
 What you need to do

Set up a project team to manage the changes

Communicate the project across the whole organization

Create an implementation plan and monitor progress

Take a fresh look at your QMS/EMS

Highlight the changes as opportunities for improvement
Make changes to your documentation to reflect the new structure (as necessary)
Implement the new requirements on leadership, risk and context of the organization
Review the effectiveness of your current control set
Carry out an impact assessment

Copyright 2015 BSI. All rights reserved. 08/12/2015

 Thank You!

Address: BSI Group America Inc.

12950 Worldgate Drive, Suite 800
Herndon, VA 20170
Email John DiMaria john.dimaria@bsigroup.com
Main Office
Telephone: 1-800-862-4977
Fax: 703-437-9001
Email: Inquiry.msamericas@bsigroup.com
Links: http://www.bsiamerica.com
Copyright 2014 BSI. All rights reserved.