1. ISO 9001:2015 Revision Overview
Presented by Katie Freeman, Quality Management Systems Specialist, of
the Iowa Quality Center
2. Key Perspectives
ISO 9001 needs to change in order to:
Adapt to a changing world
Enhance an organization’s ability to satisfy its customers
Provide a consistent foundation for the future
Reflect the increasingly complex environments in which organizations operate
Ensure the new standard reflects the needs of all interested parties (the variation
of the organizations who now use ISO 9001 such as service, government, and
education system)
Integrate with other management systems
3. Benefits of the changes in 9001
Engaging with a wider range of organizations
Employs the language of the user of the standard
Leadership involvement
Customer requirements focus
Efficiency of a common structure
Risk-based thinking
Supply chain management
4. What are the benefits to the user?
Increased risk control
Better cost control
Improved morale and motivation
Customer retention and loyalty
Interested party messaging
Improved image and reputation
Credibility
Ability to respond quickly
Improved customer satisfaction
Improvement
5. Conceptual Changes
Emphasis on:
Greater focus on the customer
Risk-based thinking
Aligning QMS policy and objectives with the strategy of an organization
Greater flexibility with documentation
6. Conceptual Changes: Broken down
Quality Principles – slight change
High level structure (HLS) and terms/definitions
More compatible with services
Clearer understanding of the organization’s context is required, “one size
doesn’t fit all”
Introduction of “interested parties”
Process approach strengthened/more explicit
Concept of preventive action now addressed throughout the standard by risk and
opportunity identification (risk-based thinking)
The term documented information replaces the terms document and record
Control of externally provided products and services replaces
purchasing/outsourcing
7. Quality Management Principles
There were 8 principles There are now 7
Customer focus Customer focus
Leadership Leadership
Involvement of people Engagement of people
Process approach Process approach
System approach to management (Included in the process approach)
Continual improvement Improvement
Factual approach to decision making Evidence based decision making
Mutually beneficial supplier
relationships
Relationship management
9. Key Points:
ISO 9001 & ISO 9004 are based on 7 quality management principles:
Customer Focus: The primary focus of quality management is to meet customer requirements and to
strive to exceed customer expectations.
Leadership: Leaders at all levels establish unity of purpose and direction and create conditions in
which people are engaged in achieving the organization’s quality objectives.
Engagement of People: Competent, empowered and engaged people at all levels throughout the
organization are essential to enhance the organization’s capability to create and deliver value.
Process Approach: Consistent and predictable results are achieved more effectively and efficiently
when activities are understood and managed as interrelated processes that function as a coherent
system.
Improvement: Successful organizations have an ongoing focus on improvement.
Evidence-based Decision Making: Decisions based on the analysis and evaluation of data and
information are more likely to produce desired results.
Relationship Management: For sustained success, organizations manage their relationships with
relevant interested parties, such as providers (suppliers).
10. High Level Structure (HLS)
A new common format has been developed:
All ISO management systems standards will look the same structurally
More efficient to address multiple management system requirements
Facilitate the option of having one integrated management system
Standardized core definitions
11. High Level Structure (HLS)
ISO 9001:2015 Summary of Requirements
4.0
Context of the organization
• Need to define the organization’s “purpose, scope, environment, systems and interested parties”
• Expect the QMS to focus on “risks and threats”
5.0
Leadership
• “Roles and responsibilities” need defining
• “Policies and objectives” need to be established
• Similar to current Section 5 (ISO 9001:2008) but no “management representative”
6.0
Planning
• Focus on how to address “risks” and “opportunities”
• Included are “structured planning processes”, planning for change, and clear planning objectives”
7.0
Support
• Includes sections on “infrastructure, work environment, and control of monitoring and measuring
equipment.”
• Includes terms focused on “competence, awareness, communication” and a new concept called
“knowledge”
• “Documented information” is in this section; “quality manual” and “documented procedures” are not
specified.
8.0
Operation
• This is the current (9001:2008) clause 7.0 Product Realization plus non-conforming product (8.3)
• Clause 8.5 is a new version of the current 7.3 (Design and Development)
9.0
Performance evaluation
• This clause includes “monitoring, measuring, analysis and evaluation”
• “Internal audits, management review and customer satisfaction perception” are in this section
10.0
Improvement
• Focus on the improvement of “suitability, adequacy, and effectiveness”
• “Corrective action” identified
• “Preventative action” and the term “continual improvement” is not in the CD draft
12. A deeper look at Risk in 9001:2015
What is “risk-based thinking”?
Risk-based thinking is something we all do automatically and often subconsciously to get the best result
The concept of risk has always been implicit in ISO 9001 – this revision makes it more explicit and builds
it into the whole management system
Risk-based thinking ensures risk is considered from the beginning and throughout the process approach
Risk-based thinking makes preventive action part of strategic planning
3.7.9 risk - effect of uncertainty
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information (3.8.2) related to,
understanding or knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential events (as defined
in ISO Guide 73:2009, 3.5.1.3) and consequences (as defined in ISO Guide 73:2009, 3.6.1.3), or a
combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event
(including changes in circumstances) and the associated likelihood (as defined in ISO Guide 73:2009,
3.6.1.1) of occurrence.
Note 5 to entry: The word “risk” is sometimes used when there is the possibility of only negative
consequences.
13. Key points:
The organization shall identify external and internal issues (factors):
• That affect an organization’s ability to achieve intended results
• That are relevant to an organization’s purpose and strategic direction
The context may take into account several attributes, for example:
1. Market sector where products or services are provided
2. Business environment, including competition
3. Internal factors
4. External factors
5. Business conditions
6. Customers served
Those things that can have an effect on a business’ approach to its products, services,
investments, interested parties, goals, strategies, risks, opportunities, etc.
Understanding the Organization and its
context
14. 1. Work with your assigned group
2. Develop a statement that represents the context (who you are, what you do, where
you’re going) of your organization.
3. Discussion:
What is it about your organization (its context) that impacts the way you create and
manage your QMS – what do you and your interested parties really need? Are your
products: life-saving medical devices or plastic bottles? Other examples considered as
part of context: knowledge workers vs. rote workers; large, complex organizations vs.
small, simple organizations; salary personnel vs. hourly personnel; high-tech vs. low-
tech organization; motivated vs. non-motivated personnel; high-risk vs. low-risk
products and services.
You will have 30 minutes for this activity
Class Activity
15. Key points:
Needs, expectations, and relevant requirements of interested parties shall be monitored
and reviewed.
Definition of “interested party” – “person or organization that can affect, be affected by,
or perceive itself to be affected by a decision or activity.” ISO 9001: 2015, Clause 3.2.3
Example
Examples of interested parties: Underwriters Laboratories (UL), regulators, authorities
having jurisdiction like state fire marshal or local inspector, independent sales
representatives, employees, employee families, shareholders, emergency services
(firefighters, police), media, suppliers and subcontractors, etc.
Understanding the needs and
expectations of interested parties
16. A deeper look at Risk in 9001:2015
The main objectives of ISO 9001
to provide confidence in the organization’s
ability to consistently provide customers
with conforming goods and services
to enhance customer satisfaction
The concept of “risk” in the context of ISO 9001 relates to the uncertainty of
achieving such objectives
The concept of “opportunity” in the context of ISO 9001 relates to exceeding
expectations and going beyond stated objectives
17. Risk in the clauses - Process Approach,
Leadership, Planning
in the Introduction the concept of risk-based thinking is explained
Definition: Effect of uncertainty on an expected result
in Clause 4 the organization is required to determine the risks and opportunities
which can affect its ability to meet these objectives
The process approach (PDCA) (0.3, 0.4 & 4.4) and Systems Thinking (0.3)
in Clause 5 top management are required to commit to ensuring Clause 4 is
followed
Enhance customer satisfaction
in Clause 6 the organization is required to take action to identify risks and
opportunities
Achieve intended results, prevent/reduce undesired effects, and achieve continual
improvement
18. Risk in Clauses – Operation, Evaluation,
Improvement
Clause 8 - the organization is required to implement processes to address
risks and opportunities throughout all operations processes (planning, design
and development, purchasing, production, post-production)
Clause 9 the organization is required to monitor, measure, analyse and
evaluate the risks and opportunities
Management review to consider effectiveness of actions taken to address risks
and opportunities and internal audit program provides a check-up on the health
of the QMS and of the business
In Clause 10 the organization is required to improve by responding to
changes in risk
19. Risk in Clauses – Risk-based approach
Section A4 of Annex A describes a risk-based management approach
consisting of:
Requiring the organization to understand its context consisting of internal and
external issues or factors.
Understanding that one of the key purposes of a management system is to act as
a preventive tool.
Determining its risks and opportunities.
Addressing the risks and opportunities identified
20. Why should I adopt “risk-based
thinking”?
successful companies intuitively take a risk-based approach because it brings
benefits
to improve customer confidence and satisfaction
to assure consistency of quality of goods and services
to establish a proactive culture of prevention and improvement
21. What should I do?
identify what the risks and opportunities are in your organization – it
depends on context
ISO 9001:2015 does not require a formal risk assessment or specific single
document
the information must be kept and available and could be electronic, audio,
video, written or any other type of media
ISO 31000 (“Risk management — Principles and guidelines”) may be a useful
reference for organizations which want a more formal risk process, but is not
obligatory
22. What should I do? (continued)
analyse and prioritize the risks and opportunities in your organization
what is acceptable?
what is unacceptable?
which opportunities should be acted on?
plan actions to address the risks and opportunities
how can I avoid, eliminate or mitigate the risk?
how can I realise opportunities?
implement the plan – take action
check the effectiveness of the actions – does it work?
learn from experience – continual improvement
23. Example
Single source of supply
Facility Move
Buying a new appliance
Crossing the road
What are some things your organization already does that would be
considered identifying and addressing risks and opportunities?
24. Key points:
Think about the following two scenarios:
1. Your human resource manager asks to see an employee’s:
• Training records or Training “retained documented information”
2. Your production manager asks to see:
• Inspection records or Inspection “retained documented information”
Terms from ISO 9001:2008 New Terms from ISO 9001:2015
Records = Retained Documented Information
Documented Procedures and
Instructions
=
Maintained Documented
Information
Documented Information
25. Key points:
• An organization’s QMS(BMS) must include:
• Documented information required by ISO 9001:2015
• Any documented information determined as necessary for the effectiveness of the
business by the organization
• Maintained documented information required by standard:
o Scope of organization’s QMS
o Quality policy
o Quality objectives
o Any necessary to support the operation of the organization’s processes
Documented Information
26. ISO 9001:2015 Certification
Transition Timeline
September 2015 start of 3 years transition period to
September 2018
•Certifications to ISO 9001:2008 will no longer be valid after
September 2018
2018201720162015
September 2015
Published International
Standard
27. Other important Information
The revision of ISO 9001 will impact other
related standards and documents.
Expect changes to:
- industry-specific standards
- supporting documents