ISO 9001:2015 versus ISO 9001:2008 And ISO 9000:2015 – Fundamentals and vocabulary versus ISO 9000:2005
This presentation lists the changes against ISO 9001:2008. The Standard has been published on the 15 Sept 2015 together with ISO 9000:2015 Fundamentals and Vocabulary. This presentation lists the changes against ISO 9001:2008.
QM principles number is reduced from 8 to 7: MAIN CHANGES 1/4 Structure of the Standard in accordance to ISO Directive Part 1, Annex SL QM principles number is reduced from 8 to 7: Customer Focus Leadership Engagement of People Process Approach Improvement Evidence-based Decision Marking Relationship Management
The changed vocabulary is : Products and services; MAIN CHANGES 2/4 The changed vocabulary is : Products and services; Documented information; Environment for the operation of processes; Externally provided products and services; External providers; Interested parties. New items are: Risk based thinking; Relevant interested parties; Knowledge Management.
Schematic representation of the elements of a single process MAIN CHANGES 3/4 Schematic representation of the elements of a single process
Representation of the ISO 9001 structure in PDCA cycle MAIN CHANGES 4/4 Representation of the ISO 9001 structure in PDCA cycle
MAIN CHANGES IN TERMS AND DEFINITIONS ISO 9000:2015 AGAINST ISO 9000:2005
Changes in terms and definitions ISO 9000:2015 Terms related to organisation Organisation = person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives. Context of the organisation = combination of internal and external issues that can have an effect on an organisation’s approach to developing and achieving its objectives. Interested party = person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or activity. Customer = person or organisation that could or does receive a product or a service that is intended for or required by this person or organisation.
Changes in terms and definitions ISO 9000:2015 Terms related to requirement Quality requirement = requirement related to quality. Statutory requirement = obligatory requirement specified by a legislative body. Regulatory requirement = obligatory requirement specified by an authority mandated by a legislative body.
Changes in terms and definitions ISO 9000:2015 Terms related to result Product = output of an organisation that can be produced without any transaction taking place between the organisation and the customer. Service = output of an organisation with at least one activity necessarily performed between the organisation and the customer. Risk = effect of uncertainty. Opportunity ≠ positive side of the risk. Opportunity = set of circumstances which makes it possible to do something. (Source: www.iso.org/tc176/sc02/public)
Changes in terms and definitions ISO 9000:2015 Terms related to data, information and document Documented information = information required to be controlled and maintained by an organisation and the medium on which it is contained.
Changes in terms and definitions ISO 9000:2015 Terms related to action Corrective action = action to eliminate the cause of a nonconformity and to prevent recurrence. Release = permission to proceed to thee next stage of a process or the next process.
CHANGES AND REFORMULATED REQUIREMENTS ISO 9001:2015 AGAINST ISO 9001:2008 (N° in the titles of the slides are coherent to the ISO 9001:2015 chapters. Key words are in underlined bold.)
4. Context of the organisation Determination, monitoring and review of external and internal issues (legal, technological, competitive, market, cultural, social , economic, international, national, regional or local) and of interested parties relevant to the QMS and their requirements. Issue = positive or negative factors or conditions for consideration. For establishment of QMS scope the organisation shall consider : external and internal issues, requirements of relevant interested parties, products and services of the organisation. The scope shall be available and maintained as documented information. Determination of inputs and outputs of processes; performance indicators; risks and opportunities & action plan; methods for evaluation and changes; opportunities for improvement. Documented information shall be maintained. Interested partie – person or organisation that can affect, be affected by, or perceive themselves to be affected by a decision or activity. Ex.: customers, owners, people in the organisation, suppliers, bankers, unions, partners, competitors, opposing pressure groups. To determine « relevant » interested parties only !
5. Leadership Management has to take accountability for the effectiveness of the QMS; ensuring that the Q policy and objectives are compatible with the strategic direction and the context of the organisation; integration of QMS into org. business processes; the use of the process approach; ensuring that the QMS achieves intended results. Customer requirement is widened to applicable statutory and regulatory requirements; risks and opportunities. The Q policy shall be : established, implemented, maintained, communicated (documented, understood and available). Top Mgt shall assign responsibility and authority for : QMS to conform to ISO 9001; processes are delivering intended outputs; reporting on performance and OFI, the need for change or innovation; ensuring promotion of customer focus; ensuring the integrity of QMS in case of change. ISO 9001:2015 – the notion of « management representative » is no longer present.
6. Planning for the QMS To identify risks and opportunities : to give assurance that the QMS can achieve its intended results; enhance desirable effects; prevent or reduce undesired effects, achieve improvement. The organisation shall plan actions to address the R&O; integrate and implement the actions into its QMS processes; evaluate effectiveness of those actions. Q objectives shall be established for relevant functions, levels and processes. They shall take into account applicable requirements, relevant to product conformity and enhancement of customer satisfaction, be monitored, communicated, updated. Documented information shall be maintained. Changes are to be carried out in a planned manner with consideration of : purpose, potential consequences, integrity of the QMS, availability of resources, allocation or reallocation of responsibilities and authorities. The risk = effect of uncertainty on an expected result. The opportunity ≠ positive effect of risk. To consider in relationship to : products, Processes, Owners, Workers, … The risks could be caracterized as: Organisational risk : occuring at the entity and activity level Strategic risk : related to inadequacy of organisation’s strategy or business plan Compliance risk : failure to comply with legal and regulatory requirements Operational risk : MS risk (HR practices, management tools, data processing, marketing, design and development, …) Customer satisfaction risk Supply chain risk Revenue recognition risks (accounts payable, accounts receivable, …) Information security risks Logistics risks Natural disaster risk The ways for management of risks and opportunities : To cancell To reduce To accept FMEA approach can be used.
7. Support To consider capabilities of, constraints on, existing internal resources; and what is to be obtained from external providers. Organisation to determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. This knowledge shall be maintained and made available to the extent necessary. When addressing changing needs and trends, to consider current knowledge and determine how to acquire or access the necessary additional knowledge (internal and external sources). Organization shall ensure that persons are aware of Q policy, Q objectives, their contribution, the implications of not conforming with QMS requirements. To determine precisely internal and external communication (what, when, with whom, how, who). QMS shall include documented information required by the Standard and by the organisation. Organisation shall ensure appropriate format and media. To identify and control external documentation identified as necessary for QMS. Documented information retained as evidence of conformity shall be protected from unintended alterations. Organisation knowledge is a new requirement in ISO/DIS 9001:2015 and defined as the knowledge specific to the organization; it is gained by experience. It is information that is used and shared to achieve the organization’s objectives Persons shall be aware in comparison to « communicate on » in previous version
8 Operation 1/2 The output of the operational planning shall be suitable for the operations. To control planned changes and review the consequences, mitigate any adverse effects. To control outsourced processes. To communicate information about changes; handling of customer property; specific requirements for contingency actions. Organisation shall establish, implement and maintain a design and development process. The standard specifies the items to be considered for determining the stages of design and development process. To determine as design an development inputs : standards or codes of practice that the organisation has committed to implement; internal and external resources; potential consequences of failure; level of control. ISO/DIS 9001:2015 - For determining the stages on design and development to consider : the nature, duration and complexity of the design and development activities; requirement to stages; required verification and validation; responsibilities and authorities; internal and external resource needs for the design and development of products and services; need to control interfaces; need for involvement of customer and user groups; requirements for subsequent provision of products and services; level of control expected for the design and development process by customers and other relevant interested parties; necessary documented information.
8. Operation 2/2 Validation to cover intended use (when known). Documented information is requested about design and development controls and outputs. In case of changes, to verify that there is no adverse impact on conformity to requirements and retain documented information. Externally provided processes, products and services are more precisely defined. For identification and traceability was added : competence and required qualification of persons (with traceability of the person authorizing release). External belonging is extended to external providers and to the requirement to report on incorrect use, lost, damage etc. and retain documented information on what has occurred. For change control following is to be considered : risks associated with the products and services; nature, use and intended lifetime; customer feedback; statutory and regulatory requirements. To review and control unplanned changes and maintain records about results of review, personnel authorizing, necessary actions. ISO 9001:2015 – Externally provided products and services : Product and services are provided by external providers for incorporation into the organisation’s own products and services, Product and services are provided directly to the customer by an external provider on behalf of the organisation, Process or part of the process provided by an external provider
9. Performance evaluation To determine : what needs to be monitored and measured; the methods; when to perform; when to analyze and evaluate the result. Documented information about the result to be retained. To evaluate Q performance and the effectiveness of the QMS. Extended to the degree to which requirements have been met. The analysis and evaluation is extended to : demonstrating that planning has been successfully implemented; assessing the performance of QMS .The results of analysis and evaluation shall be used to provide inputs to MR. For MR are added following inputs : changes in external and internal issues relevant to QMS; performance of external providers, feedback from relevant interested parties; the effectiveness of actions taken to address R&O; extent to which quality objectives have been met. For MR are added following outputs : changes to QMS. To retain documented information. ISO 9001:2008 : MR INPUTS : Results of audits Customer feedback Process performance and product conformity Status of preventive and corrective actions Follow up actions from previous management reviews Changes that could affect the QMS Recommendations for improvement
10. Improvement Focus of improvement is back to customer requirements and enhancement of customer satisfaction. This shall include improvement of : products and services; correcting preventing or reducing undesired effects and improvement of performance and effectiveness of the QMS. Additional information is given to improvement methods: reactively, incrementally, by step change, creatively, by re-organisation. Non-conformity and corrective action are extended to : determining if similar non-conformities exist or could potentially occur (“look-across”); making changes to the QMS if necessary; update risks and opportunities determined during planning if necessary. Documented information shall be retained. “Preventive action” is no more used in ISO DIS 9001:2015 (considered as a part of “risk based thinking”).
Complementary standards to ISO 9001 – Guidelines for: ISO 10001-2-3-4 QM – Customer satisfaction – codes of conduct for organisations; complaint handling; dispute resolution; monitoring and measuring ISO 10005 – QMS – Q plans ISO 10006 – QMS – QM in projects ISO 10007 – QMS – Configuration management ISO 10008 – QM – Customer satisfaction – B2C electronic commerce transactions ISO 10012 – Measurement management system ISO/TR 10013 – QMS documentation ISO 10014 – QM – Realising financial and economic benefits ISO 10015 – QM – Training ISO/TR 10017 – Statistical techniques for ISO 9001:2000 ISO 10018 – People involvement and competence ISO 10019 – Selection of QMS consultants and use of their services ISO 19011 – Auditing Management Systems