ISO 9001:2015 What is new – an overview
(Presented for ASQ India members)
Govind Ramu, P.Eng. ASQ FellowASQ CMQOE, CQE, CSSBB, CQA, CSQE, CRE
Agenda
• Key advantages
• Key changes Executive Summary
• Interested parties identification
• Process approach
• Leadership requirement
• Documented information
• Organizational knowledge
• Risk Based Thinking
• Transition Strategy
• ISO 9001:2015 Certification - Transition Timeline
• Q & A – 15 Min
Key advantages of new revision
• Better alignment with other management systems (IMS friendly)
• Less emphasis on documentation* and more emphasis on process
• Requirements of QMS integration into organization’s business
process, tying business strategy with QMS
• Emphasis on “Risk based thinking”, “process approach” and
improvement
• Making the standard relevant to recent developments – data
protection, knowledge retention challenges, etc.
• Recognition of influence of “People” component in a QMS and
address competence, awareness and communication
QMS= Quality Management System, IMS= Integrated Management System*Depends on size, type, activity, process, product, service, complexity, competence requirement
ISO 9001:2015 Key changes Executive summary
Requirements ISO 9001:2008 (Previous
version)
ISO 9001:2015 (Effective Sep 2015)
Top Management requirements Limited requirements directly
under top management. Quality
Management Representative
share additional management
requirements
Additional requirements moved under Top
management. Management representative
role eliminated
Context of the organization and
interested parties
No requirement Understanding operating environment,
interested parties requirements, internal and
external issues relevant to organizations
strategic direction
Risks and Opportunities No requirement Actions to address risks* and opportunities for
improvement** from internal and external
issues. Integration and implementation of
actions into QMS (Risk based thinking)
Corrective and Preventive action Corrective and Preventive action
were two sections of
requirements
Risk based thinking and Corrective action.
(Prevention first). Also a Leadership
responsibility to promote
Organizational Learning No requirement Organization knowledge – determine,
maintain, address changing needs and trends,
continue to capture new knowledge
Process Approach Implied expectation on “process
approach” to process definition
and management
Explicit requirements on “process approach”.
as a leadership responsibility to promote
Services Implied expectation that QMS
requirements are applicable to
products (and services)
Explicit requirements that QMS requirements
are applicable to products and services.
*Risk can include positive and negative factors for consideration (new interpretation) **Improvement can include innovation and re-organization
Interested parties identification
YourOrganization
• Customer
• Employees
• External providers
• Owners
• Shareholders
• Bankers
• Regulators
• Union
• Partners
• Society
• Competition
• Opposing groups
Ref: ISO 9000:2015 3.2.3 Interested party
Mapping interested party requirements to business process
Interested Party Requirements Which business process will
cover?
Note: If there is no existing
process addressing a given
requirement – point this as a
GAP and recommend a process
to be developed. If a process
exists, name that process in this
cell.
What is the process approach?
“The systematic management of processes and their
interactions to achieve intended results”
All organizations use processes to:
• set interrelated or interacting activities
• transform inputs into outputs
• build in checks to meet objectives and promote
continuous improvement
The process approach integrates processes into a complete
system to achieve strategic and operational objectives
Courtesy: Slide from ISO TC 176/SC2/ N1290
Single Process Schematics (simplified version)
Source: ISO 9001:2015 Figure 1 (Page viii), ISO TC 176/SC2/ N1290
To use the process approach an organization should:
• understand and define the processes needed to meet its objectives
• recognize that the processes are unique to its own context
• integrate all of the processes and their interactions into a system that
utilizes risk-based thinking
Leadership requirement
Taking accountability for the effectiveness of the quality management
system
Compatible with the context and strategic direction of the organization
Ensuring the integration of the quality management system
requirements into the organization’s business processes
Promoting the use of the process approach and risk-based thinking
Communicating the importance of effective quality management and
of conforming to the quality management system requirements
Ensuring that the quality management system achieves its intended
results
Engaging, directing and supporting persons to contribute to the
effectiveness of the quality management system;
Promoting improvement
Documented information The organization shall maintain documented information to the extent
necessary to support the operation of processes (4.4)
Scope
Quality Policy
information determined by the organization as being necessary for the
effectiveness of the quality management system
information of external origin determined by the organization
Where requirements for products and services are changed, relevant
documented information is amended
Note: There is no requirement for the structure of an organization’s QMS
documentation to mirror that of this international standard.
ISO 9001:2015 Annex, A new look- QP Sep 2014,
Documented information
• No requirement for a quality manual (7.5). There is no
longer a requirement for mandated procedures.
• When creating and updating documented information the
organization shall ensure appropriate: b) format (e.g.
language, software version, graphics) and media (e.g.
paper, electronic); (7.5.2)
• it is adequately protected (e.g. from loss of confidentiality,
improper use, or loss of integrity). (7.5.3)
Summary: appropriate, protected.
• Dominance of electronic information in the last several
years.
Organizational knowledge
The organization shall determine the knowledge necessary
for the operation of its processes and to achieve conformity
of products and services.
• This knowledge shall be maintained, and made available
to the extent necessary.
• When addressing changing needs and trends, the
organization shall consider its current knowledge and
determine how to acquire or access the necessary
additional knowledge.
Summary: knowledge assessment, maintenance,
dissemination, dynamic, acquisition, and accessibility-
Knowledge management
Risk Based Thinking
Balance risks and opportunities
• Analyse and prioritize your risks
what is acceptable?
what is unacceptable?
• Plan actions to address the risks
how can I avoid, eliminate or mitigate risks?
• Implement the plan; take action
• Check the effectiveness of the action; does it
work?
• Learn from experience; improve
Courtesy: Slide from ISO TC 176/SC2/ N1283
Risk Based ThinkingOrganization and shall determine risks and opportunities
• in accordance with the requirements
• that can affect conformity of products and services and the ability to
enhance customer satisfaction
• give assurance that the quality management system can achieve its
intended result
• prevent, or reduce, undesired effects
• achieve continual improvement
• integrate and implement the actions into its quality management
system processes
• evaluate the effectiveness of these actions
• post-delivery - associated with the products and services
• Effectiveness of actions management review
Transition Strategy
Purchase a copy of ISO
9001:2015 Standard.
Register the external
document in the
system.
Read and understand
transition guidance
documents, from ISO
TC 176/SC2 website,
ASQ ISO 9001
knowledge center site,
and your registrar
organization
Compare the changes
to the ISO 9001: 2008
and develop key list of
major changes.
Review impact
assessment with your,
internal quality auditors
and extended QMS
Team (Process owners)
Present key changes of
the current standard to
your management team
Publish newsletter for
all employees general
awareness that the ISO
9001 standard revision
and implementation
plan
Let your registrar know
when your organization
is planning this
transition (year 1,2 or3)
If ISO 9001 is
contractually required
by your customers, let
them know of your
transition plan.
Let your supplier quality
function enquire your
key supplier’s transition
plan during the periodic
audits.
Start making any
required changes to
your existing
documentation
Develop a high level
training.
Conduct training for
internal auditors and
process owners
Conduct gap analysis
based on the release
standard
Present the gap to
management team at
management review or
a special scheduled
meeting.
Planning Communication Execution
Obtain management
commitment for
addressing the gaps in
a timely manner
Also see: http://www.iaf.nu/upFiles/IAFID9Transition9001PublicationVersion.pdf
ISO 9001:2015 Certification - Transition Timeline
September 2015 start of 3 years transition period
to September 2018
•Certifications to ISO 9001:2008 will no longer be
valid after September 2018
2018201720162015
September 2015
Published International Standard
Courtesy: Slide from ISO TC 176/ SC 2/ N1282
References and bibliography
• ISO 9000:2015 - Quality management systems --
Fundamentals and vocabulary
• ISO 9001:2015 - Quality management systems --
Requirements
• TC 176 SC2 home page
• ASQ ISO 9001:2015 knowledge center
• All Hands on Deck (Govind Ramu)
• Quality in Outsourcing 2.0 (Govind Ramu)
Single Process (detailed version)Sources of
InputsInputs Process Outputs
Customer
Interested
parties? Person
– Skills
– Knowledge
– Training
– Qualification/Re-qualification
Interim and End
Products,
Characteristics
(Information),
Process Yields,
throughput, Cycle time,
process time (data,
analysis)
Machine
(Hardware &
Software)
(H/W & S/W)
– Selection criteria
– Capability
– Qualification
– H/W-S/W integration
– Maintenance
– Calibration
– Safety
Material
– Initial Qualification
– Incoming Quality Control
– Preservation/Expiration
– Material stability
– Important Consumables,
– Direct and Indirect Materials
Method
– Work Instruction
– Non-Documented Instructions
– Handling, Error proofing
– Setting, Alignment, measurement
– Process condition
Process Steps,
Controls:
SPC, OCAP,
Process
Changes
Environment
– Temperature
– Humidity
– Ergonomics
– Clean room Particle count
– Electro Static Discharge (ESD)
– Hazardous substances
Measurement
– Measurement Equipment Selection
criteria
– Measure System Analysis and
stability
Measurement
sequence
Feedback from output
Ref: Process audit– memory aide – Govind Ramu