Prepared by Rand E Winters, Jr. ASR Senior Auditor October 2014 ISO 9001:2015 Revision Status Prepared by Rand E Winters, Jr. ASR Senior Auditor October 2014
Status of Standard Rewrite This review based on ISO/DIS 9001 draft dated 2014; member groups now voting on draft Contains 21 pages of requirements - compared to 9 pages for 2008 version. Draft has a lot of open space between content and will be some what shorter when finalized Some items might change as draft is reviewed and submitted discussion points addressed.
Major Changes to ISO 9001 2008 version called for 6 documented procedures; This draft uses the words “documented information”(3.11) covering written instructions and records Risk Management is added - defined in the definitions (3.09); identification of risk and risk control (6.1) are required. No requirement for a Quality Manual Management Representative not required 2015 draft of ISO 9001 has 7 auditable sections up from current 5 sections 69 definitions of the terminology used in 2014 draft
2015 - Table of Contents 1 Scope 2 Normative References 3 Terms and Definitions 4 Context of the Organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance Evaluation 10 Improvement
What Can Be Used From 2008? Most existing QMS documentation from 2008 will address much of the 2015 requirements. Example is internal auditing Some language has been adjusted. Procedures and records are now called “documented information” Organization of the sub sections have been moved around Next two pages list sub sections that are taken from the ISO 9001:2008 standard
2008 Requirements Retained and Relocated 2015 Draft Section Number 2008 Segments 4.3 Determining scope of QMS including exclusions (1.2 & 4.2.2) 5.1 Leadership and commitment (5.1) 5.2 Policy (5.3) 5.3 Organization roles and responsibilities (5.5.1) 6.2 Quality objectives and planning (5.4.1) 7.1.1 General outsourced processes (4.1) 7.1.2 Infrastructure and working environment (6.3 & 6.4) 7.1.3 Monitoring and measuring of instruments (7.6) 7.1.4 Knowledge requirements 7.2 Competence (6.2.2) 7.3 Awareness (5.4.1 & 6.2.2 & 5.3) 7.4 Communications (5.5.3) 7.5 Documented information (4.2.3 & 4.2.4)
2008 Requirements Retained 2015 Draft Section Number - ID Your QMS for Retention Segments 8.1 Operational planning and control 8.2 Interaction with customers and… 8.3 Operational preparedness 8.4 Control of external processes or products 8.3 Design and development 8.6. Execution/implementation 9.1.2 Customer satisfaction 9.2 Internal audits 9.3 Management review 10.2.2 Nonconformity and corrective action
New Content - Further Definition Section 4 -- Context of Organization Risk Documentation requirements 69 definitions; Section 3 provided to define wording used and additional notes to assist in understanding of the definition.
Definition of Context Merriam-Webster definition (one of many) is….. Interrelated condition in which something exists ISO 9001:2015 draft definition is in sub clause 3.24; Context of Organization – business environment – combination of internal and external conditions that can have an effect on an organization’s approach to its products, services and interested parties.
Defining Context of Organization Looking at 2015 draft some of items required to define context of organization: 4.1 Understanding External context Understanding internal context (refer to 6.1) (two long notes provided for guidance) 6.1 Actions to address risk and opportunities Related to product conformity and customer satisfaction
Context of Organization Continued 4.2 - Understanding needs and expectations of interested parties Interested parties relevant to organization’s QMS QMS related requirements of interested parties (2 notes provided for guidance)
Context of Organization Continued 4.3 Determining scope of QMS Organization shall determine boundaries and applicability of QMS Scope shall be documented and exclusions (2008 language) “those activities that are not applicable“ 2015 language added as “shall be determined and documented” Scope and not applicable sections shall be available to interested parties
Context of Organization 4.4 QMS - organization shall…… Determine processes needed Determine inputs and outputs of each process Determine sequence and interaction Determine risk Determine criteria Ensure availability of resources Allocate responsibility Monitor ,analyze and review processes Implement action necessary to achieve planned results Ensure revised processes continue to deliver intended outcomes
Risk Management Where is risk addressed? 3.09 Risk - effect of uncertainty on expected results (definition) 4.1 Organization shall take account these issues for determining risk (2 long notes) 4.4 QMS - determine risk if unintended output produced 5.1 Leadership - ensuring risks that could affect meeting product requirements … managed 6.1 Actions to address risk and opportunities
Risk Continued 6.3 Planning and Controlling changes a) identification of risk and control measures associated with product 8.4 Control of External processes or products - evaluation based on risks and risk control 8.5.1 Design and Development, define c) risk 8.5.3 Implement c) risk control measures 8.6 Execution/Implementation 8.6.1 h) implementation of risk controls 9.3 Management Review input b) determined risks
Four Phases of Risk Risk Management Approach (ISO 14971 Flow Diagram) Risk Analysis Risk Evaluation INTENDED USE Identification HAZARD identification RISK estimation RISK ASSESSMENT RISK acceptability decisions Risk Control OPTION analysis Implementation of measures RESIDUAL RISK evaluation Overall RISK acceptance Post Production Information Post-production experience Review of RISK MANAGEMENT experience- customer use Take appropriate actions 16
Risk Risk is documented in most sections of new draft Risk is very detailed in this standard as compared to ISO 13485, medical devices or AS 9100, aerospace. Four phases of risk on the previous slide can be used to address risk in an organized method that will meet requirements in the revised standard. Risk in this standard is addressed as risk to your business, the product that the organization is manufacturing or distributing, and customer satisfaction.
Documentation Requirements Definition of documented information (3.11)….. Information required to be controlled and maintained by an organization and medium on which it is contained. Note 1 - documented information can be in any format and media from any source Note 2 - documented information can refer to management system, including related processes; Information created in order for organization to operate Evidence of results achieved (records)
Examples of Documentation Process flow charts both hard copy and electronic Work instructions both hard copy and electronic Forms - both hard copy and electronic Procedures, work instructions, charts Records - hard copy, electronic, chart recorders, etc.
Specific Documents Needing Controls Scope and “requirements that can not be applied” shall be documented (2014 - 4.3) Quality Policy (5.2) Quality Objectives (6.2.1) Documented information of calibration and verification ( 7.1.5) Competence - retain appropriate information (7.2) Documentation of internal and external sources determined to be necessary by organization for planning and operation of QMS (7.5.3) Keep documented information to the extent necessary to have confidence processes have been carried out as planned (8.1)
Specific Documents Needing Controls Documented information describing results of reviews (contract review) (2014 - 8.2.3) Changed product requirements (8.2.3) Documented information that design and development processes and products meet requirements (8.3.2) D&D outputs (8.3.5) D&D changes (8.3.6) External processes or products (suppliers) - documented information regarding evaluation and any necessary actions (8.4.1) Production or services - define, controlled conditions, and results (8.5.1)
Specific Documents Needing Controls Monitoring and measurement of product - documented information include person authorizing release (2014 - 8.6) Nonconformity and corrective action - documented evidence of:…..(8.7) Monitoring, measurement, analysis and evaluation -documented information as evidence of results (9.1.1) Internal audits - documented information as evidence of audit program and audit results (9.2) Management review - documented information regarding results (9.3) Corrective action and non conforming material - information regarding action taken (10.2.2)
Annex A – 2015 Draft Clarification of New Structure Terminology & Concepts - Maintain documented information (procedures/work instructions) - Retain documented information (records)
Balance of 2014 – What To Do? Still too early in process of revising ISO 9001 for organizations to make changes to an existing ISO 9001 system; Last quarter of 2015 is a more logical start date Some items in Draft Standard may change or disappear from future drafts or the final version. An existing registered system might be OK as written. Compare draft requirements to your QMS and determine how many items might be new and require some work.
Address Risk Now Most organizations have informal to formal risk programs; start to formalize a risk program Think about documenting how your organization today handles risk to the business Think about using some language that is typical in a risk process such as risk determination, risk control, risk mitigation, acceptable level of risk
Updates ASR will update this ISO 9001:2015 presentation when a new draft or official release is distributed If you have questions now, please contact your ASR sales representative. Thank you.