SlideShare a Scribd company logo

Quality is the best business plan: A QMS with the nitty gritties of ISO 9001:2015

PECB
PECB

The webinar covers: • How Process Based QMS enables the organizations to identify, measure, control and improve the various core business processes. • How QMS integrates the several internal processes within the organization. • Policies, processes and procedures required for planning and execution of QMS in an organization (development/production/service). Presenter: This webinar was presented by M. Youssef. K, an Executive Consultant & Trainer at Six Sigma Associates – SSA. Link of the recorded session published on YouTube: https://youtu.be/KBlubvbBE_Y

Education
1 of 49
Quality is the best business plan: An overview of Quality Management system with the Nitty Gritties of ISO 9001:2015 By M.Youssef.K
M. Youssef K Six Sigma Associates M. Youssef K is an executive consultant & trainer with several qualifications. He is an accomplished expert with over 10 years’ experience in the field of risk management, project and program management, PRINCE 2, Agile, EVM, business process analysis and design, as well as operational and organizational excellence 92-306-5252528 6sigmapk@gmail.com https://pk.linkedin.com/in/projectmanagementpk www.sixsigmaassociates.co.uk/sixsigma
What is a Quality Management System? Policies, Processes Procedures What is a Quality Management System?
What is a Quality Management System?Required for planning and executing business processes To meet customer requirements Accredited to International Standards by a Registrar ISO 9001:2015 is an example
A Cultural Transition
A PHILOSOPHY
Change
It Requires ….. 1. Leadership 2. Determination 3. Resilience 4. Commitment 5. Engagement
Requires Leadership
RESILIENCE
A Strategic Choice  Effective Application of ISO 9000 QM Principles = Financial & Economic benefits  Financial benefit results from cost-effective management practices within the organization.  Economic benefit results from improvements in the overall worth and health of the organization.
ISO 9001 Management Principles 1. Customer Focus 2. Leadership 3. People Involvement 4. Process Approach 5. Systems Approach 6. Continual improvement 7. Factual Approach to Decision Making 8. Mutually Beneficial Supplier Relationships
Derived Benefits of QMS improved profitability, improved revenues, improved budgetary performance, reduced costs, improved cash flow, improved return on investment, increased competitiveness, improved customer retention and loyalty, improved effectiveness of decision making, optimized use of available resources, heightened employee accountability, improved intellectual capital, optimized, effective and efficient processes, improved supply chain performance, reduced time to market, enhanced organizational performance, credibility and sustainability.
Realization of Benefits INPUTS OUTPUTSPROCESS
The Inputs 1. Customer Focus 2. Leadership 3. People Involvement 4. Process Approach 5. Systems Approach 6. Continual improvement 7. Factual Approach to Decision Making 8. Mutually Beneficial Supplier Relationships
The Process Assess requirements, Plan activities, Allocate appropriate resources, Implement continual improvement actions, Measure results to determine effectiveness,
Out put = Increased Productivity
The new ISO 9001:2015 The ISO 9001:2015
The new ISO 9001:2015 Introduction A short overview of ISO 9001 in the world
The new ISO 9001:2015Introduction A short overview of ISO 9001 in the world
The new ISO 9001:2015Introduction A short overview of ISO 9001 in the world
The new ISO 9001:2015Introduction A short overview of ISO 9001 in the world
The new ISO 9001:2015 The Framework Standardize and effectively develop standards Enhance alignment and compatibility of standards Useful for organizations which pursue multiple standards Some standards already under Common Framework: ISO 22000, ISO 20001, ISO 50001 Under revision to the Common Framework: ISO 14001, ISO 27001, ISO 9001
The new ISO 9001:2015ISO 9001:2015 0. Introduction 1. Scope 2. Normative References 3. Terms and Definitions 4. Context of the Organization 5. Leadership 6. Planning 7. Support 8. Operations 9. Performance Evaluations 10.Improvement
The new ISO 9001:2015 Focus on risk based management Senior management must be able to demonstrate an understanding of business risks and how they could impact on the ability to meet customer requirements. An effective risk management process will be critical for successful certification to the new version. It must ensure the management system can achieve its intended outcomes and achieve continual improvement. Clause 6.1 Actions to address risks and opportunities, is where this is covered and it addresses the ‘what, who, how and when of risk management.
The new ISO 9001:2015 Objectives and measurement The requirements around quality objectives have also been made more detailed. They need to be consistent with the quality policy, measurable (if practicable), monitored, communicated, and updated as appropriate. They also have to be established at relevant functions and levels. Objectives should include plans on how to achieve them as well as how the results will be evaluated.
The new ISO 9001:2015 The organization must determine who will be responsible for the delivery of the objectives, resources required, what needs to be done and by when. So remember that when establishing quality objectives organization needs to demonstrate how they plan to achieve them. And remember that the objectives (results to be achieved) – can be technical, strategic or operational.
The new ISO 9001:2015 Communication and awareness Clause 7.3 Awareness is now a clause in its own right: people working under an organization’s control should be aware of the quality policy, objectives, their contributions to QMS, implications of non-conformities etc. There is an increased emphasis on awareness to ensure that everyone knows the implications of not conforming to the management system requirements.
The new ISO 9001:2015 Which leads into Clause 7.4 Communication – internal and external communications are now a requirement. It’s up to the organisations to decide what/who/when and how they are communicating. Communication is important for both internal and external stakeholders and an organization must develop a communication plan. It is important to decide who will own the communication and ensure that they have the appropriate authority, competencies and knowledge. The communication plan can include a variety of mediums including briefings, meetings, seminars, conferences and newsletters.
The new ISO 9001:2015 Fewer prescriptive requirements Much will be made of the fact that the new version of the standard has no requirements for procedures but it does have requirements for documentation. Clause 7.5 Documented Information deals with documented information and is split into 3 sub-clauses – general, creating and updating and control.
The new ISO 9001:2015 An organization must decide what information they wish to retain, how these are updated and controlled and adequately protected Clause 8 Operations includes: Requirements for customer communication (from information on products to contracts and invoicing) Review of design and development changes Information for external providers Identification and traceability Release of products and services now part of operational controls Non-conforming processes, outputs and product and services
The new ISO 9001:2015 5. High Level Structure New Clause Numbers 1. Scope 2. Normative References 3. Terms and Definitions 4. Context of the Organization 4.1. Understanding the Organization and its context 4.2. Needs and expectations 4.3. Scope 4.4. Management system
The new ISO 9001:20155. Leadership 5.1. Management commitment 5.2. Policy 5.3. Roles, Responsibility and Authority 6. Planning 6.1. Actions to address risks and opportunities 6.2. Objectives and plans to achieve them 7. Support 7.1. Resources 7.2. Competence 7.3. Awareness 7.4. Communications 7.5. Documented Information
The new ISO 9001:2015 8. Operations 8.1. Operational planning and control 9. Performance evaluation 9.1. Monitoring, measurement, analysis and evaluation 9.2. Internal audit 9.3. Management review 10. Improvement 10.1. Nonconformity and corrective action 10.2. Continual improvement
The new ISO 9001:2015 6. Some Requirements – Examples 4. CONTEXT OF THE ORGANISATION 4.1. Understanding the organization and its context The organization must determine external and internal issues relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its QMS.
The new ISO 9001:2015 4.2. Understanding the needs and expectations of interested parties The organization must determine interested parties relevant to the QMS, and the requirements of these interested parties List of interested parties the organization must consider: Direct customers End users Suppliers, distributors, retailers or others involved in the supply chain Regulators, and Any other relevant interested parties
The new ISO 9001:2015 4.4. Quality management system The organization must establish, implement, maintain and improve a QMS, including the processes needed and their interactions, in accordance with the requirements of this standard "Process approach" is maintained, and it will be embedded in all ISO management system standards.
The new ISO 9001:20155.1. Leadership Top management must demonstrate leadership and commitment with respect to the quality management system, by ... Ensuring the integration of the QMS requirements into the organization's business processes, Promoting awareness of the process approach, Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. Top management must demonstrate leadership and commitment with respect to customer focus.
The new ISO 9001:20156.1. Actions to address risks and opportunities When planning for the QMS, the organization must consider the issues... in 4.1 and the requirements ... in 4.2 and determine the risks and opportunities that need to be addressed to: Assure the QMS can achieve its intended outcome(s) Prevent or reduce undesired effects Achieve improvement The organization must plan: Actions to address these risks and opportunities, and how to: • Integrate and implement the actions into its OMS processes and • Evaluate the effectiveness of these actions
The new ISO 9001:2015 7.1. Resources The organization must determine and provide the resources needed for the OMS (establishment, implementation, maintenance and improvement of the OMS). Resources may include: Infrastructure (7.1.2 ) Process environment (7.1.3) Monitoring (7.1.4 ) Knowledge (7.1.5)
The new ISO 9001:20158.1. Operational Planning and Control The organization must plan, implement and control the processes needed to meet requirements and to implement the actions determined in 6.1, by: Establishing criteria for those processes Implementing the control of the processes in accordance with the criteria Keeping sufficient documented information to demonstrate the processes have been carried out as planned
The new ISO 9001:2015 The organization must control planned and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. The organization must ensure the operation of a function or process of the organization by an external provider is controlled (outsourcing ).
The new ISO 9001:20158.4. Control of External Provision of Goods and Services The organization must ensure that externally provided goods and services satisfy the specified requirements. Note: These include outsourcing.
The new ISO 9001:20159. PERFORMANCE EVALUATION 9.1. Monitoring, measurement, analysis and evaluation 9.2. Internal audit 9.3 Management review
?? QUESTIONS 92-306-5252528 6sigmapk@gmail.com www.sixsigmaassociates.co.uk/sixsigma https://pk.linkedin.com/in/projectmanagementpk THANK YOU

Recommended

PECB Infographic: Business Continuity Management System
PECB Infographic: Business Continuity Management SystemPECB Infographic: Business Continuity Management System
PECB Infographic: Business Continuity Management System
PECB
 
Certification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQACertification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQA
NQA
 
The new ISO 9001:2015
The new ISO 9001:2015The new ISO 9001:2015
The new ISO 9001:2015
Reza Seifollahy
 
Iso 13485 certification
Iso 13485 certificationIso 13485 certification
Iso 13485 certification
ursindia2
 
Core Knowledge about QMS
Core Knowledge about QMSCore Knowledge about QMS
Core Knowledge about QMS
MUHAMMAD ASIM (LA)
 
Aventis Certified Professional Trainer Program (ACPT)
Aventis Certified Professional Trainer Program (ACPT)Aventis Certified Professional Trainer Program (ACPT)
Aventis Certified Professional Trainer Program (ACPT)
Aventis School of Management
 
ISO Awareness Training
ISO Awareness TrainingISO Awareness Training
ISO Awareness Training
jeff_tuthill
 
PECB Infographic: Information Security Incident Response Process Model
PECB Infographic: Information Security Incident Response Process Model PECB Infographic: Information Security Incident Response Process Model
PECB Infographic: Information Security Incident Response Process Model
PECB
 

Recommended

PECB Infographic: Business Continuity Management System
PECB Infographic: Business Continuity Management SystemPECB Infographic: Business Continuity Management System
PECB Infographic: Business Continuity Management System
PECB
 
Certification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQACertification Body Approach to ISO 9001:2015 by NQA
Certification Body Approach to ISO 9001:2015 by NQA
NQA
 
The new ISO 9001:2015
The new ISO 9001:2015The new ISO 9001:2015
The new ISO 9001:2015
Reza Seifollahy
 
Iso 13485 certification
Iso 13485 certificationIso 13485 certification
Iso 13485 certification
ursindia2
 
Core Knowledge about QMS
Core Knowledge about QMSCore Knowledge about QMS
Core Knowledge about QMS
MUHAMMAD ASIM (LA)
 
Aventis Certified Professional Trainer Program (ACPT)
Aventis Certified Professional Trainer Program (ACPT)Aventis Certified Professional Trainer Program (ACPT)
Aventis Certified Professional Trainer Program (ACPT)
Aventis School of Management
 
ISO Awareness Training
ISO Awareness TrainingISO Awareness Training
ISO Awareness Training
jeff_tuthill
 
PECB Infographic: Information Security Incident Response Process Model
PECB Infographic: Information Security Incident Response Process Model PECB Infographic: Information Security Incident Response Process Model
PECB Infographic: Information Security Incident Response Process Model
PECB
 
Implementing ISO 50001 at the London School of Economics
Implementing ISO 50001 at the London School of EconomicsImplementing ISO 50001 at the London School of Economics
Implementing ISO 50001 at the London School of Economics
NQA
 
Awareness of qms
Awareness of qmsAwareness of qms
Awareness of qms
alabs
 
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
Engr. Syed Noor Mustafa Shah
 
NQA ISO 14001:2015 – Accredited Certification Transition Webinar Slides
NQA ISO 14001:2015 – Accredited Certification Transition Webinar SlidesNQA ISO 14001:2015 – Accredited Certification Transition Webinar Slides
NQA ISO 14001:2015 – Accredited Certification Transition Webinar Slides
NQA
 
ISO 45001 Current Status of Development from ISO
ISO 45001 Current Status of Development from ISOISO 45001 Current Status of Development from ISO
ISO 45001 Current Status of Development from ISO
NQA
 
ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation
Govind Ramu
 
The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015
PECB
 
Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301
PECB
 
BRC IOP
BRC IOPBRC IOP
BRC IOP
Fırat Özel
 
Leadership for quality
Leadership for qualityLeadership for quality
Leadership for quality
Amiirah Camall Saib
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin Gray
Colin Gray
 
Pmp chap13 - project stakeholder management details
Pmp chap13 - project stakeholder management detailsPmp chap13 - project stakeholder management details
Pmp chap13 - project stakeholder management details
Anand Bobade
 
دورة مجاناً تاسيس إدارة الاعلام بالمؤسسات
دورة مجاناً تاسيس إدارة الاعلام بالمؤسساتدورة مجاناً تاسيس إدارة الاعلام بالمؤسسات
دورة مجاناً تاسيس إدارة الاعلام بالمؤسسات
Essam Obaid
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 

More Related Content

Viewers also liked

Awareness of qms
Awareness of qmsAwareness of qms
Awareness of qms
alabs
 
The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015
PECB
 
Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301
PECB
 

Viewers also liked (13)

Implementing ISO 50001 at the London School of Economics
Implementing ISO 50001 at the London School of EconomicsImplementing ISO 50001 at the London School of Economics
Implementing ISO 50001 at the London School of Economics
 
Awareness of qms
Awareness of qmsAwareness of qms
Awareness of qms
 
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
 
NQA ISO 14001:2015 – Accredited Certification Transition Webinar Slides
NQA ISO 14001:2015 – Accredited Certification Transition Webinar SlidesNQA ISO 14001:2015 – Accredited Certification Transition Webinar Slides
NQA ISO 14001:2015 – Accredited Certification Transition Webinar Slides
 
ISO 45001 Current Status of Development from ISO
ISO 45001 Current Status of Development from ISOISO 45001 Current Status of Development from ISO
ISO 45001 Current Status of Development from ISO
 
ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation
 
The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015
 
Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301Leveraging Gap Assessments and Internal Audits in ISO 22301
Leveraging Gap Assessments and Internal Audits in ISO 22301
 
BRC IOP
BRC IOPBRC IOP
BRC IOP
 
Leadership for quality
Leadership for qualityLeadership for quality
Leadership for quality
 
ISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin GrayISO 9001 2015 ASQ Workshop by Colin Gray
ISO 9001 2015 ASQ Workshop by Colin Gray
 
Pmp chap13 - project stakeholder management details
Pmp chap13 - project stakeholder management detailsPmp chap13 - project stakeholder management details
Pmp chap13 - project stakeholder management details
 
دورة مجاناً تاسيس إدارة الاعلام بالمؤسسات
دورة مجاناً تاسيس إدارة الاعلام بالمؤسساتدورة مجاناً تاسيس إدارة الاعلام بالمؤسسات
دورة مجاناً تاسيس إدارة الاعلام بالمؤسسات
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Recently uploaded (20)

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 

Quality is the best business plan: A QMS with the nitty gritties of ISO 9001:2015

  • 1. Quality is the best business plan: An overview of Quality Management system with the Nitty Gritties of ISO 9001:2015 By M.Youssef.K
  • 2. M. Youssef K Six Sigma Associates M. Youssef K is an executive consultant & trainer with several qualifications. He is an accomplished expert with over 10 years’ experience in the field of risk management, project and program management, PRINCE 2, Agile, EVM, business process analysis and design, as well as operational and organizational excellence 92-306-5252528 6sigmapk@gmail.com https://pk.linkedin.com/in/projectmanagementpk www.sixsigmaassociates.co.uk/sixsigma
  • 3.
  • 4.
  • 5. What is a Quality Management System? Policies, Processes Procedures What is a Quality Management System?
  • 6. What is a Quality Management System?Required for planning and executing business processes To meet customer requirements Accredited to International Standards by a Registrar ISO 9001:2015 is an example
  • 10. It Requires ….. 1. Leadership 2. Determination 3. Resilience 4. Commitment 5. Engagement
  • 12.
  • 14.
  • 15. A Strategic Choice  Effective Application of ISO 9000 QM Principles = Financial & Economic benefits  Financial benefit results from cost-effective management practices within the organization.  Economic benefit results from improvements in the overall worth and health of the organization.
  • 16. ISO 9001 Management Principles 1. Customer Focus 2. Leadership 3. People Involvement 4. Process Approach 5. Systems Approach 6. Continual improvement 7. Factual Approach to Decision Making 8. Mutually Beneficial Supplier Relationships
  • 17. Derived Benefits of QMS improved profitability, improved revenues, improved budgetary performance, reduced costs, improved cash flow, improved return on investment, increased competitiveness, improved customer retention and loyalty, improved effectiveness of decision making, optimized use of available resources, heightened employee accountability, improved intellectual capital, optimized, effective and efficient processes, improved supply chain performance, reduced time to market, enhanced organizational performance, credibility and sustainability.
  • 19. The Inputs 1. Customer Focus 2. Leadership 3. People Involvement 4. Process Approach 5. Systems Approach 6. Continual improvement 7. Factual Approach to Decision Making 8. Mutually Beneficial Supplier Relationships
  • 20. The Process Assess requirements, Plan activities, Allocate appropriate resources, Implement continual improvement actions, Measure results to determine effectiveness,
  • 21. Out put = Increased Productivity
  • 22. The new ISO 9001:2015 The ISO 9001:2015
  • 23. The new ISO 9001:2015 Introduction A short overview of ISO 9001 in the world
  • 24. The new ISO 9001:2015Introduction A short overview of ISO 9001 in the world
  • 25. The new ISO 9001:2015Introduction A short overview of ISO 9001 in the world
  • 26. The new ISO 9001:2015Introduction A short overview of ISO 9001 in the world
  • 27. The new ISO 9001:2015 The Framework Standardize and effectively develop standards Enhance alignment and compatibility of standards Useful for organizations which pursue multiple standards Some standards already under Common Framework: ISO 22000, ISO 20001, ISO 50001 Under revision to the Common Framework: ISO 14001, ISO 27001, ISO 9001
  • 28. The new ISO 9001:2015ISO 9001:2015 0. Introduction 1. Scope 2. Normative References 3. Terms and Definitions 4. Context of the Organization 5. Leadership 6. Planning 7. Support 8. Operations 9. Performance Evaluations 10.Improvement
  • 29. The new ISO 9001:2015 Focus on risk based management Senior management must be able to demonstrate an understanding of business risks and how they could impact on the ability to meet customer requirements. An effective risk management process will be critical for successful certification to the new version. It must ensure the management system can achieve its intended outcomes and achieve continual improvement. Clause 6.1 Actions to address risks and opportunities, is where this is covered and it addresses the ‘what, who, how and when of risk management.
  • 30. The new ISO 9001:2015 Objectives and measurement The requirements around quality objectives have also been made more detailed. They need to be consistent with the quality policy, measurable (if practicable), monitored, communicated, and updated as appropriate. They also have to be established at relevant functions and levels. Objectives should include plans on how to achieve them as well as how the results will be evaluated.
  • 31. The new ISO 9001:2015 The organization must determine who will be responsible for the delivery of the objectives, resources required, what needs to be done and by when. So remember that when establishing quality objectives organization needs to demonstrate how they plan to achieve them. And remember that the objectives (results to be achieved) – can be technical, strategic or operational.
  • 32. The new ISO 9001:2015 Communication and awareness Clause 7.3 Awareness is now a clause in its own right: people working under an organization’s control should be aware of the quality policy, objectives, their contributions to QMS, implications of non-conformities etc. There is an increased emphasis on awareness to ensure that everyone knows the implications of not conforming to the management system requirements.
  • 33. The new ISO 9001:2015 Which leads into Clause 7.4 Communication – internal and external communications are now a requirement. It’s up to the organisations to decide what/who/when and how they are communicating. Communication is important for both internal and external stakeholders and an organization must develop a communication plan. It is important to decide who will own the communication and ensure that they have the appropriate authority, competencies and knowledge. The communication plan can include a variety of mediums including briefings, meetings, seminars, conferences and newsletters.
  • 34. The new ISO 9001:2015 Fewer prescriptive requirements Much will be made of the fact that the new version of the standard has no requirements for procedures but it does have requirements for documentation. Clause 7.5 Documented Information deals with documented information and is split into 3 sub-clauses – general, creating and updating and control.
  • 35. The new ISO 9001:2015 An organization must decide what information they wish to retain, how these are updated and controlled and adequately protected Clause 8 Operations includes: Requirements for customer communication (from information on products to contracts and invoicing) Review of design and development changes Information for external providers Identification and traceability Release of products and services now part of operational controls Non-conforming processes, outputs and product and services
  • 36. The new ISO 9001:2015 5. High Level Structure New Clause Numbers 1. Scope 2. Normative References 3. Terms and Definitions 4. Context of the Organization 4.1. Understanding the Organization and its context 4.2. Needs and expectations 4.3. Scope 4.4. Management system
  • 37. The new ISO 9001:20155. Leadership 5.1. Management commitment 5.2. Policy 5.3. Roles, Responsibility and Authority 6. Planning 6.1. Actions to address risks and opportunities 6.2. Objectives and plans to achieve them 7. Support 7.1. Resources 7.2. Competence 7.3. Awareness 7.4. Communications 7.5. Documented Information
  • 38. The new ISO 9001:2015 8. Operations 8.1. Operational planning and control 9. Performance evaluation 9.1. Monitoring, measurement, analysis and evaluation 9.2. Internal audit 9.3. Management review 10. Improvement 10.1. Nonconformity and corrective action 10.2. Continual improvement
  • 39. The new ISO 9001:2015 6. Some Requirements – Examples 4. CONTEXT OF THE ORGANISATION 4.1. Understanding the organization and its context The organization must determine external and internal issues relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its QMS.
  • 40. The new ISO 9001:2015 4.2. Understanding the needs and expectations of interested parties The organization must determine interested parties relevant to the QMS, and the requirements of these interested parties List of interested parties the organization must consider: Direct customers End users Suppliers, distributors, retailers or others involved in the supply chain Regulators, and Any other relevant interested parties
  • 41. The new ISO 9001:2015 4.4. Quality management system The organization must establish, implement, maintain and improve a QMS, including the processes needed and their interactions, in accordance with the requirements of this standard "Process approach" is maintained, and it will be embedded in all ISO management system standards.
  • 42. The new ISO 9001:20155.1. Leadership Top management must demonstrate leadership and commitment with respect to the quality management system, by ... Ensuring the integration of the QMS requirements into the organization's business processes, Promoting awareness of the process approach, Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. Top management must demonstrate leadership and commitment with respect to customer focus.
  • 43. The new ISO 9001:20156.1. Actions to address risks and opportunities When planning for the QMS, the organization must consider the issues... in 4.1 and the requirements ... in 4.2 and determine the risks and opportunities that need to be addressed to: Assure the QMS can achieve its intended outcome(s) Prevent or reduce undesired effects Achieve improvement The organization must plan: Actions to address these risks and opportunities, and how to: • Integrate and implement the actions into its OMS processes and • Evaluate the effectiveness of these actions
  • 44. The new ISO 9001:2015 7.1. Resources The organization must determine and provide the resources needed for the OMS (establishment, implementation, maintenance and improvement of the OMS). Resources may include: Infrastructure (7.1.2 ) Process environment (7.1.3) Monitoring (7.1.4 ) Knowledge (7.1.5)
  • 45. The new ISO 9001:20158.1. Operational Planning and Control The organization must plan, implement and control the processes needed to meet requirements and to implement the actions determined in 6.1, by: Establishing criteria for those processes Implementing the control of the processes in accordance with the criteria Keeping sufficient documented information to demonstrate the processes have been carried out as planned
  • 46. The new ISO 9001:2015 The organization must control planned and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. The organization must ensure the operation of a function or process of the organization by an external provider is controlled (outsourcing ).
  • 47. The new ISO 9001:20158.4. Control of External Provision of Goods and Services The organization must ensure that externally provided goods and services satisfy the specified requirements. Note: These include outsourcing.
  • 48. The new ISO 9001:20159. PERFORMANCE EVALUATION 9.1. Monitoring, measurement, analysis and evaluation 9.2. Internal audit 9.3 Management review