ISO 9001:2015 Are you ready?ISO 9001:2015 and ISO 14001:2015 are more closely aligned than ever....
Transcript of ISO 9001:2015 Are you ready?ISO 9001:2015 and ISO 14001:2015 are more closely aligned than ever....
www.softexpert.com
The International Organization for Standardization
(ISO) has published a major revision of its ISO
9001 standard. This standard is internationally
recognized and defines the principles for quality
management systems.
The review was presented in September 2015. It
includes a number of important changes for
organizations that already hold ISO 9001
certification, as well as for those seeking to
develop and implement a quality management
system.
www.softexpert.com
The foundation of the standard has undergone considerable evolution over the 25 years
since its original publication. Therefore, the ISO 176 Technical Committee responsible
for ISO 9001, determined that its revision was necessary.
Thus, the standard remains relevant to the most current quality management practices.
Why has
ISO 9001been revised?
www.softexpert.com
ISO 9001:2008 will be recognized and
can be audited to until the end of the
three-year transition period for ISO
9001:2015 (expected September 2018).
All organizations must transition to the
new standard by the transition deadline
at which point certificates for ISO
9001:2008 will no longer be valid.
How long will
ISO 9001:2008
continue to be
recognized and
audited to?
www.softexpert.com
July - October 2014: Comments on DIS submitted
July 2015: Final Draft International Standard FDIS issued
September 2015: ISO 9001:2015 released
September 2015 - September 2018: Transition period. All current registrations to ISO 9001:2008 must be transitioned to the 2015
revision by this time, or they will lapse.
What is the timeline for publication and implementation of ISO 9001:2015?
June/13 CD(Committee Draft)
April/14 DIS(Draft Internacional
Standard)
July/15 FDIS(Final Draft
InternacionalStandard)
Sept/15Published
InternationalStandard
www.softexpert.com
Companies currently certified by ISO 9001: 2008
should carefully review the changes and draw up a plan
to implement the changes to their QMS in response to
new requirements.
How organizations ISO 9001:2008 certified are being affected by changes?
www.softexpert.com
The three standards are under review status or review completed. The proposed changes to
each standard considered those using more than one standard. In the future, organizations will
see a much more aligned and facilitated process of integrating standards. However, the
publication date of each standard is different.
My integrated system also includes the useof ISO 14001 and OHSAS 18001. Will thechanges made to ISO 9001 affect my systemand how I will need to transition to the newrequirements?
www.softexpert.com
ISO 9001:2015 and ISO 14001:2015 are more closely aligned than ever. Both standards use the same high-level
structure defined in Annex SL.
Approximately 30% of the language of the two management system standards is the same. ISO 14001: 2015
was published in September / 2015.
ISO 14001 was also revised along with ISO 9001. How the changes affect organizations using both standards?
ISO14001
www.softexpert.com
ISO 9001:2015 does not require a quality manual. The
question each organization should consider is whether or not
having one is beneficial to the organization. If it is used as
intended in 9001:2008 - an introduction to the management
system that acts as a guide or roadmap to the overall system -
then by all means have one.
Is the quality manual still mandatory for ISO 9001:2015?
www.softexpert.com
Annex SL is a high-level structure created by ISO in order to provide a
universal high-level structure, identical core text, and common terms
and definitions for all management system standards. It was
designed to make it easier for organizations that have to comply with
more than one management system standard.
Annex SL has a total of 45 “shall” statements resulting in 84
requirements. By the way, the “SL” in Annex SL doesn’t mean
anything. It’s just part of ISO’s numbering scheme.
What is Annex SL?
www.softexpert.com
The revision of the standard has withdrawn the requirement of a
representative appointed by management. But the responsibilities
assigned to the role remain. The management system still needs
a representative and a spokesperson. This does not mean that
this person should automatically be the quality manager. Ideally,
these responsibilities would be shared with a member of the
leadership team. Once the management system is implemented,
that person's role is to be a facilitator of continuous improvement.
What does ISO 9001: 2015 say about the management representative?
www.softexpert.com
Risk-based thinking is one of the most significant changes in the
new standard. In previous versions of ISO, quality team people were
often responsible for dealing with problems through preventive
actions in an attempt to prevent their recurrence. The problem is that
the quality team was not always able to map problems that affect
the organization at the macro level, compromising continuous
improvement.
With the new version, ISO is concerned with involving the leaders,
bringing the thinking of risk already in the planning stage and
strategy definition. With everything previously analyzed, the goal is
that the risks of the process are already under control.
By identifying and dealing with potential dissatisfactions or process
failures in advance, problems are prevented from reaching
customers.
What is “Risk-Based Thinking”?
www.softexpert.com
Three main reasons to adopt “risk based thinking”:
•To improve customer confidence and satisfaction
• To assure consistency of quality of goods and services
• To establish a proactive culture of prevention and improvement
Why should an organization adopt “Risk based Thinking”?
www.softexpert.com
An organization could certainly apply the full requirements of a risk
management system as defined in ISO 31000 and more than meet
the requirements for risk based thinking in ISO 9001:2015. The
standard does not require a full risk management approach but
rather the organization must identify, understand and consider their
business environment in a broad sense and the potential risks they
face. Equipped with this information, the organization should then
design and implement a management system to eliminate,
minimize and control these risks.
Would meeting the risk management requirements in ISO 31000 satisfy the risk management requirements in ISO 9001:2015?
www.softexpert.com
The new standard is still built around the PDCA cycle, which is
featured on page 8 of the Draft International Standard, published in
May 2014. Additionally the new version is more explicit about the
meaning of the process approach.
Is Plan-Do-Check-Act (PDCA) still a part of the ISO 9001 structure in the new version?
www.softexpert.com
One of the key purposes of a quality management system is to act
as a preventive tool. The concept of preventive action is expressed
through a risk-based approach to formulating quality management
system requirements. Although risks and opportunities have to be
determined and addressed, there is no requirement for formal risk
management or a documented risk management process. The
implication is the entire management system, properly
implemented, should function as a preventive tool.
Can you summarize the new approach to Preventative Action in ISO 9001:2015 DIS?
www.softexpert.com
Although very valuable tools, FMEA’s and Control Plans are not
required by ISO 9001:2015. The organizations could apply these tools
as their approach to meet the requirements. Properly developed
Control Plans would satisfy many of the requirements for section 8.
FMEA’s are a useful tool to identify areas of risk required in section 6.
However, the organizations will need to broaden the approach to
cover all aspects of the business, not just the manufacturing
processes.
Are FMEA's and Control Plans required by ISO 9001: 2015?
www.softexpert.com
“Procedures”, “Records”, and “Documents” have all beeneliminated in favor of “Documented Information”. Thestandard is trying to be more inclusive in acceptingalternative approaches to these areas.
All references to “Product” will now read “Products andServices”. This has long been the case already, as clause3 of ISO 9001:2008 stated “Wherever the term “Product”appears it can also mean Service.”.
“Management Responsibility” has become “Leadership”.Pushes further the concept that Management must leadby example and involvement, rather than simply directingthat activities are performed.
“Continual Improvement” has evolved into a largersection called “Improvement”. Promotes the concept thatContinual Improvement is not the only aspect ofimprovement strived for in a quality system(improvement can also be characterized bybreakthroughs, reactive changes, and reorganizations.)
“Suppliers” are now referred to as “External Providers”.This is intended to better accommodate serviceorganizations.
Key changes in terminology
www.softexpert.com
Technology considerations: The QMS provides a centralized, common, and collaborativeenvironment to maintain all policies and procedures. This is where flexibility becomes animportant component:
• Flexibility to adapt to the various processes, and match the outlined commitments toquality and to customers
• Builds in the functionality that will support business needs and the needs/requirements ofthe standard
Clause 4 - “Context of the Organization”: a process-based quality management system
Where technology fits
www.softexpert.com
Technology considerations: The solution should give the entire company visibility into andcontrol over the quality effort by ensuring that all data related to processes and proceduresis kept in a centralized location accessible by all necessary parties:
• A centralized system, one holistic place for quality policy that provides transparency ofinformation
• Document and communicate the policy—control and disseminate information in aconsistent manner
Clause 5 - “Building Leadership”: no longer a single management representative
www.softexpert.com
Technology considerations: Having a way to not only define the measurement of risks, butalso to align them with the quality objective and then assess them from an operationalperspective, is critical. This is done through a risk matrix, which enables to calculate risk byquantifying hazards by plotting them on a graph. The resulting calculation of severity andfrequency becomes the risk factor:
• Risk matrixes, built into the operational processes, not only calculate risk but enableimmediate remediation of high-risk events.
• A solution should have the ability to set up a risk assessment calculation, benchmarkedagainst the requirements/objectives, and provide a way to take action on high-risk events.
Clause 6 - “Planning”: the risk management
www.softexpert.com
Technology considerations: A technology solution will build in functionality around theprocess of review and approval, integrated with training, change and revision controlprocesses, and periodic reviews. Collaboration on documentation improvement is key tothis element:
• An integrated document control and training system.
• The process includes the training of people and communication, by which new informationis disseminated and consumed. Being able to automate much of this is key, especiallywhen the target is to create a more seamless, collaborative, and companywide perspectiveon quality.
Clause 7 - “Supporting your QMS”: the people and the infrastructure to support the quality initiatives
www.softexpert.com
Technology considerations: The processes are the biggest component, and creating adesign plan, a supplier evaluation, or establishing nonconforming material criteria, it’simportant to ensure that information is transferred from one process to the next:
• A technology solution that will take design information, such as a bill of materials, andcommunicate to production and suppliers, and include potential nonconforming criteriato be assessed, rests in the ability of the system to provide traceability, visibility, andcontrol.
Clause 8 - “Operational Processes”: the framework for how you design, source, produce, and monitor your operations
www.softexpert.com
Technology considerations: A solution that can collect customer data via feedback suchas complaints and adverse events, and allows to take action on that data, is vitallyimportant to understanding if the quality commitment to customers is reached. Having acentralized and aggregated way to organize the feedback data is essential, and anautomated QMS will provide:
• Auditing solutions: a solution that not only manages and standardizes the auditingprocess, but also the scheduling process.
• Measuring effectiveness with collaborative reporting: a solution that provides data fromdesign, production, documentation, training, feedback, audits, and beyond
Clause 9 - “Evaluation”: the importance of feedback and regular assessment
www.softexpert.com
Technology considerations: Being able to record information in a single location is critical.If the organization is going to issue a corrective action, it should be traceable back to thenonconformance. Linking a nonconformity to a corrective and preventive action, and beingable to create a seamless closed loop on the process, will ensure that data is not lost orentered incorrectly.
• Lastly, the organization want to build reporting and data collection to look forimprovement areas. Having a robust reporting system on the entire QMS is criticallyimportant to make informed decisions.
Clause 10 - “Improvement”: Fostering overall improvements
www.softexpert.com
SoftExpert is a market leader in software andservices for enterprise-wide business processimprovement and compliance management,providing the most comprehensive applicationsuite to empower organizations to increasebusiness performance at all levels and tomaximize industry-mandated compliance andcorporate governance programs.
Founded in 1995 and currently with more than2,000 customers and 300,000 users worldwide,SoftExpert solutions are used by leadingcorporations in all kinds of industries, includingmanufacturing, automotive, life sciences, foodand beverage, mining and metals, oil and gas,high-tech and IT, energy and utilities, governmentand public sector, financial services,transportation and logistics, healthcare, and manyothers.
SoftExpert, along with its extensive network ofinternational partners, provides hosting,implementation, post-sales support andvalidation services for all solutions to ensure thatcustomers get the maximum value from theirinvestments.
About SoftExpertSoftExpert Excellence Suite
SoftExpert Excellence Suite is the most comprehensive framework of independent yetunited solutions to achieve business performance excellence, streamline corporategovernance, risk and compliance programs, and ensure continuous business processimprovement.
Companies may not need all applications at once, or may want to deploy one applicationmodule at a time, growing gradually as the need arises. Whatever the strategy chosen,only a fully shared environment allows its applications to fit together like puzzle piecesand work seamlessly.
Take your business to the next level
www.softexpert.com | [email protected]
Disclaimer: The content of this publication may not, in whole or in part, be copied or reproduced without prior authorization from SoftExpert Software. This publication is provided by SoftExpert and/or its network of affiliates strictly for informational purposes, without any guaranteeof any kind. The only guarantees related to SoftExpert products and services are those contained within a contract. Some product functionalities and characteristics presented herein may be optional or may depend on the makeup of the offer(s) acquired. The content of this materialis subject to change without prior notice.