ISO 9001:2015 What is new – an overview

(Presented for ASQ India members)

Govind Ramu, P.Eng. ASQ FellowASQ CMQOE, CQE, CSSBB, CQA, CSQE, CRE

Agenda

• Key advantages

• Key changes Executive Summary

• Interested parties identification

• Process approach

• Leadership requirement

• Documented information

• Organizational knowledge

• Risk Based Thinking

• Transition Strategy

• ISO 9001:2015 Certification - Transition Timeline

• Q & A – 15 Min

Key advantages of new revision

• Better alignment with other management systems (IMS friendly)

• Less emphasis on documentation* and more emphasis on process

• Requirements of QMS integration into organization’s business

process, tying business strategy with QMS

• Emphasis on “Risk based thinking”, “process approach” and

improvement

• Making the standard relevant to recent developments – data

protection, knowledge retention challenges, etc.

• Recognition of influence of “People” component in a QMS and

address competence, awareness and communication

QMS= Quality Management System, IMS= Integrated Management System*Depends on size, type, activity, process, product, service, complexity, competence requirement

ISO 9001:2015 Key changes Executive summary

Requirements ISO 9001:2008 (Previous

version)

ISO 9001:2015 (Effective Sep 2015)

Top Management requirements Limited requirements directly

under top management. Quality

Management Representative

share additional management

requirements

Additional requirements moved under Top

management. Management representative

role eliminated

Context of the organization and

interested parties

No requirement Understanding operating environment,

interested parties requirements, internal and

external issues relevant to organizations

strategic direction

Risks and Opportunities No requirement Actions to address risks* and opportunities for

improvement** from internal and external

issues. Integration and implementation of

actions into QMS (Risk based thinking)

Corrective and Preventive action Corrective and Preventive action

were two sections of

requirements

Risk based thinking and Corrective action.

(Prevention first). Also a Leadership

responsibility to promote

Organizational Learning No requirement Organization knowledge – determine,

maintain, address changing needs and trends,

continue to capture new knowledge

Process Approach Implied expectation on “process

approach” to process definition

and management

Explicit requirements on “process approach”.

as a leadership responsibility to promote

Services Implied expectation that QMS

requirements are applicable to

products (and services)

Explicit requirements that QMS requirements

are applicable to products and services.

*Risk can include positive and negative factors for consideration (new interpretation) **Improvement can include innovation and re-organization

Interested parties identification

YourOrganization

• Customer

• Employees

• External providers

• Owners

• Shareholders

• Bankers

• Regulators

• Union

• Partners

• Society

• Competition

• Opposing groups

Ref: ISO 9000:2015 3.2.3 Interested party

Mapping interested party requirements to business process

Interested Party Requirements Which business process will

cover?

Note: If there is no existing

process addressing a given

requirement – point this as a

GAP and recommend a process

to be developed. If a process

exists, name that process in this

cell.

What is the process approach?

“The systematic management of processes and their

interactions to achieve intended results”

All organizations use processes to:

• set interrelated or interacting activities

• transform inputs into outputs

• build in checks to meet objectives and promote

continuous improvement

The process approach integrates processes into a complete

system to achieve strategic and operational objectives

Courtesy: Slide from ISO TC 176/SC2/ N1290

Single Process Schematics (simplified version)

Source: ISO 9001:2015 Figure 1 (Page viii), ISO TC 176/SC2/ N1290

To use the process approach an organization should:

• understand and define the processes needed to meet its objectives

• recognize that the processes are unique to its own context

• integrate all of the processes and their interactions into a system that

utilizes risk-based thinking

Leadership requirement

Taking accountability for the effectiveness of the quality management

system

Compatible with the context and strategic direction of the organization

Ensuring the integration of the quality management system

requirements into the organization’s business processes

Promoting the use of the process approach and risk-based thinking

Communicating the importance of effective quality management and

of conforming to the quality management system requirements

Ensuring that the quality management system achieves its intended

results

Engaging, directing and supporting persons to contribute to the

effectiveness of the quality management system;

Promoting improvement

Documented information The organization shall maintain documented information to the extent

necessary to support the operation of processes (4.4)

Scope

Quality Policy

information determined by the organization as being necessary for the

effectiveness of the quality management system

information of external origin determined by the organization

Where requirements for products and services are changed, relevant

documented information is amended

Note: There is no requirement for the structure of an organization’s QMS

documentation to mirror that of this international standard.

ISO 9001:2015 Annex, A new look- QP Sep 2014,

Documented information

• No requirement for a quality manual (7.5). There is no

longer a requirement for mandated procedures.

• When creating and updating documented information the

organization shall ensure appropriate: b) format (e.g.

language, software version, graphics) and media (e.g.

paper, electronic); (7.5.2)

• it is adequately protected (e.g. from loss of confidentiality,

improper use, or loss of integrity). (7.5.3)

Summary: appropriate, protected.

• Dominance of electronic information in the last several

years.

Organizational knowledge

The organization shall determine the knowledge necessary

for the operation of its processes and to achieve conformity

of products and services.

• This knowledge shall be maintained, and made available

to the extent necessary.

• When addressing changing needs and trends, the

organization shall consider its current knowledge and

determine how to acquire or access the necessary

additional knowledge.

Summary: knowledge assessment, maintenance,

dissemination, dynamic, acquisition, and accessibility-

Knowledge management

Risk Based Thinking

Balance risks and opportunities

• Analyse and prioritize your risks

what is acceptable?

what is unacceptable?

• Plan actions to address the risks

how can I avoid, eliminate or mitigate risks?

• Implement the plan; take action

• Check the effectiveness of the action; does it

work?

• Learn from experience; improve

Courtesy: Slide from ISO TC 176/SC2/ N1283

Risk Based ThinkingOrganization and shall determine risks and opportunities

• in accordance with the requirements

• that can affect conformity of products and services and the ability to

enhance customer satisfaction

• give assurance that the quality management system can achieve its

intended result

• prevent, or reduce, undesired effects

• achieve continual improvement

• integrate and implement the actions into its quality management

system processes

• evaluate the effectiveness of these actions

• post-delivery - associated with the products and services

• Effectiveness of actions management review

Transition Strategy

Purchase a copy of ISO

9001:2015 Standard.

Register the external

document in the

system.

Read and understand

transition guidance

documents, from ISO

TC 176/SC2 website,

ASQ ISO 9001

knowledge center site,

and your registrar

organization

Compare the changes

to the ISO 9001: 2008

and develop key list of

major changes.

Review impact

assessment with your,

internal quality auditors

and extended QMS

Team (Process owners)

Present key changes of

the current standard to

your management team

Publish newsletter for

all employees general

awareness that the ISO

9001 standard revision

and implementation

plan

Let your registrar know

when your organization

is planning this

transition (year 1,2 or3)

If ISO 9001 is

contractually required

by your customers, let

them know of your

transition plan.

Let your supplier quality

function enquire your

key supplier’s transition

plan during the periodic

audits.

Start making any

required changes to

your existing

documentation

Develop a high level

training.

Conduct training for

internal auditors and

process owners

Conduct gap analysis

based on the release

standard

Present the gap to

management team at

management review or

a special scheduled

meeting.

Planning Communication Execution

Obtain management

commitment for

addressing the gaps in

a timely manner

Also see: http://www.iaf.nu/upFiles/IAFID9Transition9001PublicationVersion.pdf

ISO 9001:2015 Certification - Transition Timeline

September 2015 start of 3 years transition period

to September 2018

•Certifications to ISO 9001:2008 will no longer be

valid after September 2018

2018201720162015

September 2015

Published International Standard

Courtesy: Slide from ISO TC 176/ SC 2/ N1282

Q & A

References and bibliography

• ISO 9000:2015 - Quality management systems --

Fundamentals and vocabulary

• ISO 9001:2015 - Quality management systems --

Requirements

• TC 176 SC2 home page

• ASQ ISO 9001:2015 knowledge center

• All Hands on Deck (Govind Ramu)

• Quality in Outsourcing 2.0 (Govind Ramu)

Single Process (detailed version)Sources of

InputsInputs Process Outputs

Customer

Interested

parties? Person

– Skills

– Knowledge

– Training

– Qualification/Re-qualification

Interim and End

Products,

Characteristics

(Information),

Process Yields,

throughput, Cycle time,

process time (data,

analysis)

Machine

(Hardware &

Software)

(H/W & S/W)

– Selection criteria

– Capability

– Qualification

– H/W-S/W integration

– Maintenance

– Calibration

– Safety

Material

– Initial Qualification

– Incoming Quality Control

– Preservation/Expiration

– Material stability

– Important Consumables,

– Direct and Indirect Materials

Method

– Work Instruction

– Non-Documented Instructions

– Handling, Error proofing

– Setting, Alignment, measurement

– Process condition

Process Steps,

Controls:

SPC, OCAP,

Process

Changes

Environment

– Temperature

– Humidity

– Ergonomics

– Clean room Particle count

– Electro Static Discharge (ESD)

– Hazardous substances

Measurement

– Measurement Equipment Selection

criteria

– Measure System Analysis and

stability

Measurement

sequence

Feedback from output

Ref: Process audit– memory aide – Govind Ramu