FNL Awareness 9001 - 15
FNL Awareness 9001 - 15
FNL Awareness 9001 - 15
1
Contents
1. Introduction: About ISO
2. Revision of Quality principles
3. Annex SL
4. Main Outlines
5. ISO 9001-2015 Structure
6. Terms & Definition Highlights
7. ISO 9001-2015 Requirements Highlights
2
1-About ISO
4
ISO 9001 revisions since beginning
1994
2000
1987 Revisions
2008
2015
9001-2008
6
9001-2015
4. Process
Approach
7
Comparison of Principles
Ser ISO 9001:2008 ISO 9001:2015
1 Customer Focus Customer Focus
2 Leadership Leadership
3 Involvement of People Engagement of People
4 Process Approach Process Approach
5 System Approach
8
ISO 9001: 2008 is based on 8 principles.
ISO 9001:2015 is based on 7 in line with the recent revision
of the Quality Management Principles
The main changes are :
Dropping “Principle 5: System approach to management” because it is
already covered by the act of having a quality management system).
The last principle is referred to as 'Relationship Management', replacing
"Mutually beneficial supplier relationships".
Changed from "continual improvement" to just "improvement".
9
1- Customer Focus
• The primary focus of quality management is to meet
customer requirements and to strive to exceed
customer expectation
2- Leadership
• Leaders at all levels establish unity of purpose and
direction and create conditions in which people are
engaged in achieving the quality objectives of the
organization
3- Engagement of People
• It is essential for the organization that all people are
competent, empowered and engaged in delivering
value
10
4- Process Approach
• Consistent and predictable results are achieved more
effectively and efficiently when activities are
understood and managed as interrelated processes
that function as a coherent system
5- Improvement
• Successful organizations have an ongoing focus on
improvement
7- Relationship Management
• For sustained success, organizations manage their
relationships with interested parties, such as suppliers
11
3-Annex SL
Annex SL, however, is not for management standards to have a “same look” only.
More to that, it re-enforces what is referred to as same “feel”.
This brings the ISO 9001 standard into line with ISO's new harmonized and consistent
structure
Hoped to facilitate the integration of the different ISO standards and the
development of integrated MS. Having a uniform structure as the basis of certification
for MS will more likely improve the comprehensibility of standards and make
combined certification more efficient.
12
Based on the assumption, however, that Annex SL is not a static framework, but
allows a change, prompted by the subject specific area of regulation, quality
specific aspects have been added in the draft version. For example, planning
of changes has been added to Annex SL (now Clause 6.3.) This has been stated
to reflect the „recognition“ in the quality world that things change.
The revised standard comes with an uniformity of terms. Common terms and
definitions are in use now, that are the same across all management systems
standards.
This change will benefit those clients who have implemented or planned to
implement multiple ISO management systems e.g. ISO 9001 and ISO 14001. As
the trend for these two standards will be using Annex SL as the basic structure, it
will be easier to integrate multiple management systems.
14
Further to the ISO/IEC Directives using the term “products and services", ISO/DIS
9001:2015 has replaced “product” with “products and services”.
This is to make it more generic and applicable to organizations of any kind, i.e. in
the service fields, and remove the existing bias towards companies that deal with
physical products
“Purchasing” and “outsourcing” are now replaced by “external provision of goods
and services”. Clause 8.6 Control of External Provision of products and Services
addresses all forms of external provision, whether it is by purchasing from a supplier,
through an arrangement with an associate company, through the outsourcing of
processes and functions of the organization, or by any other means. The
organization is required to take a risk-based approach to determine the type and
extent of controls appropriate to each external provider and all external provision
of goods and services.
The developments in the technology give rise to enhancements in processes that
deal with Knowledge Management, Technology and changes in Infrastructure
and Communications.
In recognition of the above, ISO/DIS 9001:2015 has introduced the new concept of
knowledge (Section 7.1.5). It relates to how organizations understand, maintain
and deal with knowledge. 15
In line with Annex SL Appendix 2 , ISO/DIS 9001:2015 contains general
requirements for documentation only, with no reference to documented quality
manual, documented procedures or to quality records. 'Documented
information' now replaces both procedures and records which seems to be
more accepting of electronic documents and document control approaches.
Consequently the terms “document” and “record” have both been replaced
throughout the requirements text by “documented information.”
Document control (ISO 9001:2008 Clause 4.2.3) and record control (Clause 4.2.4)
procedures do not exist anymore. Nill mandatory procedures are required by the
new version.
Risk is the effect of uncertainty on an expected result and the concept of risk-
based thinking has always been implicit in ISO 9001. This International Standard
makes risk-based thinking more explicit and incorporates it in requirements for
the establishment, implementation, maintenance and continual improvement
of the quality management system.
18
5- ISO 9001:2015 Structure
Clause Description
1 Scope
2 Normative References
9 Performance Evaluation
10 Improvement
19
20
21
Model of a process-based quality management system,
showing the links to the clauses of ISO 9001:2015
6- Terms & Definition Highlights
23
3.09 Risk
Effect of uncertainty on an expected result
Note 1 : An effect is a deviation from the expected — positive or negative
Note 2 : Uncertainty is the state, even partial, of deficiency of information related
to, understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 : Risk is often characterized by reference to potential “events” (as defined
in ISO Guide 73:209, 3.5.1.3) and “consequences” (as defined in ISO Guide 73:2009,
3.6.1.3), or a combination of these.
Note 4 : Risk is often expressed in terms of a combination of the consequences of
an event (including changes in circumstances) and the associated “likelihood” (as
defined in ISO Guide 73:2009, 3.6.1.1) of occurrence.
Note 5 : The term “risk” is sometimes used when there is only the possibility of
negative consequences
24
Risks in ISO 9001:2015
• 4.4.f “the risk and opportunities in accordance….
Note 1: Documented information can be in any format and media and from any
source.
Note 2: Documented information can refer to the:
• Quality management system, including related processes
• Information created in order for the organization to operate
• Evidence of results achieved (records)
3.13 Performance
Measurable result
Note 1: Performance can relate either to quantitative or qualitative findings.
Note 2: Performance can relate to the management of activities, processes,
products, services, systems or organizations.
26
3.14 Outsource (Verb)
Make an arrangement where an external organization performs part of an
organization’s function or process.
29
6.1 Actions to address risks and opportunities
When planning for the quality management system, the organization shall consider the
issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and
opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) prevent, or reduce, undesired effects;
c) achieve continual improvement.
N.B.
There is no requirement in ISO 9001 to use a formal risk assessment method however there
needs to be some consideration of risk qualitatively.
The extent and level of risk assessment will depend on the nature and type of business.
ISO 31010 provides information of risk assessment techniques that can be used but it is
down to the organization to determine the best way to evaluate risk and opportunities for
themselves, depending on the nature and complexity of the organizations processes and
operations, size, resources available etc.
30
6.1.2 The organization shall plan:
a) actions to address these risks and opportunities;
b) how to:
1) integrate and implement the actions into its quality management system
processes (see 4.4);
2) evaluate the effectiveness of these actions.
Actions taken to address risks and opportunities shall be proportionate to the
potential impact on the conformity of products and services.
NOTE: Options to address risks and opportunities can include: avoiding risk, taking risk in
order to pursue an opportunity, eliminating the risk source, changing the likelihood or
consequences, sharing the risk, or retaining risk by informed decision.
7.1.2 People
To ensure that the organization can consistently meet customer and applicable
statutory and regulatory requirements, the organization shall provide the persons
necessary for the effective operation of the quality management system, including
the processes needed.
7.1.3 & 7.1.4
Infrastructure and Environment for the operation of processes are rephrased and
clearly emphasised.
32
7.1.6 Organizational knowledge
The organization shall determine the knowledge necessary for the operation of its
processes and to achieve conformity of products and services.
This knowledge shall be maintained, and made available to the extent
necessary. When addressing changing needs and trends, the organization shall
consider its current knowledge and determine how to acquire or access the
necessary additional knowledge.
-NOTE 1 Organizational knowledge can include information such as intellectual
property and lessons learned.
-NOTE 2 To obtain the knowledge required, the organization can consider:
a) internal sources (e.g. learning from failures and successful projects, capturing
undocumented knowledge and experience of topical experts within the
organization);
b) external sources (e.g. standards, academia, conferences, gathering
knowledge with customers or providers).
33
7.2 Competence
7.3 Awareness
Persons doing work under the organization’s control shall be aware of:
a) the quality policy;
b) relevant quality objectives;
c) their contribution to the effectiveness of the quality management system,
including the benefits of improved quality performance;
d) the implications of not conforming with the quality management system
requirements.
7.4 Communication
Communication is important for both internal and external stakeholders and
an organization must develop a communication plan. It is important to decide
who will own the communication and ensure that they have the appropriate
authority, competence and knowledge.
The communication plan can include a variety of mediums including briefings,
meetings, seminars, conferences and knowledge
34
7.5 Documented information The organization’s quality management system shall
include
a) documented information required by this International Standard;
b) documented information determined by the organization as being necessary
for the effectiveness of the quality management system.
NOTE: The extent of documented information for a quality management system
can differ from one organization to another.
The organization shall maintain documented information to the extent necessary to support the
operation of processes and retain documented information to the extent necessary to have confidence
that the processes are being carried out as planned.
It means that:
Documented process is really needed
7.5.2 Creating and updating
7.5.3 Control of documented Information
No mandatory manual or procedure is referred!
No obligation for ANY procedures –BUT what it does ask _ is to show control. The
organization needs to demonstrate that it has identified areas and can control
the outcomes. 35
8.7 Control of nonconforming process outputs, products and services
More detailed requirements on dealing with non conforming product
The organization shall retain documented information of actions taken on
nonconforming process outputs, products and services, including
on any concessions obtained and on the person or authority that
made the decision regarding dealing with the nonconformity.
36
9.1.1 General
The organization shall determine:
a) what needs to be monitored and measured;
b) the methods for monitoring, measurement, analysis and evaluation, as
applicable, to ensure valid results;
c) when the monitoring and measuring shall be performed;
d) when the results from monitoring and measurement shall be analysed and
evaluated. The organization shall ensure that monitoring and measurement
activities are implemented in accordance with the determined requirements and
shall retain appropriate documented information as evidence of the results.
37
9.1.3 Analysis and evaluation
The organization shall analyse and evaluate appropriate data and information
arising from monitoring, measurement and other sources.
The output of analysis and evaluation shall be used to:
a) demonstrate conformity of products and services to requirements;
b) assess and enhance customer satisfaction;
c) ensure conformity and effectiveness of the quality management system;
d) demonstrate that planning has been successfully implemented;
e) assess the performance of processes;
f) assess the performance of external provider(s);
g) determine the need or opportunities for improvements within the quality
management system
38
10 Improvement
The organization shall determine and select opportunities for improvement and
implement necessary actions to meet customer requirements and enhance
customer satisfaction.
This shall include, as appropriate:
a) improving processes to prevent nonconformities;
b) improving products and services to meet known and predicted requirements;
c) improving quality management system results.
39
10.2 Nonconformity and corrective action
When a nonconformity occurs, including those arising from complaints, the
organization shall:
a) react to the nonconformity, and as applicable:
1) take action to control and correct it;
2) deal with the consequences;
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in
order that it does not recur or occur elsewhere, by:
1) reviewing the nonconformity;
2) determining the causes of the nonconformity;
3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) make changes to the quality management system, if necessary.
40
10.3 Continual improvement
The organization shall continually improve the suitability, adequacy, and
effectiveness of the quality management system.
41
THANK YOU
42