Thursday, 19 April 2018

New ISO Standards Transition Workshop (Auditors) ISO 9001:2015 What has Changed?


New ISO Standards
Transition Workshop (Auditors)
ISO 9001:2015
What has Changed?
new concepts are considered - more risk based thinking
the customer remains the primary focus
a new common ISO format has been developed for use across all Management System Standards
a significant re-ordering of the key clauses.
Key Changes
increased emphasis on Achieving Value for the organisation and its customers
increased emphasis on understanding and control of Risk to the organisation
reduced emphasis on Documentation
no stated requirement for Documented Procedures
no reference to a Quality Manual.
And………
no requirement for a Management Representative
no formal requirement for Preventive Action
outsourcing is now External Provision
enhanced Leadership Requirements
Organisational Context – responsiveness to changing Business Environment
No exclusions, only Not Applicable clauses!
High Level Structure
the new standard adopts the high-level structure and terminology of Annex SL (used for the development of all new ISO standards)
High Level Structure - identical core text and common terms and core definitions for use in all Management System Standards:
purpose -  enhance the consistency and alignment of different management system standards
organisations that integrate multiple standards (eg QMS, EMS, OHS) will see the most benefit
uses simplified language and writing styles to aid understanding and consistent interpretations of requirements.
Common structure for MSS
Introduction
1.Scope
2.Normative references
3.Terms and definitions
4.Context of the organization
5.Leadership
6.Planning
7.Support
8.Operation
9.Performance evaluation
10.Improvement.
Clause structure (4-6)
4. Context of the organization
Understanding the organization and its context
Understanding the needs and expectations of interested parties
Determining the scope of the XXX management system
XXX management system
5. Leadership
Leadership and commitment
Policy
Organizational roles, responsibilities and authorities
6. Planning
Actions to address risks and opportunities
Objectives and plans to achieve them.
Clause structure (7-10)
7. Support
Resources
Competence
Awareness
Communication
Documented information
8. Operation
Operational planning and control
9. Performance evaluation
Monitoring, measurement, analysis and evaluation
Internal audit
Management review
10. Improvement
Nonconformity and corrective action
Continual improvement.
Control
Top management requirements
5.1 Leadership and commitment
Top management shall demonstrate leadership and commitment by:
Ensuring (ie someone else can do it)
the Quality Policy and quality objectives are established for the QMS and are compatible with the context and strategic direction of the organisation
the integration of QMS requirements into the organisation’s business processes
the resources needed for the QMS are available
the QMS achieves its intended results
Doing (ie they must do it themselves)
take accountability for the effectiveness of the QMS
promote the use of the process approach and risk-based thinking
communicate the importance of effective quality management and of conforming to QMS requirements
engage, direct and support persons to contribute to the effectiveness of the QMS
promote improvement
support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
Risk-based approach
organisations are required to understand its context (Clause 4.1) and determine the risks and opportunities that need to be addressed (Clause 6.1)
one of the key purposes of a QMS is to act as a preventive tool
there is no separate clause or sub-clause titled “preventive action”
the concept of preventive action is expressed through a risk-based approach to formulating QMS requirements.
Applicability
no specific reference to “exclusions” when determining applicability of requirements to the organisation’s QMS
an organisation will need to review the applicability of requirements due to the size of the organisation, the management model it adopts, the range of activities and the nature of the risks and opportunities it encounters.
Document information
a common clause of “Documented Information” has been adopted
the terms “documented procedure” and “record” have both been replaced throughout the requirements by “documented information”
documented procedures (eg to define, control or support a process) are now expressed as a requirement to maintain documented information
records are now expressed as a requirement to retain documented information.
Organisational knowledge
organisational knowledge (Clause 7.1.6) addresses the need to determine and maintain the knowledge obtained by the organisation and its personnel, to ensure that it can achieve conformity of products and services
the process for considering and controlling knowledge needs to take account the organisation’s context, its size and complexity, the risks and opportunities it needs to address and the need for accessibility of knowledge
the balance between knowledge held by competent people and knowledge made available by other means is at the discretion of the organisation.
Control of externally provided processes, products and services
control of externally provided products and services (Clause 8.4) addresses all forms of external provision, whether by:
purchasing from a supplier
an arrangement with an associate company
the outsourcing of processes and functions of the    organisation, or by any other means
now required to take a risk-based approach to determine the type and extent of controls appropriate to external providers and externally provided products and services.
ISO 9001:2015
Quality Management Systems – requirements.
Introduction
0.1 General
0.2 Quality management principles
0.3 Process approach
0.4 Relationship with other MSS
introduces the rationale for the Standard
more formally structured.
0.1 General
identifies potential benefits
it is not the intent of the standard to imply:
uniformity in the structure of different quality management systems
uniformity of documentation to align to the clauses of the Standard
impose specific terminology to be used.
0.2 Quality management principles
ISO 9001:2008 was based on eight quality management principles whereas the revised version refers to just seven
the principle of “a systems approach to management” has been dropped
the last principle is now called “Relationship management” instead of “Mutually beneficial supplier relationships”.
New Principles
0.3 Process Approach
understand and manage interrelated processes as a system
enables consistent and predictable results
PDCA cycle is fundamental
introduces risk based thinking (always been an implied requirement).
0.4 Relationship with other MSS
now a framework to improve alignment among all International Standards for management systems
better facilitates immigration.
Section 1 - Scope
consistently provide products and services to meet requirements and enhance customer satisfaction – no change
all requirements are intended to be applicable to all organisations, regardless of type, size and product provided no change
removal of exclusions.
Section 2 – Normative references
ISO 9000:2015, Quality management systems – Fundamentals and vocabulary
also describes quality management principles in detail.
Section 3 – Terms and Definitions
no terms and definitions
reference to ISO 9000 – no change
maintains clause numbering for consistency.
Some Terms (docs)
document – information and the medium on which it is contained
documented information - information required to be controlled and maintained by an organisation and the medium on which it is contained
procedure – specified way to carry out an activity or a process (can be documented or not)
record – document stating results achieved or providing evidence of activities performed.
More Terms (improvement)
improvement – activity to enhance performance
objective – result to be achieved
nonconformity – non-fulfilment of a requirement
correction – action to eliminate a detected nonconformity
corrective action – action to eliminate the cause of a nonconformity and prevent recurrence
preventive action – action to eliminate the cause of a potential nonconformity or other undesirable situation
verification – confirmation that specified requirements have been fulfilled
validation – confirmation that requirements for a specified intended use or application have been fulfilled.
More Terms (product)
product – output of an organisation that can be produced without any transaction taking place between the organisation and the customer
service – output of an organisation with at least one activity necessarily performed between the organisation and the customer
performance - measurable results
risk - effect (positive or negative) of uncertainty
outsource - to make an arrangement where an external organisation performs part of an organisation’s function or process - Note: An external organisation is outside the scope of the management system although the outsourced function or process is within the scope.
More Terms (people)
top management – person or group of people who directs and controls an organisation at the highest level
QMS consultant – advisor on QMS realisation – can assist in realising parts of a QMS
interested party – person or organisation that can have an affect, be affected by, or perceive itself to be affected by a decision or activity
competence – ability to apply knowledge and skills to achieve intended results
infrastructure – facilities, equipment & services
work environment - conditions under which work is performed.
Section 4 – Context of the Organisation
Section 4 – Context of the Organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes
this is a new clause and provides a key insight into the organisation
What constitutes the organisation’s quality management system.
Section 4 – Context of the organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes
determine external and internal issues relevant to the QMS
must monitor these issues.
Section 4 – Context of the organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes
determine interested parties relevant to the QMS
determine their needs and expectations
must monitor information about interested parties’ requirements.
Section 4 – Context of the organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes
establish scope by determining boundaries and applicability of the QMS to consider external/internal issues, requirements of interested parties and the organisation’s products and services
scope must be documented and available, justify any clauses of ISO 9001 that is not applicable
any N/A clauses must not effect conformity of products/services and customer satisfaction.
Section 4 – Context of the organisation
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the quality management system
4.4 Quality management system and its processes
must establish, implement, maintain and continually improve the QMS
interaction of processes required (but not documented!)
assign responsibilities and authorities for processes
retain documented information to ensure in the processes
Documented procedures are not necessarily required….
except where they are
needed!
Section 5 - Leadership
Section 5 – Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organisational roles, responsibilities and authorities
top management to now have a greater involvement in the QMS
What is required by top management.
Section 5 - Leadership
5.1 Leadership and commitment
5.1.1 General
5.5.1 Customer focus
5.2 Policy
5.3 Organisational roles, responsibilities and authorises
new clause
must take accountability for the QMS’ effectiveness
ensure Quality Policy and quality objectives are established
ensure QMS is integrated into business processes
ensure resources are available;
Section 5 - Leadership
5.1 Leadership and commitment
5.1.1 General…cont
5.5.1 Customer focus
5.2 Policy
5.3 Organisational roles, responsibilities and authorises
communicate importance of effective QMS and conformance
ensure QMS achieves intended results
promote improvement
support other management to demonstrate leadership.
 
Section 5 - Leadership
5.1 Leadership and commitment
5.1.1 General
5.5.1 Customer focus
5.2 Policy
5.3 Organisational roles, responsibilities and authorises
top management must ensure:
customer and regulatory requirements are met
risks and opportunities are determined and addressed
focused on enhancing customer satisfaction.
Section 5 – Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organisational roles, responsibilities and authorities
now split into two sub-clauses to save the confusion in the previous version of what must be in the policy and what must be done with the policy
must be documented
must be available internally and to interested parties.
Section 5 – Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organisational roles, responsibilities and authorities
ensures responsibilities and authorities for relevant roles are assigned, communicated and understood
no formal requirement for specific management representative
specific mention of changes to QMS.
Section 6 – Planning
Section 6 – Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
introduces risk based approach to planning
addresses risks, opportunities and quality objectives
How quality planning is achieved.
Section 6 – Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
when planning, must consider external/internal issues and interested parties
determine risks to ensure QMS achieves results, enhance desirable effect and achieve improvement
must evaluate effectiveness of actions
must be risk based.
Section 6 – Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
quality objectives need to be established at relevant functions, levels and processes
these objectives should be:
consistent with the Quality Policy, measurable and take into account applicable requirements
relevant to conformity of products and services, and the enhancement of customer satisfaction
monitored, communicated and updated as appropriate
must determine what, how, who, when, etc
quality objectives must be documented.
Section 6 – Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
where change is needed, it needs to be carried out in a planned and systemic manner
must ensure integrity of QMS.
Section 7 - Support
Section 7 - Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
newly constructed clause
much of what was in 2008 Version Clauses 4,5 & 6
The support required to meet the organisation’s goals.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge
must provide resources for the implementation and maintenance of the QMS
must consider constraints of existing resources and what may be provided from external providers.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge
new clause
must determine and provide people necessary for effective information of QMS and operations/control of processes.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge
same as for previous Clause 6.3.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge
same as for previous Clause 6.4
note definition of work environment.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge
previous Clause 7.6 split into two clauses
determine resources needed to ensure valid and reliable monitoring and measuring results
resources must be suitable for the activity and maintained as fit for purpose
evidence of fit for purpose must be retained
other requirements for measuring equipment unchanged.
Section 7 - Support
7.1 Resources
7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation of processes
7.1.5 Monitoring and measuring resources
7.1.6 Organisational knowledge
new clause required to determine, maintain and make available the knowledge necessary for the operation of its processes and to achieve conformity of products and services
particular care required for changing need and trends.
7.1.6 Organisational Knowledge
Note:
organisational knowledge can include information such as intellectual property and lessons learned
may consider:
internal sources (eg learning from failures and successful projects, capturing undocumented knowledge and expert experience)
external sources (eg standards, training, conferences, knowledge from customers or providers).
-
Section 7 - Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
very similar to previous Clause 6.2.2
removal of providing ‘training’ to ‘competence’
documented information (record) must be obtained of competence.
Section 7 - Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
specific clause for awareness
must be aware of Quality Policy, quality objectives, contribution to effective QMS and implication of not conforming with QMS.
Section 7 - Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
much expanded clause for communication
must now determine what will be communicated internally and externally about the QMS, when, to whom, how and by whom.
Section 7 - Support
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
QMS needs documented information required by the Standard and as determined by the organisation
Note: the extent of documented information can differ from one organisation to another due to its size, activities, processes, products and services, complexity of processes and their interactions, and the competence of people.
Section 7 - Support
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
documented information requires:
identification and description
format and media
review and approval.
Section 7 - Support
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
combines previous Clauses 4.2.3 (documentation) and 4.2.4 (records).
Section 8 - Operation
Section 8 - Operation
8.1 Operational planning and control
8.2 Requirements for products and services
8.3 Design and development of products and services
8.4 Control of externally provided processes, products and services
8.5 Production and service provision
8.6 Release of products and services
8.7 Control of nonconforming outputs
covers many of the Product Realisation requirements contained in Clause 7 of the 2008 version
The heart of the management system
(the business).
Section 8 - Operation
8.1 Operational planning and control
similar to previous Clause 7.1
must plan, implement and control processes needed to meet requirements for the provision of products and services
must control planned changes and review unintended changes
any outsourced processes must be controlled.
Section 8 - Operation
    8.2 Requirements for products and services
8.2.1 Customer communication
8.2.2 Determining the requirements for products and services
8.2.3 Review of requirements for products and services
8.2.4 Changes to requirements for products and services
same as previous Clause 7.2.3
includes communicating with customers about handling and controlling their property, establishing contingency requirements, when relevant.
Section 8 - Operation
8.2 Determination of requirements for products and services
8.2.1 Customer communication
8.2.2 Determining the requirements for products and services
8.2.3 Review of requirements for products and services
8.2.4 Changes to requirements for products and services
same as previous Clause 7.2.1
plus the organisation must meet the claims of products or services it offers.
Section 8 - Operation
8.2 Determination of requirements for products and services
8.2.1 Customer communication
8.2.2 Determining the requirements for products and services
8.2.3 Review of requirements for products and services
8.2.4 Changes to requirements for products and services
combines previous Clauses 7.2.1 and 7.2.2
documented information required on results of the review and any new requirements.

Section 8 - Operation
8.3 Design and development of products and services
where the detailed requirements of the organisation’s products and services are not already established or not defined by the customer or by other interested parties, such that they are adequate for subsequent production or service provision, the organisation shall establish, implement and maintain a design and development process;
Section 8 - Operation
8.3 Design and development of products and services…cont
changes are mainly terminology and simplified wording
there is, however, a significantly increased focus on the role the customer has in all stages of the design process
the need for documented information to confirm appropriateness of all stages is also clearly stated
any changes made to design inputs and design outputs during the design and development must be clearly identified.
Section 8 - Operation
8.4 Control of externally provided processes, products and services
8.4.1 General
8.4.2 Type and extent of control
8.4.3 Information for external providers
changes are mainly terminology and revised wording (ie suppliers become ‘external providers!’)
much as before, each stage of the purchasing process, including evaluation, selection, performance monitoring and re-evaluation remains a key requirement
there is a significant increase in the steps needed to control external provision.
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
changes are mainly terminology and revised wording
the most significant change is the move of monitoring and measuring equipment to Section 7
reference to ‘changes and post delivery activities’ have been strengthened.
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
previous Clauses 7.5.1 and 7.5.2 combined.
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
no change.
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
no change.
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
no change.
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
new clause for post-delivery activities
a number of considerations are required.
Section 8 - Operation
8.5 Production and service provision
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
specific clause for control of changes to ensure continuing conformity
documented information must be retained describing the review of changes and any action arising.
Section 8 - Operation
8.6 Release of products and services
must verify that product and service requirements have been meet and evidence of conformity retained
release to customer does not proceed until the planned verification of conformity has been satisfactorily completed, unless otherwise approved by a relevant authority and by the customer
documented information to provide traceability to the person(s) authorising release for delivery to the customer.
Section 8 - Operation
8.7 Control of nonconforming outputs
similar to previous Clause 8.3
documented information required describing nonconformity, actions taken, any concessions and authority for taking action.
Section 9 – Performance Evaluation
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
Determining what is to be monitored, measured, analysed and evaluated will enable the organisation to determine ‘if the management system suitable, adequate and effective ?’
How performance of the QMS is evaluated.
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
must determine what needs to be monitored and measured, the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results
additionally, when the monitoring and measuring is to be performed and when the results from monitoring and measurement is to be analysed and evaluated
retain appropriate documented information as evidence of the results.
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
same as previous Clause 8.2.1.
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
information resulting from monitoring and measuring appropriate data should be analysed and evaluated
the results of analysis is to be used to evaluate seven specific criteria described.
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
same as previous Clause 8.2.2
split into two sub-clauses
still at planned intervals
evidence of internal audits and results must be documented.
Section 9 – Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
similar to previous Clause 5.6
still at planned intervals
clearer agenda items (inputs)
evidence of management review results must be documented.
Section 10 - Improvement
Section 10 - Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement
QMS must continually improve
nonconformities must be identified and reacted to
corrective action must be considered
Continual improvement remains a core focus of the QMS.
Section 10 – Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement
opportunities for improvement must be determined
action must be taken to meet customer requirements and enhance customer satisfaction:
improve products and service
correcting, preventing or reducing undesired effects
improve performance and effectiveness of the QMS.
Section 10 - Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement
nonconformities (including complaints) must be reacted to and applicable action taken
root cause analysis must be considered based on its significance
effectiveness of corrective action must be reviewed
change QMS if required
evidence of action taken from nonconformities must be documented
evidence of results of corrective action must be documented.
Section 10 – Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement
organisations must continually improve the suitability, adequacy and effectiveness of the QMS
must consider results of analysis and evaluation, and outputs from management review.
Annex A – Clarification
information on new structure, terminology and concepts.
Annex B – Other (informative)
other international standards on quality management and quality management systems developed by ISO/TC 176.
Summary of Changes
better format and ease for integration
increased emphasis of achieving value
enhanced leadership requirements
risk based thinking
documentation requirements
interested parties.
Any Questions?

No comments:

Post a Comment