Professional Documents
Culture Documents
• The 5 W’s
▫ Who are you ?
What is your preferred name in class?
▫ Where do you work?
▫ What is your job title, and
▫ What are your main responsibilities?
▫ Why are you attending this course?
Please define your expectations
2
keep
Documentation
Data forms Certificates
3
Agenda:
• Welcome and Administration
• Introduction to ISO 9001 History
• Content of ISO 9001
• ISO 9001:2015
Course Objectives
• ISO 9001 is a standard that sets out the
requirements for a quality management system.
It helps businesses and organizations to be more
efficient and improve customer satisfaction.
• A new version of the standard, ISO 9001:2015,
has just been launched, replacing the previous
version (ISO 9001:2008).
Who must attend this course
• Every body in the organization from different
levels as ISO is everybody concern.
Name Tag
What is ISO?
What is ISO 9001?
Group Task:
Give me example: A Football Match
Goals achieved (WON)
Performance and way in playing
W.I and SOP: How to do the Process
Objective
Procedures, Process
4W
WI, SOPS
How
Record
(Evidence)
ISO Introduction
Revision Timeline
• The working draft, ISO/DIS 9001:2015 was distributed for
review and comment on May 8, 2014. The Committee Draft
(CD) published in the run-up to this draft received around
3,000 comments and was approved by 80% of the countries
in a preliminary vote. The international community has been
invited to submit their comments on this interim working
draft by July 2014.
• Publication of the official draft international standard (DIS) is
expected in September 2014. After the commenting period,
the final draft international standard (FDIS) will then be
passed before its presentation, scheduled for November
2014. Publication of the final version of ISO 9001:2015 is
expected in September 2015.
New Structure
24
What is the process approach?
25
How do I do it?
.
26
Process approach and risk-based
thinking
27
The process approach and PDCA
Processes can be managed using the PDCA
cycle
28
Documented Information
• The term “documented information“ replaces
the previous terms “documents“ and “records.“
The intention was to give users more flexibility.
This also applies to the description of processes.
The organization determines the extent of
documented information on processes,
depending on factors such as process complexity
or employee competence. Documented
procedures previously required by the standard
are no longer necessary.
Management Responsibilities
• The draft standards increase “management
responsibilities.“ In the future, responsibilities
previously held by the Quality Management
Representative will rest with top management
and a more precise assignment of roles and
responsibilities will be required.
Management Review
• The scope of the management review is extended
by the addition of the aspects “strategic direction
of the organization,“ consideration of the
“relevant interested parties“ and “assessment of
risks and opportunities“ at a strategic level.
Risk and Preventive Actions
• The high-level structure and core texts specified in Annex SL,
Appendix 2, does not include a clause stating specific
requirements for “preventive measures.“ The reason is
because acting as a “preventive tool“ is one of the key
purposes of a quality management system (risk prevention).
The emphasis on a risk-based approach is referenced in many
places in the draft standard, from risk assessment in Section
4.4 “Quality management system and its processes,“
leadership issues in Section 5.1.1 and a separate sub-clause in
Section 6.1.2 “Actions to address risks and opportunities“ to
risk-based approaches in “Operational planning and control“
(Chapter 8.1) and “Management review“ (Chapter 9.3). While
the draft demands that risks are identified and acted upon,
there is no requirement for standardized risk management.
33
Dr.Mohammed Ghorab
Q: What is Risk:
What is Risk ?
• "boiling frog syndrome," referring
to the
metaphor that a frog put in boiling water
will jump out, while one in cold water
won't notice the danger if the
temperature heats up slowly.
Source: Alain LeBlanc, CD, B.Eng., M. Sc, M. Eng. 2011, Canadian Society of Value Analysis
Define the following according to your
business position giving examples:
• Business objectives
• Value
• Lost value
• Gained value-added value
• Created value
Treatment Failure due to disease
description disorder
A true story for understanding the next
model:
Risk assessment and estimation differ from person to person
Risk: Internal or External ?
Internal External
Risk is not only something bad will happen but also something
good will not happen (opportunities Vs. Problems)
Diagrams shows forming of risk appetite:
(Green, High normal, above normal, yellow
risky, dangerous
How Corporate Appetite could
eliminate Risks:
Risk Management Process
1. Identify Risks
2. Quantify Risks
3. Identify Countermeasures
4. Implement Countermeasures
▫ Financial Risks:
Cash Flow
Sales
Contracts
1. Identify Risks
▫ Regulatory/Compliance Risks:
Breach of Regulation
Failure to meet Legal Requirements
Loss of Operating License
▫ Project Risks:
Failure to meet time scales
Increased Costs
Failure to meet business requirements
1. Identify Risks
3 X 3 Grid
2. Quantify Risks
Example:
4 X 4 Matrix
2. Quantify Risks
Risk Assessment Summary
2. Quantify Risks
•The risk rating which is a
combination of likelihood
and impact is a rating of
the significance of each
identified risk.
Impact
3. Identify Countermeasures
• After the assessment of the identified risk and
prioritizing the risks.
- CrisisManagement
- Communication with customers and
stakeholders
- Alternative ways of supply and
distribution
- Relocation and recovery of critical
business functions
3. Identify Countermeasures
Insurance Outsourcing
Risk
Transfer
• Example: To cross the road I may go directly or I
may use a nearby footbridge. Which process I
choose will be determined by considering the risks.
• Risk is commonly understood to have only negative
consequences; however the effects of risk can be
either negative or positive.
• In ISO 9001:2015 risks and opportunities are often
cited together. Opportunity is not the positive side of
risk. An opportunity is a set of circumstances which
makes it possible to do something. Taking or not
taking an opportunity then presents different levels
of risk.
• Example:
• Crossing the road directly gives me an opportunity
to reach the other side quickly, but if I take that
opportunity there is an increased risk of injury
from moving cars.
Risk-based thinking replacing preventive
action in ISO 9001:2015 – The benefits
• ISO 9001:2015 standard requires us to take a “risk-based
approach to quality management.” This involves taking a
greater strategic view of risk within your business, and
also ties in with the changes in leadership requirements
• So, given that your top management team should now be
involved in the process of identifying, recording,
removing, and mitigating risk, then you can see that
from the start, using a risk-based thinking process
should far surpass preventive action in terms of
effectiveness. Ensuring that your management team has
a forum for identifying risk at the regular management
meetings can be a vital step toward this. Equally
important is ensuring that all employees at a lower level
have a channel where they can feed their opinions
upwards for consideration by the management team.
• When these two processes are in place, you will have a
“risk-based thinking” process that is presided over by the
top management team, which holds all the key strategic
knowledge about threats to the business, and is
supported by information from all levels – some of
which may have previously remained unknown to them.
So, in effect, in place of a one-dimensional preventive
action process, which usually was carried out at a lower
level and remained there, you now have a risk-based
thinking process presided over by the team who has all
information available to them from the pinnacle of the
company, filtering all the way down. With the decisions
made from this process, and the ensuing actions, it is not
difficult to see that the documented actions and
objectives will be more effective on a company-wide
basis than the preventive action process was.
what does your organization have to do to get up
to speed with this change?
• There will be a transition period of up to three years for
implementation of the new standard, but some of the changes are
so beneficial that the sooner you start, the better. Encouraging
your top management team to embrace the changes in leadership
requirements and coupling this with a new risk-based thinking
process makes perfect sense. The sooner you can facilitate both,
and encourage the synergy between the two, the more in tune your
organization will be to the threats and risks you will have to
navigate in the coming months and years. And, as we all know,
where there are risks there are almost always opportunities, so
identification of these are another positive spinoff of adopting this
overall approach as soon as possible. Removal and mitigation of
risk almost always ensures company growth, which can only be
good news for your organization. ISO 9001:2015 is a standard that
goes far beyond company quality standards, and its outputs ensure
that your organization can be protected and improved, and new
opportunities identified, as stated above. Given that these changes
are so beneficial
Where is risk addressed in
ISO 9001:2015?
74
Risk-based thinking is in:
• Introduction - the concept of risk-based thinking is
explained
• Clause 4 - organization is required to determine its
QMS processes and address its risks and opportunities
• Clause 5 – top management is required to
▫ Promote awareness of risk-based thinking
▫ Determine and address risks and opportunities that
can affect product /service conformity
• Clause 6 - organization is required to identify risks and
opportunities related to QMS performance and take
appropriate actions to address them
75
Risk-based thinking is in:
• Clause 7 – organization is required to determine and
provide necessary resources
• Clause 8 - organization is required to manage its
operational processes
• Clause 9 - organization is required to monitor,
measure, analyse and evaluate the effectiveness of
actions taken to address risks and opportunities
• Clause 10 - organization is required to correct, prevent
or reduce undesired effects and improve the QMS and
update risks and opportunities
• Note, risk is implicit whenever suitable or appropriate
is mentioned (clause 7 and 8)
76
Why use risk-based thinking?
Successful organizations intuitively apply risk-
based thinking because it brings benefits that:
• improve governance
• establish a proactive culture of improvement
• assist with compliance
• assure consistency of quality of products and
services
• improve customer confidence and satisfaction
77
How do I do it?
• Identify what your risks are – it depends on
context
• Use risk-based thinking to prioritize the way you
manage your processes
• ISO 9001:2015 does not require formal risk
management
• ISO 31000 Risk management — Principles and
guidelines may be a useful reference for
organizations that want or need a more formal
approach to risk (but its use is not obligatory)
78
How do I do it?
Balance risks and opportunities
• Analyse and prioritize your risks
what is acceptable?
what is unacceptable?
• Plan actions to address the risks
how can I avoid, eliminate or mitigate
risks?
• Implement the plan; take action
• Check the effectiveness of the action; does it
work?
79
Conclusions
Risk-based thinking:
• is not new
• is something you probably do already
• is ongoing
• ensures greater knowledge of risks and improves
preparedness
• increases the probability of reaching objectives
• reduces the probability of negative results
• makes prevention a habit
80
How Can You Prepare?
• At this stage, it is relatively easy to predict the
updated QM-specific contents that will be
included in the ISO 9001:2015. The
requirements of the above sections will only be
subject to minor changes. Organizations that
have established management systems should
familiarize themselves with the changes and
subsequently upgrade their management
systems accordingly in 2015 and 2016.
• There will be a three-year transition period
during which both the old and the new standard
will apply in parallel. However, within the scope
of certification, organizations should not leave
the upgrade until the very end of the transition
period. We recommend that organizations
upgrade their systems to the new standard at an
early stage within the scope of a regular re-
certification audit.
Your Business Benefits
• Save money and time – through quality management
practices that increase your organizational efficiency,
productivity and profitability.
• Minimize risk – by consistently achieving a level of quality
defined by the standard, thus ensuring your products and
services are less likely to fall short of customer expectations.
• Profit from an expert partnership – an internationally
recognised and respected brand.
• Increase your competitiveness – with a quality
management system that attracts investors and lowers trade
barriers to your business.
• Gain market recognition – with the world‟s most widely
known quality management system, which can help establish
your presence as a supplier when entering a new market.
History
• ISO 9000 was first published in 1987. It was based on
the BS 5750 series of standards from BSI that were
proposed to ISO in 1979. However, its history can be
traced back some 20 years before that, to the publication
of the United States Department of Defense MIL-Q-9858
standard in 1959. MIL-Q-9858 was revised into the
NATO AQAP series of standards in 1969, which in turn
were revised into the BS 5179 series of guidance
standards published in 1974, and finally revised into the
BS 5750 series of requirements standards in 1979 before
being submitted to ISO. The first revision was done in
1994, and the standard was issued as a quality assurance
system. At this point, the standard had three sub-
standards: ISO 9001, ISO 9002, and ISO 9003. The next
revision of the standard was done in the year 2000, and
this standard defined the Quality Management System.
In 2008 the third revision was published, and now the
2015 revision is the current revision
What are the major differences ?
• The most noticeable change to the standard is its new
structure. ISO 9001:2015 now follows the same overall
structure as other ISO management system standards
(known as the High-Level Structure), making it easier
for anyone using multiple management systems. More
information can be found in Annex SL of ISO/IEC
Directives Part 1 (the rules for developing ISO
standards).
• Another major difference is the focus on risk-based
thinking. While this has always been part of the
standard, the new version gives it increased
prominence. More information on how to adapt to this
risk-based thinking can be found on the Website run by
ISO/TC 176/SC 2, the group of experts behind the
standard (www.iso.org/tc176/sc2/public).
ISO 9001:2015 version follows the new high-
level structure and comprises ten sections:
ISO 9001:2008 ISO 9001:2015
0. Introduction 0. Introduction
1. Scope 1. Scope
2. Normative reference 2. Normative reference
3. Terms and definitions 3. Terms and definitions
5. Leadership
5. Management responsibility
6. Planning
Normative
2 •Similar to ISO9001 : 2008
references
• Organizations that are already certified for ISO 9001 should upgrade to
2015 version because it widens the horizon of applicability and
relevance. As per ISO norms, a transition period of three is given to
ISO 9001:2008 certified organizations. Organizations should apply the
principles of quality management for enhancing the business in such a
way that a sustainable business improvement can be obtained. It is the
biggest benefit of ISO certification. ISO 9001:2015 is beneficial for
small, medium and large organizations across industries.
What benefits does the new version
bring ?
• The new version of the standard brings the user a
number of benefits. For example, ISO 9001:2015 :
• Puts greater emphasis on leadership engagement
• Helps address organizational risks and opportunities in a
structured manner
• Uses simplified language and a common structure and
terms, which are particularly helpful to organizations
using multiple management systems, such as those for
the environment, health & safety, or business continuity
• Addresses supply chain management more effectively
• Is more user-friendly for service and knowledge-based
organizations
I am currently using ISO 9001:2008
What should I do ?
• The 2015 edition has now replaced the 2008
version. Since it has been revised to meet the
needs of today‟s business world, we recommend
that you update your quality management
system to fit the new version.
• Every organization is different, so the steps
needed to adjust your management system are
likely to be unique to your situation. However,
here are some tips that will help you get started
on the journey.
Tip 1 –
• Familiarize yourself with the new document.
• While some things have indeed changed, many
remain the same. A correlation matrix, available
• from ISO/TC 176/SC 2, will help you identify if
parts
• of the standard have been moved to other
sections.
Tip 2 –
• Identify any organizational gaps which need to
be addressed to meet the new requirements.
• Tip 3 – Develop an implementation plan.
• Tip 4 – Provide appropriate training and awareness
• for all parties that have an impact on the
effectiveness
• of the organization.
• Tip 5 – Update your existing quality management
• system to meet the revised requirements.
• Tip 6 – If you are certified to the standard, talk
• to your certification body about transitioning
• to the new version.
I am certified to ISO 9001:2008. What
should I do ?
• If you wish to maintain your certification to ISO
9001, you will need to upgrade your quality
management system to the new edition of the
standard and seek certification to it.
• You have a three-year transition period from the
date of publication (September 2015) to move to
the 2015 version. This means that, after the end
of September 2018, a certificate to ISO
9001:2008 will no longer be valid.
So how will it affect your Organization
and you?
It is likely that you and your Organization will have to:
• Purchase a copy of the updated Standard
• Conduct a gap analysis/impact assessment against
9001:2015
• Alter the Management System to meet new requirements
• Train staff in new 9001:2015 requirements as well as
new Management System procedures/controls
• Train and update existing auditors with relevant
knowledge about 9001:2015.
• To make sure that your Company keeps up with the
development of the 9001 update and how it will affect
your Company, keep reviewing this website for updates.
How can companies transition from
ISO 9001:2008 to ISO 9001:2015?
• Assuming that a company is already ISO 9001
certified, I recommend taking the following
steps in order to comply with ISO 9001:2015:
1. Baseline measurement
• Perform a baseline measurement in your
organization. Make a complete overview of the
current status of your quality management
system and your organization's conduct of
business.
2. Plan of approach
• Draw up a plan based on the baseline
measurement. Thanks to this plan, you can take
the time to make changes and to implement
improvements step by step.
• 3. Implementation
• Implement the changes in accordance with the
plan of approach. Incorporate measurement
points and milestones.