Iso 9001 Risk

ISO 9001:2015 Overview & Guidance
1. 1. ISO 9001:2015 Presented by Ismail Latiff NURI CONSULTING & SERVICES

www.iso9001consultant.org imlatiff@gmail.com MALAYSIA NURI CONSULTING &
SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
2. 2. Learning objectives 1. What is the history of ISO 9001? 2. Why was ISO 9001:2008
revised to become ISO 9001:2015? 3. What are the main revisions contained in ISO
9001:2015? 4. What is the new process approach? 5. What are the benefits of implementing
the ISO 9001:2015? 6. What are the requirements of the ISO 9001:2015? 7. How to
establish or transition from ISO 9001:2008 to ISO 9001:2015 in your organization? NURI
CONSULTING & SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
3. 3. ISO 9001 HISTORY First published in 1987 First revision in 1994 Second revision in 2000
Third revision in 2008 Fourth revision in September 2015 NURI CONSULTING & SERVICES
www.iso9001consultant.org ismail@iso9001consultant.org Validity of certifications to ISO
9001:2008 One year after the publication of ISO 9001:2015 all accredited certifications
issued (new certifications or re-certifications) shall be to ISO 9001:2015. Three years after
publication by ISO of ISO 9001:2015, any existing certification issued to ISO 9001:2008 shall
not be valid.
4. 4. WHY WAS ISO 9001:2008 REVISED? All ISO standards must undergo review and
possible amendments by the assigned technical committee every 5 years To comply with
ISO Directive 2012 Annex SL To adapt to a changing world To enhance an organization's
ability to satisfy its customers To provide a consistent foundation for the future To reflect
the increasingly complex environments in which organizations operate To ensure the new
standard reflects the needs of all relevant interested parties To align with other
management systems NURI CONSULTING & SERVICES www.iso9001consultant.org
ismail@iso9001consultant.org
5. 5. MAIN REVISIONS OF ISO 9001:2015 1. The structure or format of the ISO 9001:2015
now follows Annex SL, ISO Directive 2012 2. The standard is now based on 7 quality
principles (ISO 9000:2015) as opposed to 8 in ISO 9001:2008 3. Normative reference is now
ISO 9000:2015 4. Introduction of RISK-BASED THINKING (RBT) into the quality
management system 5. The terms product and service are now distinguished from each
other 6. Organizations will now have to understand their external and internal environments,
identify associated risks and opportunities and take appropriate actions NURI CONSULTING
& SERVICES www.iso9001consultant.org ismail@iso9001consultant.org
6. 6. 7. Organizations will now have to identify and meet the needs and expectations of
interested parties, not just their customers and regulatory bodies 8. The scope of the quality
management system (QMS) will now have to encompass an organizations internal and
external contexts, and needs and expectations of interested parties 9. Documents and
records are now collectively referred to as documented information 10. Freedom in deciding
what procedures are to be documented to ensure effectiveness 11. More emphasis on top
managements responsibility and accountability 12. The requirement for a Management
7.
8.
9.
10.
11.
12.
13.
Representative is now deleted 13. Organizational knowledge and monitoring and measuring
equipment are now considered as resources that need to be managed NURI CONSULTING
7. 14. Communication requirements now cover both external and internal communications
and they need to be defined 15. The determination of customer requirements now includes
contingencies 16. Suppliers are now known as external providers 17. The scope of supply
from suppliers that need to be controlled include outsourced processes, products and
services 18. Preservation of customers property now includes external providers 19.
Introduction of post delivery activities requirements 20. Preventive action clause is now
deleted 21. Corrective actions must now include analyzing the possibility of the same
nonconformity occurring elsewhere or already occurring NURI CONSULTING & SERVICES
www.iso9001consultant.org ismail@iso9001consultant.org
8. Structure ISO 9001:2008 versus ISO 9001:2015 ISO 9001:2008 1. Scope 2. Normative
references 3. Terms and definitions 4. Quality management system 5. Management
responsibility 6. Resource management 7. Product realization 8. Measurement, analysis and
improvement NURI CONSULTING & SERVICES www.iso9001consultant.org
ismail@iso9001consultant.org ISO 9001:2015 1. Scope 2. Normative references 3. Terms
and definitions 4. The organization and its context 5. Leadership 6. Planning 7. Support 8.
Operation 9. Performance evaluation 10. Improvement
9. ISO 9001:2015 MODEL NURI CONSULTING & SERVICES www.iso9001consultant.org
10. ISO 9001:2008 MODEL NURI CONSULTING & SERVICES www.iso9001consultant.org
11. QUALITY PRINCIPLES ISO 9001:2008 VERSUS ISO 9001:2015 ISO 9001:2008 1.
Customer focus 2. Involvement of people 3. Process approach 4. System approach to
management 5. Continual improvement 6. Factual approach to decision making 7. Mutually
beneficial supplier relationships NURI CONSULTING & SERVICES
www.iso9001consultant.org ismail@iso9001consultant.org ISO 9001:2015 1. Customer
focus 2. Leadership 3. Engagement of people 4. Process approach 5. improvement 6.
Evidence-based decision making 7. Relationship management
12. The new process approach to quality management ISO 9001:2015 employs the
process approach, which incorporates the Plan-Do-Check-Act (PDCA] cycle and risk-based
thinking The process approach involves the systematic definition and management of
processes, and their interactions, so as to achieve the intended results in accordance with
the quality policy and strategic direction of the organization Management of the processes
and the system as a whole can be achieved using the PDCA cycle with an overall focus on
risk-based thinking aimed at taking advantage of opportunities and preventing undesirable
results NURI CONSULTING & SERVICES www.iso9001consultant.org
13. Risk-based thinking is essential for achieving an effective quality management system
The concept of risk-based thinking has been implicit in previous editions of ISO 9001. For
example, carrying out preventive action to eliminate potential nonconformities, analyzing any
nonconformities that do occur, and taking action to prevent recurrence that is appropriate for
14.
15.
16.
17.
18.
19.
the effects of the nonconformity NURI CONSULTING & SERVICES

14. Benefits of implementing ISO 9001:2015 Your organization will be able to Consistently
provide products and services that meet customer and applicable statutory and regulatory
requirements Facilitate opportunities to enhance customer satisfaction Address risks and
opportunities associated with your organizations context and objectives Demonstrate
conformity to specified quality management system requirements NURI CONSULTING &
15. Introduction The ISO 9001:2015 provides a framework for any organization to achieve
the following goals: 1. Be able to demonstrate its ability to consistently provide products and
services that meet customer and applicable statutory and regulatory requirements, and 2. Be
able to enhance customer satisfaction through the effective application of the system,
including processes for improvement of the system and the assurance of conformity to
customer and applicable statutory and regulatory requirements. NOTE: The terms "product"
or "service" only apply to products and services intended for, or required by the customers
NURI CONSULTING & SERVICES www.iso9001consultant.org
16. For the purposes of ISO 9001:2015, the terms and definitions given in ISO 9000:2015
shall apply In ISO 9001:2015 lingo, the following applies: "shall" indicates a requirement
"should" indicates a recommendation "may" indicates a permission "can" indicates a
possibility or a capability information marked as "NOTE" is for guidance in understanding or
clarifying the associated requirement NURI CONSULTING & SERVICES
17. TERMS AND DEFINITIONS Quality is defined as the degree to which a set of inherent
characteristics fulfills requirements Management is a set of coordinated activities to direct
and control an organization A system is a set of interrelated or interacting elements A
process is a set of interrelated or interacting activities which transforms inputs into outputs
Risk is the effect of uncertainty Nonconformity is the failure to fulfill a requirement
Objective is the result to be achieved NURI CONSULTING & SERVICES
18. Correction is the action taken to eliminate a detected nonconformity Corrective action
is the action taken to eliminate the cause of a detected nonconformity Audit is a systematic,
independent and documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit criteria are fulfilled Objective evidence is
the data supporting the existence or verity of something Interested party is the person or
organization that can affect, be affected by, or perceive themselves to be affected by a
decision or activity Requirement is the need or expectation that is stated, generally implied
or obligatory NURI CONSULTING & SERVICES www.iso9001consultant.org
19. LETS GET STARTED To fulfill ISO 9001:2015 requirements, top management will need
to do the following: NURI CONSULTING & SERVICES www.iso9001consultant.org
20. 20. Define the context of the organization in terms of 1. Issues within its external and internal
environments 2. Needs and expectations of interested parties 3. Scope of the quality
management system 4. Quality management system and its processes NURI CONSULTING
21. 21. Demonstrate leadership and commitment by 1. Taking accountability for QMS 2.
Establishing and communicating the quality policy and objectives 3. Integrating QMS
requirements into existing business processes 4. Promoting the use of process approach
and risk-based thinking 5. Providing resources 6. Communicating the importance of
conforming to QMS requirements 7. Ensuring the QMS achieves its intended results 8.
Engaging, directing and supporting persons to contribute to the effectiveness of the quality
management system NURI CONSULTING & SERVICES www.iso9001consultant.org
22. 22. 9. Promoting improvement 10. Supporting other management roles to demonstrate their
leadership within their areas of responsibility 11. Ensuring that customer and applicable
statutory and regulatory requirements are determined, understood and consistently met 12.
Ensuring that all risks and opportunities that can affect conformity of products and services
and the ability to enhance customer satisfaction are determined and addressed 13. Ensuring
the focus on enhancing customer satisfaction is maintained 14. Determining organizational
roles, responsibilities and authorities NURI CONSULTING & SERVICES
23. 23. Ensure that the quality policy 1. Is appropriate to the purpose and context of the
organization and supports its strategic direction 2. Provides a framework for setting quality
objectives 3. Includes a commitment to satisfy applicable requirements 4. Includes a
commitment to the continual improvement of the QMS 5. is available to interested parties as
appropriate NURI CONSULTING & SERVICES www.iso9001consultant.org
24. 24. Ensure that quality objectives 1. Are consistent with the quality policy 2. Are measurable
3. Take into account applicable requirements 4. Are relevant to conformity of products and
services and to the enhancement of customer satisfaction 5. Are monitored 6. Are
communicated 7. Are updated as appropriate 8. Have action plans in terms of what will be
done, what resources will be required, who will be responsible, when ii will be completed and
how the results will be evaluated NURI CONSULTING & SERVICES
25. 25. Plan the QMS by 1. Taking actions to address the identified risks and opportunities within
the organization's external and internal environments, including associated needs and
expectations of interested parties 2. Establishing quality objectives and associated action
plans at relevant functions, levels and processes 3. Control all changes that can have an
impact on the QMS NURI CONSULTING & SERVICES www.iso9001consultant.org
26. 26. Support the QMS by 1. Determining and providing necessary resources such as people,
infrastructure, conducive work environment, monitoring and measuring equipment and
organizational knowledge 2. Taking actions to ensure that the workforce is competent on the
basis of appropriate education, training or experience 3. Ensuring that everyone is aware of
27.
28.
29.
30.
31.
the quality policy and objectives, how they contribute towards the QMS and consequences of
deviating from the quality plan 4. Determining what information needs to be communicated
with internal and external parties 5. Implementing effective control of documented information
used within the QMS NURI CONSULTING & SERVICES www.iso9001consultant.org
27. Implement the following controls over documented information 1. All documents shall
have a title, date of issue, version number, distribution and access list and the authors name.
Note: Reference numbers may be assigned 2. All new and amended documents shall be
reviewed and approved for adequacy and suitability prior to distribution and use 3. Approved
documents shall be made available at their points of use and protected from loss of
confidentiality, improper use or loss of integrity 4. Obsolete documents shall be removed from
circulation 5. Records shall be labeled adequately and their legibility preserved 6. Records
retention periods shall be defined and prior approval shall be obtained before any disposal
can take place 7. Records shall be safely stored and protected from any tampering 8.
External documents shall be identified and updated as necessary NURI CONSULTING &
28. 1. Determining the requirements for the products and services 2. Establishing criteria for
the processes and the acceptance of products and services 3. Determining the resources
needed to achieve conformity to the product and service requirements 4. Implementing
control of the processes in accordance with the criteria 5. Determining and keeping
documented information in order to have confidence that the processes have been carried
out as planned and demonstrate the conformity of products and services to their
requirements NURI CONSULTING & SERVICES www.iso9001consultant.org
ismail@iso9001consultant.org Plan and control operations by
29. 1. Providing information relating to products and services 2. Handling enquiries, contracts
or orders, and changes 3. Obtaining customer feedback relating to products and services,
including customer complaints 4. Handling or controlling customer property 5. Planning for
contingencies, when relevant NURI CONSULTING & SERVICES www.iso9001consultant.org
ismail@iso9001consultant.org Establish customer communication processes for
30. 1. Customer requirements 2. Any applicable statutory and regulatory requirements 3.
Other requirements considered as necessary NURI CONSULTING & SERVICES
www.iso9001consultant.org ismail@iso9001consultant.org Ensure that the following
requirements related to products and services are defined
31. 1. Review all requirements specified by the customer, including the requirements for
delivery and post-delivery activities 2. Review all requirements not stated by the customer,
but necessary for the specified or intended use, when known 3. Review all internal
requirements specified by the organization 4. Review all statutory and regulatory
requirements applicable to the products and services 5. Resolve all differences 6. Get
confirmation on all requirements when the customer does not provide a documented
statement of their requirements NURI CONSULTING & SERVICES
www.iso9001consultant.org ismail@iso9001consultant.org Implement the following before
committing to the customer
32. 32. 1. Nature, duration and complexity of the design and development activities 2. Functional
and performance requirements 3. Information derived from previous similar design and
development activities 4. Statutory and regulatory requirements 5. Standards or codes of
practice that has been committed to 6. Potential consequences of failure due to the nature of
the products and services 7. Required process stages, including applicable design and
development reviews 8. Required design and development verification and validation
activities NURI CONSULTING & SERVICES www.iso9001consultant.org
ismail@iso9001consultant.org Control the design and development of products and services
by considering the
33. 33. 9. Responsibilities and authorities involved in the design and development process 10.
Internal and external resource needs for the design and development of products and
services 11. Need to control interfaces between persons involved in the design and
development process 12. Need for involvement of customers and users in the design and
development process 13. Requirements for subsequent provision of products and services
14. Level of control expected for the design and development process by customers and
other relevant interested parties 15. Documented information needed to demonstrate that
design and development requirements have been met NURI CONSULTING & SERVICES
34. 34. 1. Establishing processes for the evaluation, selection, monitoring and re-evaluation of
external providers based on their ability to fulfill purchase requirements 2. Determining the
type and extent of control to be applied to external providers 3. Providing adequate and
accurate purchase and control information to external providers NURI CONSULTING &
SERVICES www.iso9001consultant.org ismail@iso9001consultant.org Control the
purchasing process by
35. 35. 1. Making available documented information that defines the characteristics of the
products to be produced, the services to be provided, the activities to be performed and the
results to be achieved 2. Using suitable monitoring and measuring resources 3.
Implementing monitoring and measurement activities at appropriate stages to verify that
criteria for control of processes or outputs and acceptance criteria for products and services
have been met 4. Using suitable infrastructure and environment for the operation of
processes 5. Appointing competent persons, including any required qualification NURI
Control production and service provisions by
36. 36. 6. Validating and revalidating the ability to achieve planned results of the processes for
production and service provision, where the resulting output cannot be verified by
subsequent monitoring or measurement 7. Implementing actions to prevent human error 8.
Ensuring identification and traceability of products and services 9. Safeguarding property
belonging to customers and external providers 10. Preserving outputs to ensure conformity
of products and services 11. Implementing necessary post-delivery activities 12. Controlling
and documenting changes within the production and service provisions 13. Controlling and
documenting the release of products and services 14. Controlling and documenting all
nonconforming outputs NURI CONSULTING & SERVICES www.iso9001consultant.org
37. 37. Evaluate QMS performance by 1. Monitoring and measuring key process indicators 2.
Monitoring and measuring customer satisfaction levels 3. Analysing and evaluating all
gathered data 4. Implementing internal audits 5. Reviewing the QMS performance and
making decisions with regards to opportunities for improvement, changes to the QMS and
resource needs NURI CONSULTING & SERVICES www.iso9001consultant.org
38. 38. Improve the QMS by 1. Controlling nonconformities including their consequences and
applying corrective actions to them 2. Identifying opportunities for improvement and taking
actions to improve the products, services and the QMS processes in terms of suitability,
adequacy and effectiveness NURI CONSULTING & SERVICES www.iso9001consultant.org
39. 39. HOW TO GO ABOUT IMPLEMENTING THE ISO 9001:2015? FOR ISO 9001:2008
CERTIFIED COMPANIES Get a consultant to assist your organization in the transition, or
DIY Carry out a gap analysis on your ISO 9001:2008 QMS based on the ISO 9001:2015
criteria and then plan how you are going to fill those gaps Review your Policy, Manual and
SOPs to ensure they meet relevant ISO 9001:2015 requirements Induct everyone into the
new QMS Train your internal auditors on the ISO 9001:2015 requirements Carry out your
internal audit based on the ISO 9001:2015 criteria Carry out your management review of
the QMS performance and effectiveness, including the internal audit results Schedule a recertification audit with your Certification Body or Registrar FOR NON ISO 9001:2008
CERTIFIED COMPANIES Get a consultant to lead the QMS development project NURI
40. 40. Get in touch For in-house awareness training For in-house internal auditors training
For documenting your QMS Contact Leo at imlatiff@gmail.com NURI CONSULTING &

Iso 9001 Risk

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iso 9001 Risk

Uploaded by

Copyright:

Available Formats

ISO 9001:2015 Overview & Guidance

1. 1. ISO 9001:2015 Presented by Ismail Latiff NURI CONSULTING & SERVICES

the effects of the nonconformity NURI CONSULTING & SERVICES

You might also like