ISO 9001:2015 CLAUSE 6 PLANNING
CLAUSE 6 PLANNING
Introduction
Clause 6 Planning brings risk-based thinking
to the front. Once the organization has highlighted risks and
opportunities in clause 4, it needs to stipulate how these will be
addressed through planning. The planning phase looks at what, who, how
and when these risks must be addressed. This proactive approach replaces
preventative action and reduces the need for corrective actions later
on. Particular focus is also placed on the objectives of the management
system. These should be measurable, monitored, communicated, aligned to
the policy of the management system and updated when needed. After much
deliberation, the decision to make risk explicit has been made – here it
is in clause 6. Having highlighted the issues and requirements in
clause 4, now it is time to address the risks and opportunities the
organisation faces through planning. How will the organisation prevent,
or reduce, undesired effects? How will the organisation ensure that it
can achieve its intended outcomes and continual improvement? It will do
it here in planning. Planning will address what, who, how and when. Not
difficult. This proactive approach is easier to understand than
preventive action and should reduce the need for correction
and corrective action at a later date. The requirements around the
Quality objectives have also been made more detailed. They are to be
consistent with the Quality policy, measurable (if practicable),
monitored, communicated, and updated as appropriate. They have to be
established at relevant functions and levels. Clause 6 puts a greater
emphasis on the organisation’s Planning which is integral to
the business. Auditors should be familiar with risk – the consequences
of an event and the associated likelihood of occurrence – and how to
avoid, eliminate, minimize or mitigate it. They also need to focus on
the positive aspect – opportunities for the business and how to optimize
them. The risks and opportunities identified will lead to policies and
objectives. Auditors should be able to identify and follow a clear path
from issues and requirements through risks and opportunities,
policies and objectives.
Planning Process
6.1 Actions to address risks and opportunities
6.1.1
When planning for the
quality management system, the organization shall consider the issues
referred to in Understanding the organization and it context (4.1) and
the requirements referred to in Understanding the needs and expectations
of interested parties(4.2) and determine the risks and opportunities
that need to be addressed to give assurance that the quality
management system can achieve its intended result(s); prevent, or
reduce, undesired effects; and to achieve continual improvement.
6.1.2
The organization must
plan actions to address the risks and opportunities determine in clause
6.1.1. The organization must also plan on how to integrate and
implement the actions into its quality management system processes
and evaluate the effectiveness of these actions. Actions taken to
address risks and opportunities must be proportionate to the potential
impact on the conformity of products and services. Options to address
risks can include but not limited to avoiding, risk, taking risk in
order to pursue an opportunity, eliminating the risk source, changing
the likelihood or consequences, sharing the risk, retaining risk by
informed decision or implementing standards like ISO 31000. It is the
prerogative of the management to adopt any one of the practices.
Opportunities can lead to the adoption of new practices, launching of
new products, opening new markets, addressing new customers, building
partnerships, using new technology and other desirable and viable
possibilities to address the organization’s or its customer’s needs.
It is the responsibility of top
management to provide direction, authorization and, resources and review
for QMS planning. When developing your QMS process controls for
determining customer requirements, design, development, manufacture,
delivery and customer support, you must focus on meeting customer and
regulatory requirements as well as the planned QMS objectives
established in clause 5.4.1. QMS planning requires you to identify all
your QMS processes and describe their sequence and interaction. The
criteria and methods for planning, operation and control of these
processes come from the rest of the ISO requirements as well as your
customer and your own organization. When planning its QMS, the top
management must implement and promote a culture of risk-based thinking
throughout the organization to determine and address the risks and
opportunities associated with providing assurance that the QMS can
achieve its intended result(s); provide conforming products and
services, enhance customer satisfaction; promote desirable effects and
improvement; and prevent, or mitigate, undesired effects. The
organization must integrate the actions to address these risks and
opportunities into its QMS processes using the PDCA cycle. Not all
processes of a quality management system represent the same level of
risk in terms of the organization’s ability to meet its objectives and
the effects of uncertainty are not the same for all organizations. Each
organization is therefore responsible for the extent it applies
risk-based thinking and the actions it takes to address risk, including
whether or not to retain documented information as evidence of its
determination of risks. Planning also requires monitoring and measuring
these actions and gathering, analyzing and evaluating appropriate data
and information to determine the effectiveness of such actions. This
planning must be periodically reviewed and updated as necessary when
taking corrective actions or at management reviews. These actions must
be proportional to the potential impact on the conformity of products
and services. When planning its QMS, the organization must consider the
risks and opportunities presented by external and internal issues as
well as the needs and expectations of interested parties, relevant to
its purpose and strategic direction.Risk Management should be
implemented at all levels of an organization, from the strategic to the
operational level. The result of risk assessment should be considered in
documenting the plans for process operation and risk control.
At the business and QMS planning stage, the organization should:- Determine the categories of risk from – strategic, operational, environmental legal, social, and financial points of view that the organization may be exposed to – that could impact its ability to conduct its business operations without disruption and to provide customer satisfaction and achieve sustained success.
- The risk management methodology must be appropriate to the size and complexity of the organization. Establish a comprehensive list of risks under each of the categories described above, that might influence the achievement of process, product and service objectives;
- The methodology should include the following steps to:
- Identify each potential risk;
- Describe the potential outcome of the risk;
- Identify potential cause(s) of risk outcome
- Rate the consequence or severity of the outcome;
- Rate the likelihood of the cause occurring;
- Rate the probability of early detection of the outcome should it occur;
- Establish risk tolerance criteria;
- Categorize each risk into critical, high, medium or low based on using a combination of severity, occurrence, detection ratings and other relevant factors to establish an overall risk score to all risks listed; Use the risk score to establish priority in addressing identified risks.
- Identify and determine the adequacy of any existing control to address the identified risk;
- Determining appropriate controls to respond to each identified risk (process control plans). These controls should preferably prevent the potential cause of the risk from occurring and secondly at least be able to detect the cause and/or outcome of the risk.
- Determine compliance with predetermined tolerance criteria for acceptability of risk
- Provide and use risk management information for strategic decision-making and managing operations.
- Methods to identify risks
- Look at past history of performance, lessons learned, current operations and planned future activities to identify potential risks or undesirable outcomes.
- Look at current activities and problems encountered, current and planned future activities – TGW (things going wrong)
- Apply TGW (things gone wrong) for past activities and a contingency or “what if’ approach to identifying current and future risks.
- Apply these approaches to the full spectrum of risk categories listed in 1 above.
- Use various tools such as cross-functional teams, flow charts, checklists, risk analysis diagrams to brainstorm and facilitate risk identification, analysis and evaluation
- Ask when, where, why, who and how type questions to identify past, current and future risks
- As indicated earlier the purpose of risk management controls is manifold and could include:
- Avoiding risk, where the only option is not go forward with an activity or to withdraw from it
- Taking risk, where risks have desirable potential consequences
- Altering risk, to optimize potential opportunities and minimize threats
- Transferring risk by measures including insurance, contractual arrangements, trade unions, partnerships and joint ventures
- Retain risk, where no worthwhile controls actions are feasible and the risk is within the organization’s risk tolerance
- Removing the source of the risk by perhaps using alternate or new technology.
Example of Determining Risk and Opportunity:
Issues (internal) | Expected Results | Uncertainty | Risk(-Ve) H/M/L |
Opportunities |
---|---|---|---|---|
Availability of reliable, qualified, competent and multi-skilled workforce | Work force is Competent | Existing Workforce not all skilled | M | Opportunity to multi-skilled installation teams — impact on installation times |
Culture within the organization – work quality | Work force is motivated | Unacceptable quality of work | H | Opportunity for top Managers to lead. |
Work Force retention- Wage | Work force are loyal to the organization | Work force leaving for better paid work | H | Opportunity to benchmark our Competitors wages |
Issues (External) | Expected Results | Uncertainty | Risk (-Ve) H/M/L |
Opportunities |
---|---|---|---|---|
Client working environment – other trades working alongside us |
Integrated is protected | Damage to our installation | H | Opportunity to place barriers, floor markers, signs for clear identification |
Standardization and certification within the industry – not conforming |
Being upto date and informed on standards | Code of practices are changing all the time | L | Opportunity for designers to attend free update trade body conference (0.5 day) |
Client Consideration – bringing expertise in-house | Work force remain loyal to the organization | Workforce for managed on-site contracts being employed direct by clients |
H | Opportunity for new contract clause prohibiting employment (time-bound) |
6.2 Quality Objectives and Planning to Achieve Them
6.2.1
The organization must
establish quality objectives at relevant functions, levels, and
processes. The quality objectives must be consistent with the quality
policy; measurable; based on applicable requirements; relevant to
conformity of products and services and enhancement of customer
satisfaction; monitored; communicated; be updated as appropriate. The
organization should maintain a documented information on the quality
objectives.
6.2.2
When planning how to achieve
the quality objectives, the organization must determine what will be
done; what resources will be required; who will be responsible; when it
will be completed; how the results will be evaluated.
The purpose of quality objectives is to
determine conformity to (customer, regulatory and relevant stakeholders )
requirements, and effective deployment and improvement of the QMS. This
clause 6.2 sets out specific requirements for planning of quality
objectives.This Clause requires you to document it. This Clause also
requires you to monitor and measure and evaluate results to your planned
objectives. Top management must provide the leadership, organization
and resources to deploy and achieve planned quality objectives. The
process and the responsible personnel needed to achieve the Quality
objective must be determined. Quality policy provides the framework
for establishing quality objectives in order to be consistent with it
and provided examples of such consistency. In this clause, Organization
must ensure that specific quality objectives are established at relevant
functions, levels and processes needed for QMS. Quality objective
should be relevant to meeting requirements of your products and services
and to enhance customer satisfaction. Quality objectives is used to
measure the performance of products, Service processes, customer
satisfaction, suppliers, use of resources and the overall performance
and effectiveness of the QMS. Quality objectives may be established for
all QMS processes.
Examples of quality objectives:- Product – reduction in defect rates, PPM’s (defective parts per million), scrap rates, rework; improvement in on time delivery.
- Process – objectives generally focus on improving process productivity through the elimination or reduction of variation and waste in process – inputs, outputs, conversion activity and related use of resources.
- Monitor and improve process – productivity, reduction of cycle time, errors, omissions and failures; etc. Examples could include objectives for – set-up time, run rates, process cycle time, etc.
- Customers – reduction in # of complaints, improvement in customer satisfaction rating, on time delivery, service, support, etc,.
- Suppliers – material defects,on time delivery, no of complaints with supplier.
- Resources includes facility, equipment, labor, etc.- objectives could be established based on availability, capability, maintenance, personnel competency, absenteeism, production rates; efficiency; safety; etc.
- For the QMS – customer satisfaction feedback, internal audit results, # of improvement opportunities; etc.
Quality objectives may be set at various
functional levels of the organization – top management, departments,
processes, functional groups, work cells, project teams, individuals,
etc. It would be useful to cover these levels as they add value and
contribute to customer or organizational objectives. Employees at all
of these levels must be made aware of the importance of and how they
must contribute to the achievement of these objectives.Quality
objectives must be measurable. Measurement can be done quantitatively or
qualitatively. Quantitative measures are generally more objective in
determining whether conformity or effectiveness has been achieved. In
some situations, the use of qualitative measurements may be appropriate.
These quality objectives must be deployed and measured and top
management must conduct an effective review of the measurement results.
These measurement results must also be used for corrective action and
continual improvement. The quality objectives must be achieved within a
defined time period to ensure accountability i.e reducing customer
complaint by 30% by March 2016. This could be determined by your
customer, your management, your head office, regulatory bodies, etc.
Your business or quality planning process must establish these time
periods and include the communication of objectives and timelines to
those responsible for achieving them. Quality objectives may be
documented in any or all of these documents such as quality manual, QMS
processes, procedures, quality plans etc. The establishment of quality
objectives should be part of the business planning or QMS planning
processes. A review of the quality objectives should be part of your
management review process. After the review the Quality objectives may
be updated as appropriate. As a document information, your documented
statement of objectives must be controlled by 7.5.3 control of
documented Information. You must be careful not to overwhelm your
organization with too many objectives as this may cause more frustration
than positive results. Start with objectives that focus on meeting
customer requirements and then slowly develop meaningful objectives for
key processes and risk prone processes, as initial targets are achieved.
6.3 Planning of Changes
Where the organization
determines the need for change to the quality management system (from
4.4 g) the change must be carried out in a planned and systematic
manner. The organization must consider the purpose of the change and any
of its potential consequences; integrity of the quality management
system; availability of resources; allocation or reallocation of
responsibilities and authorities.
The continuity and effectiveness of your
QMS must be substantially maintained in the event of significant
changes in your QMS or organization, e.g. management, ownership,
relocation, technology, product, shift in customer base, etc. Changes
must be carefully planned so as not to disrupt your organizations
ongoing capability and responsibility to effectively meet customer and
regulatory requirement. In such instances, change control would require:
- careful planning of the nature and timeline for the changes;
- determining the impact or outcome of such changes;
- ensuring adequate resources are available to implement the change;
- top management authorization
- change deployment and follow-up
- review of the QMS by top management after changes are effected.
The ISO 9001:2015 requirements provide a
strong basis for a management system for business that supports the
strategic direction of the organization. Once the organization has
identified its context and interested parties and then identified
the processes that support this linkage. Once processes are determined,
an organization will need to identify the risks and
opportunities associated with these processes. To achieve the benefits
associated with the determination of risks and opportunities, changes
may be needed. These changes can be related to any element of the
process, such as inputs, resources, persons, activities, controls,
measurements, outputs, etc. Changes are intended to be beneficial to the
organization and need to be carried out as determined by the
organization. In addition, consideration of new introduced risks
and opportunities need to be taken into account.There may be changes in
QMS due to Customer feedback, Customer complaint, Product failure,
Employee feedback, Innovation, Determined risk, Determined
opportunity, Internal audit results, Management review results,
Identified nonconformity.
The changes may occur in for
example Processes, Documented information, Tooling, Equipment, employee
training, supplier selection, supplier management and others. To
achieve the benefits associated with changes, the organization should
consider all types of changes that may need to occur. The successful
management and control of these changes has become a core requirement
within the organization’s QMS. Some changes need to be carefully managed
while others can be safely ignored. In order to sort through this, the
organization should consider a method to prioritize. To determine the
priority, the organization should consider a methodology that allows
them to take into account:
- Consequences of the change
- Likelihood of the consequence
- Impact on customers
- Impact on interested parties
- Impact on quality objectives
- Effectiveness of processes that are part of the QMS
Steps to implement changes
- Define the specifics of what is to be changed
- Have a plan (tasks, timeline, responsibilities, authorities, budget, resources, needed information, others)
- Engage other people as appropriate in the change process
- Develop a communication plan (appropriate people within the organization, customers, suppliers, interested parties, etc. may need to be informed)
- Use a cross functional team review the plan to provide feedback related to the plan and associated risks
- Train people
- Measure the effectiveness
Prior to making a change, the
organization should consider unintended consequences. After making a
change the organization should monitor the change to determine
its effectiveness and to identify any additional problems that might be
created. Records of some changes may be needed as part of the Quality
Management System
Those rules moreover attempted to wind up plainly a decent approach to perceive that other individuals online have the indistinguishable enthusiasm like mine to get a handle on incredible arrangement more around this condition.Fire and safety training institute in chennai
ReplyDelete