Welcome

to

the workshop
on

Key changes, Interpretations

in

ISO 9001:2015
QMS Internal Auditor Training
Course

• Objective
• To equip:
– Participants with the competence and a framework to
help in interpreting the requirements of the ISO
9001:2015
– Discuss on generally on the areas of concern
 contents
• Session 1: Introduction
• Session 2: Major changes in standard,
• Session 3 : Road map
• Session 4 : Open session
 Session 1

• Introduction to Quality Management

– Formal quality management systems

– Benefits of a good QMS

– Models of ISO 9000

– QMS – Fundamentals and vocabulary

 Benefits of a good
QMS
• Improved business planning
• Greater quality awareness throughout the organisation
• Improved communication
• Higher customer satisfaction
• Reduced costs of non-quality
ISO 9001:2015 VS ISO 9001:2008
• Both old and new standards cover essentially
the same topics
• There are some important differences, namely:
– Structure of the standard
– Context of the organization
– Documented information
– Risk-based thinking
– Change management
– Planning of Objectives
 Structure of the standard
• High level structure
• The Clause sequence of ISO 9001:2015 is consistent with Annex SL
and includes:
– Specific QMS requirements considered essential to meet the scope of the
Standard

– Text to reflect the use of the quality management principles that form the
basis for ISO’s QMS standards

– Requirements and notes to clarify and ensure consistent interpretation and

implementation of the common text in the context of a QMS
ISO 9000 QMS: FUNDAMENTALS AND
VOCABULARY

• This Standard provides an essential background for

the proper understanding and implementation of ISO
9001

• The Standard is divided into two parts:

– Fundamentals

– Vocabulary (terms and definitions)

 The process approach
• The process-approach ensures:

 The understanding and fulfilment of requirements

 The need to consider processes in terms of added
value
 Obtaining results of process performance and
effectiveness
 The continual improvement of processes based on
objective measures
Schematic representation of the
elements of a single
PROCESS
 Plan-Do-Check-Act cycle &
continual improvement
Take actions to
Establish objectives
continually
necessary to
improve process
deliver results in
performance – Act Plan accordance
effectiveness and • How to • What to
with customer
efficiency improve do
next time? • How to requirements
do it and the
organisation's
Check Do policies
• Did things • Do what was
happen planned
Monitor and measure according to
plan? Implement the
processes and product
processes
against policies, objectives
and requirements
 PDCA cycle and ISO 9001:2015
Quality Management System (4)

Organization Support &

and its context Operation
(4) (7, 8)

PLAN DO Customer
satisfaction
Results of
Customer Planning Leadership Performance the QMS
requirements (6) (5) Evaluation
(9)
Products
ACT CHECK and Services

Needs and
Expectations of Improvement
Interested (10)
Parties (4)
 Documented information
• No distinction between documents and
records

• Both referred to as “documented information”

• Documented information refers to information

that must be controlled and maintained
 Risk-based thinking
• Risk is the effect of uncertainty on an expected result
• The new standard expects organizations to identify and
address the :
– Risks that could influence their ability to provide compliant
products and services and to satisfy customers
– Opportunities that could enhance their ability to provide
compliant products and services and to satisfy customers
• ISO 9001: 2015 makes risk-based thinking much more
explicit by incorporating it into requirements for the
establishment, implementation, maintenance and
continual improvement of the QMS
 ANNEX A
• With this new version the structure of the requirements for a QMS
have changed, as well as some of the terminology and
requirements
• It is important that you understand these changes to ensure that
any changes you make to your QMS meet the intent of the updated
terminology and concepts
• This is why the standard includes Annex A as part of the document
 Contents of Annex A
• A1 Structure and terminology
• A2 Product and service
• A3 Understanding the needs and expectations of
interested parties
• A4 Risk based thinking
• A5 Applicability
• A6 Documented information
• A7 Organizational knowledge
• A8 Control of externally provided processes,
products and services
 Importance of Annex A
• Annex A does not include any requirements for a QMS
• This part of the standard is there to better explain the
concepts that are included in the requirements
• Certification auditors also use this annex as a guide to
interpreting the standard
• By ensuring that you understand the requirements
well, you will know that any changes you make meet
the intention of the new concepts so that you do not
have a conflict during a re-certification audit
Important Tips when Implementing
• Look for the changes in every sub clause
• Consider changes in the formats
• Though there is no requirement of manual, use
the existing manual and amend
• Use the manual effectively
• Identify the benefits to the business and
implement
• Give more importance to Review, Improvements
when upgrading
 Implementation
• Identify – concept
• Review current understanding
• Review documentation and look for changes
• Look for benefits
• Focus more on Internal benefits than audit
compliances
 Session 2
• Interpretations and Implementation points
• Only significant changes are identified
CLAUSES, SCOPE AND APPLICATION OF
ISO 9001:2015
• ISO 9001 comprises 10 Clauses (in addition to the
Introduction):
– Introduction
– Scope
– Normative reference
– Terms and definitions
– Context of the organisation
– Leadership
– Planning for the quality management system
– Support
– Operation
– Performance evaluation
– Improvement
 4. CONTEXT OF THE ORGANIZATION (1)

4 CONTEXT OF THE ORGANIZATION

4.1 4.4
4.3
Understanding of the Quality management
Determining the scope
organization and its system and its
of the QMS
context processes

4.2
Understanding the
needs and
expectations of
interested parties
 Context of the organization
• ISO 9001:2015 expects you to understand your
organization's context before you establish its QMS
• Understand the organization’s:
– External environment
– Culture
– Values
– Performance
– Interested parties
 Context
• Identify factors affecting organization for each
internal and external issue
• The compilation can be simple table
• The compilation can also be in line with
Business plan
• The compilation can also be related to
organization profile
 Needs and Expectations of interested
parties
• Relevant to QMS the needs to be compiled
• This can be a simple matrix to begin with
• The method of compilation, review frequency
can be decided
• The documentation is important since the
review can easily be carried out
 QMS scope
• This is a short document and written at the beginning of the ISO
9001 implementation
• Its purpose is to define the boundaries of the QMS and to
determine to which parts of the organization the QMS applies
• Normally, it is a standalone document called Scope of the QMS,
although it can be merged into a Quality Manual
 QMS and Processes
• Identify processes
• Link the processes
• Define important aspects of process like – responsibility,
objective, monitoring , risks , sequence etc.

• Organization level process flow chart, interaction is

important
• Each process is expected to fulfill the requirements
specified in clause 4.4

• There need to be specific document related to how to

document process interaction
 Review of Clause 4
• Context is used to determine Business Environment
• Effective documentation here will be useful in reviews
• Clarity in the way documentation can be done
• The documentation will be useful to top management as reference
 5. LEADERSHIP (1)

5 LEADERSHIP

5.3
5.1
5.2 Organizational roles,
Leadership and
Policy responsibilities and
commitment
authorities
 5. Leadership (3)
• Top management is to:
– Promote improvement (5.1.1i)
– Support other managers to demonstrate leadership (5.1.1j)
– Demonstrate leadership and commitment to customer focus
(5.1.2)
– Establish, implement and maintain a quality policy that is
appropriate to the context and supports the strategic
direction (5.2.1)
– Ensure that responsibilities and authorities for roles are
assigned, communicated and understood including those for:
• Ensuring the QMS conforms to ISO 9001 (5.3a)
• Reporting on performance of QMS (5.3c)
• Promoting customer focus (5.3d)
– Review the QMS to ensure alignment with strategic direction
(9.3.1)
 Quality Policy
• The Quality Policy is intended to be a company’s
documented intention to comply with appropriate
requirements
• The policy is the focus for the company to work
toward and should readily convey the goal of the
organization
• It is a standalone document, but is often
documented in a Quality Manual and sometimes
posted throughout the organization
 Organizational Roles Responsibilities
and authorities
• The responsibility related to Management
Representative is same.
• The term Management representative is
removed
• This adds flexibility for the organization
• Organizations comfortable , can continue in
the same fashion
 Review of Clause 5
• Consideration to strategic direction, Accountability
• Communication method of Quality policy is added
• Though the Management representative word is removed, the role
is same. Flexibility added
• Better to continue with current practice if the system is stable
 6 PLANNING (1)

6 PLANNING

6.1 6.2
Actions to address Quality objectives and 6.3
risks and planning to achieve Planning of Change
opportunities them
 Risk and opportunities
• Risk is uncertainty to achieve the results
• Consideration of business environment, interested
parties, processes to define the associated risks
• Evaluate considering the extent of damage and prepare
action plan to counter the risk
• Keep simple matrix
• Can consider action plan from business plan , SWOT or
any other related document
• Effectiveness needs to be tracked in management
review
 Quality objectives and plans for
achieving them
• The requirements regarding setting the quality
objectives remained as they were in the previous
version of the standard
• They still need to be measurable and timed
• The standard now requires plans for achieving
the objectives
• The organization will have to assign
responsibilities and dedicate resources for
achieving the objectives
• These requirements can be met in separate
matrix covering all requirements
 Planning of changes
• Changes related to organization structure,
products, process , resources are significant
changes
• Consideration towards impact
• No specific documentation requirement
• This is the introduction to change management
process

• This can reflect in management review, business

planning
 Review of Clause 6
• Risk management is related to context,
interested party needs, and major processes
• Any method, format , documentation is
acceptable
• Planning of objectives is an important part
• Action plan on risk should be evident
• Any major change in system/ working should
be in line with 6.3 clause requirement.
 7 SUPPORT (1)

7 SUPPORT

7.5
7.1 7.3
Documented
Resources Awareness
information

7.2 7.4
Competence Communication
 7 Support (2)
• The resources needed for the establishment,
implementation, maintenance and continual
improvement of the QMS must be provided (7.1)
• The competence of personnel performing QMS roles
must be based on ‘appropriate education, training, or
experience’ (7.2)
• All those working under the organisation’s control
(internal and external) must be aware of, and comply
with, the policy and objectives (7.3)
 Internal and external communication must ensure that QMS requirements are met (7.4)
• Concepts of “documents” and “records” are merged
into documented information. Document control
applies to all documented information
 Organizational knowledge
• Knowledge is useful information and certainity
to be true
• There is no specific format, method
• It is important to initiate this process for long
term benefits
• Compilation of useful information as
explained in the notes is important
• Preferable to define- responsibility, method,
storage, retrieval circulation .
 Competence
• The aptitude of those who implement the quality plan needs to be
assessed against the requirements for the tasks
• Any deficiencies be addressed through personnel training,
exposure, outsourcing or reassignment
 Awareness
• The standard requires that everyone, not just those who administer
the QMS:

– Become familiar with its policies and objectives

– Know what they must do to achieve its goals,

– What happens if they do not adequately meet these requirements

 communication
• A formal plan and activities for informing the organization about
the QMS needs to include:

– Who needs to know about each specific plan element

– How and when that communication will take place

– Who is responsible for the information being transmitted

 Documented information
• It must include a means for proper description including its source,
purpose, change history, review/approvals and the method of
communicating
• A means must be provided to formally manage the documentation,
balancing the need for access versus security
• There must be a plan and approach governing documentation
dissemination
 Documented information
• Managing documented information is defined by many
requirements within clause 7.5
• Activities of approval, update, managing changes, and
ensuring that the relevant version of the document is
in use are best to be defined in a documented
procedure
• The company must also define rules to maintain its
records that show the QMS is implemented and
maintained including how they:
– Identify, store, and protect the records so that they can be
retrieved as necessary, for the correct amount of time, and
destroyed when no longer needed
 Review of Clause 7
• Note minor changes in terminology
• Competence can be based on experience also.
• Set the process for Knowledge
• Consider awareness to non complying to
process as a tool for improvement
 8 OPERATION (1)

8 OPERATION

8.3
8.1 8.5 8.7
Design and
Operational Production and Control of non-
development of
planning and service conforming
products and
control provision outputs
services

8.4
8.2 8.6
Control of externally
Requirements for Release of products
provided processes,
products and services and services
products and services
 Understanding the customer
• The standard prescribes numerous rules regarding:
– Communication with customers
– Determining requirements related to product and services
– Activities regarding review of these requirements
• The best way to conform to all these requirements is to
document them, together with responsibilities
• The only mandatory documented information here are:
– Records of reviewing requirements related to product and
service
– Information about new requirements for products and
services
Procedure for design and development
• Standard now gives very clear insights on what is expected in each
stage of design
• Every stage of the design and development process needs to be
documented in the form of a record
• Consider all the requirements regarding the design and
development process
• Document the procedure
• Define all mandatory records
control of externally provided processes, products & services (outsourced processes)

• Basically the Procedure for Purchasing and Evaluation of Suppliers (

more clarification on supplier, contractor)
• Purchasing process does not have to be documented
• Companies are required to establish control over its externally
provided processes, products and services
• The standard does require the criteria for evaluation, selection,
monitoring, and re-evaluation of the suppliers to be documented
 Procedure for production and service
provision
• Production and service provision processes to be under control in
terms of availability of necessary documented information about:
– Product or service characteristics
– Intended results
– Availability of needed resources
– Monitoring and measurement activities
 Post delivery
• Separated from earlier standard
• More emphasis on contractual obligations,
warranty , complaint handling after delivery
• Consideration till end of life is a new point-
which is critical for few products.
 Control of change
• The idea if there is a deviation in production
process but the product meets the
requirements
Then
• Changes to be authorized, and reviewed
• Changes to be recorded
 Control of NC product
• The concept is same with minor changes
• Consideration to impact of NC product is
added
• Guidelines on method of disposal
 Review of Clause 8
• Consider various clarifications in Design
stages, and realigning of sub clauses
• Consider Post delivery, control of change for
understanding and implement
• Minor changes in clause 8.2, 8.4, 8.5 with the
emphasis on prevention, proactive
communication
9 PERFORMANCE EVALUATION (1)

9 PERFORMANCE EVALUATION

9.1
Monitoring,
9.2 9.3
measurement,
Internal audit Management review
analysis and
evaluation
 Monitoring performance information
• The new version emphasizes the importance of measuring and
evaluation of QMS performance
• The organization needs to determine what should be monitored,
how, and when
• This does not have to be in one document – necessary monitoring
and measuring is usually included in related process procedures
• It is suggested to have an overview of key performance indicators
and their status in the form of a matrix of key performance
indicators
 Internal audit
• How do you audit your QMS to make sure that it is performing as
planned and is effective?
• Who is responsible for planning and carrying out the audits?
• How do you report the results, and what records are kept?
• How do you follow up on corrective actions noted in audits?
You must also keep records of these activities to show QMS
conformance and improvement
 Management review
• Inputs to the review to include:
– Changes in external and internal issues
– Information on performance and effectiveness of QMS
including:
• Trends in customer satisfaction and feedback from
interested parties
• Meeting of objectives
• Process performance and product / service conformity
• Nonconformity and corrective actions
• Results of monitoring and measurement
• Audit results
• Performance of external providers
– Adequacy of resources
– Effectiveness of actions to address risks and
opportunities
– Opportunities for improvement
 Management review
• Management review as a process now encompasses wider
perspective in the new ISO 9001:2015
• The mandatory inputs and outputs of the management review
have changed
• Top management should:
– Review internal and external issues, feedback on the changes in needs of
interested parties, relevant to the QMS,
– The effectiveness of actions taken to address risks and opportunities
– Review of objectives
 Management review (continued)

• There should be decisions regarding:

– Opportunities for improvement of the QMS
– Need for changes of the system
– Resources needed
– The best way to keep track of what needs to be
reviewed and the expected results is to document the
Procedure for Management Review
 Review of Clause 9
• Clarification on Customer satisfaction
• Better input for Management review
• Better clarity on various methods for
obtaining customer satisfaction
• New areas for analysis and Evaluation
 10 IMPROVEMENT (1)

10 IMPROVEMENT

10.2 10.3
10.1
Nonconformity and Continual
General
corrective action improvement
10.1 Improvement
• Determine the areas for improvements:
• Product
• Process
• System

• Determine the methods of improvements:

• Small improvements
• Innovations
• restructuring
 Review of clause 10
• Minor changes in NC, CA actions
• Types of improvements
• Areas for improvements are identified
 10.2 Nonconformity and corrective
action
• What actions are in place, and who is responsible for
making sure that a nonconformity is addressed?
• How do you ensure that corrections are made, and
what records are kept of the process?
• How do you review nonconformities, determine
causes, and evaluate the need for actions to prevent
reoccurrence?
• Deployment across
• How do you implement the necessary actions, review
that the actions were effective, and keep records of the
actions taken, update risk register?
10.3 continual Improvements
• Review the processes and data for
improvements
• Management review
• Internal audit
• Data analysis
 Roadmap for implementation
• Get management commitment
• Form a core team
• Get trained on awareness, Internal audits
• Review documents, and align if necessary
• Implement new areas- 7.1.6, 6.1, etc.
• Conduct internal audit
• Conduct management review
• Call SGS for upgrade
 How to approach
• Consider your upcoming audit
• Decide end date
• Refer all stages mentioned in previous slide
• Involve management,
• Prepare regular progress reports
• Certification is an on going journey towards
Excellence
 Session 4
• Open session
THANK YOU