April 8, 2017 | Author: Paul Westcamp | Category: N/A
Download Handout Training Iso 9001 2015...
for ISO 9001:2015 2 DAYS TRAINING
GIC Indonesia Training Division
Agenda DAY ONE Introduction Rationale for changes Salient Points on ISO 9001:2015 Comparison with ISO 9001:2008 Clause 4 -‐ Context of the Organization Clause 5 -‐ Leadership
DAY TWO Clause 6 -‐ Planning for the Quality Management System Clause 7 -‐ Support Clause 8 -‐ Operation Clause 9 -‐ Performance Evaluation Clause 10 -‐ Improvement
Copyright GIC 2014
Objective
This training has been developed to provide basic information and updates on the revision to ISO 9001 to interested parties and will be updated periodically until the final version is published.
Copyright GIC 2014
Disclaimer
The is possibility that you have already implemented beyond the ISO 9001:2008 requirements and accidentally cover the ISO 9001:2015 DIS requirements But you have to pay attention to the NEW approach that may not be implemented yet by your organisation
Copyright GIC 2014
Disclaimer Any claims or statements made by the presenter based on this presentation represent their own opinions and/or interpretation, and are not formally endorsed by GIC.
! This presentation includes information related to the status of the revision process as of April 2015
! Further changes are likely as the revision process progresses, so you should NOT make changes to your management system at this stage until the new revision has been published officially. Copyright GIC 2014
Introduction – Review of ISO Standards • Every five years, ISO Standards are reviewed to ensure they are up-‐to-‐date. • ISO Technical Committee 176 is responsible for the development of the ISO 9001 and ISO 9004 International Standards as other International Standards and documents in the ISO 9000 Family. • A formal global review of ISO 9001 was completed in 2012 among ISO member bodies. This resulted in a decision to revise the standard
Copyright GIC 2014
Introduction – Review of ISO Standards • As with all ISO standards, this will be a consensus process • All ISO’s National Member Bodies (NMBs) and official liaison members nominate experts to participate in the drafting process
• Work on the revision has already begun and the Draft International Standard (DIS) has been released and voting shall start on 2014-‐07-‐10 and voting ends on 2014-‐10-‐10.
Copyright GIC 2014
Introduction -‐ Key Messages • According to ISO Survey 2012 — more than 1.1 million certificates around the globe • 73% of all MSS (Management System Standards) certificates are ISO 9001 certificates • ISO 14001 will be published around the same time • ISO 9001:2015 — the changes proposed are significant Copyright GIC 2014
Introduction – The ISO 9001 evolution 1987 • The first ISO 9000 series was published. • It was based on BS5750. • Focused on Quality Control
1994 • There were 3 certification standards that were released (i.e. ISO 9001, ISO 9002, ISO 9003) • Elemental approach (consisting 20 Elements) focused on producing products at a consistent level of quality. Copyright GIC 2014
Introduction – The ISO 9001 evolution 2000 There is a significant changes or leap from 1994 version to 2000 such as: • From elemental to a Process Model on Quality Management System using the PDCA (Deming Cycle) • From the 1994 with 3 Certification Standards to 2000 version of only 1 Certification Standard (but with exclusion to clauses applicable only on clause 7).
2008 • No significant changes. The changes are mostly clarifications. Copyright GIC 2014
Introduction – The ISO 9001 evolution
2015
Copyright GIC 2014
Introduction – The ISO 9001 evolution !
2015 ▪ New concepts are being considered ▪ The customer remains the primary focus ▪ A new common ISO format has been developed for use across all Management System Standards
Copyright GIC 2014
Why is the Standard changing? ` of “business environment” ▪• Evolution ▪ Evolution of management systems ▪ Evolution of quality ▪ ISO scheduled review
Rationale for Changes • In the last 25 years, many other Management Systems Standards have come into use world wide. • These various standards have different format or structure. Here is an example of comparison between ISO 9001 and ISO 14001: ISO 9001:2008 Structure 4.1 General Requirements 4.2 Documentation Requirements 5 Management responsibility 6 Resource Management 7 Product Realization
ISO 14001:2004 Structure 4.1 General requirements 4.2 Environmental policy 4.3 Planning 4.4 Implementation and operation 4.5 Checking
Copyright GIC 2014
Rationale for Changes • Organizations that use multiple Management System Standards are increasingly demanding a common format and language that is aligned between those standards. • Hence, if there is a common format, integration will be easier.
Copyright GIC 2014
High Level Structure -‐ Common Text Annex SL
• Mandated by ISO’s Technical Management Board (TMB) • High level structure, identical core text and common terms and core definitions for use in all Management System Standards • Purpose -‐ Enhance the consistency and alignment of different management system standards • Organizations who implement a single system addressing multiple standards (e.g. QMS, EMS, ISMS etc) will see the most potential benefit
Copyright GIC 2014
High Level Structure (HLS) 1. 2. 3. 4.
Scope Normative references Terms and definitions Context of the organization
• Understanding the organization and its context • Needs and requirements • Scope • Management System 5. Leadership • General • Management commitment • Policy • Roles, responsibility and authority 6. Planning • Actions to address risks & opportunities • Objectives and plans to achieve them
7. Support
• • • • •
Resources Competence Awareness Communication Documented information 8. Operation • Operational planning and control 9. Performance evaluation • Monitoring, measurement, analysis & evaluation • Internal audit • Management review 10. Improvement • Non conformity and corrective action • Continual Improvement
Copyright GIC 2014
Rationale for Changes ▪ Decrease the emphasis on Documentation ▪ Increase the emphasis on Achieving Value for the Organization and its customers ▪ Increase emphasis on Risk Management to achieve objectives
Copyright GIC 2014
Salient Points 1. Structure and Terminology 2. Product and Services 3. Context of the Organization 4. Documented Information 5. Risk-‐based Approach 6. Scope and Applicability 7. Organizational Knowledge 8. Control of externally provided products and services Copyright GIC 2014
Salient Points 1. Structure and Terminology ! ISO 9001:2008
ISO 9001:2015
Products
Products and services
Exclusions
Not used (See Annex A.4 for clarification of applicability)
Documentation, records
Documented information
Work environment
Environment for the operation of processes
Purchased product
Externally provided products and services
Supplier
External provider
Copyright GIC 2014
Salient Points 2. Products and Services !
2008: The term “product” to include all output categories.
2015: The term “products and services” includes all output categories (hardware, services, software and processed materials. In most cases, the terms “products” and “services” are used together. Most output that organizations provide to customers, or are supplied to them by external providers, include both products and services.
!
Copyright GIC 2014
Salient Points 3. Context of the organisation • ! There are two new clauses relating to the context of the organization: 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectation of interested parties. The titles of clauses 4.1 and 4.2 provide for alignment with other management system standards. They do not imply extension of quality management system requirements beyond the Scope of this International Standard. Copyright GIC 2014
Salient Points 4. Documented Information ! The terms “documented procedure” and “record” have both been replaced throughout the requirements text by “documented information”. Where ISO 9001:2008 would have referred to documented procedures (e.g. to define, control or support a process) this is now expressed as a requirement to maintain documented information.
! Where ISO 9001:2008 would have referred to records this is now expressed as a requirement to retain documented information.
Copyright GIC 2014
Salient Points 5. Risk-based Approach It requires the organization to understand its context (clause 4.1) and determine the risks and opportunities that need to be addressed (clause 6.1). With the inclusion of this approach, it has facilitated some reduction in prescriptive requirements and their replacement by performance-based requirements. Although risks and opportunities have to be determined and addressed, the standard does not require for formal risk management or a documented risk management process. Copyright GIC 2014
Salient Points 6. Applicability This Standard no longer makes specific reference to ‘exclusions’ when determining the applicability of its requirements to the organization’s quality management system. When a requirement can be applied within the scope of its QMS, the organization cannot decide that it is not applicable. Where a requirement cannot be applied (for example where the relevant process is not carried out) the organization can determine that the requirement is not applicable. However, this is non-applicability cannot be allowed to result in failure to achieve conformity of products and services or meet the organization’s aim to enhance customer satisfaction. Copyright GIC 2014
Salient Points 7. Organizational knowledge Clause 7.1.6 Organizational knowledge addresses the need to determine and maintain the knowledge obtained by the organization, including by its personnel, to ensure that it can achieve conformity of products and services. The process for considering and controlling past, existing and additional knowledge needs to take account of the organization’s context, including its size and complexity, the risks and opportunities it needs to address, and the need for accessibility of knowledge. The balance between knowledge held by competent people and knowledge made available by other means is at the discretion of the organization, provided that conformity of products and services can be achieved. Copyright GIC 2014
Salient Points 8. Control of externally provided products and services This addresses all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organizations or by any other means. The organization is required to take a risk-based approach to determine the type and extent of controls appropriate to particular external providers and externally provided products and services.
Copyright GIC 2014
COMPARISON
COMPARISON (2 of 5)
COMPARISON (3 of 5)
COMPARISON (4 of 5)
COMPARISON (5 of 5)
Clause 4 -‐ Context of the organisation 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the quality management system 4.4 Quality management system and its processes !
Copyright GIC 2014
4. Context of Organization 4.1 Understanding the organization and its context ! The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.
! The organization shall monitor and review the information about these external and internal issues.
! NOTE 1 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional or local.
NOTE 2 Understanding the internal context can be facilitated by considering issues related to values, culture knowledge and performance of the organization. Copyright GIC 2014
Context of Organization External context includes* • cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive environment, whether international, national, regional or local; • relationships with, and perceptions/values of external stakeholders
! Internal context includes* • corporate culture; • governance, organizational structure, roles and accountabilities; • policies, objectives, and strategies • resources (capital, time, people, processes, systems technologies); • information systems, information flows and decision-‐making processes (both formal and informal)
! * (taken from ISO 31000)
Copyright GIC 2014
Context of Organization
The context of the organisation equates to the business environment the organisation is operating in.
!
It is about the organisation understanding its place in the universe.
! Purpose: Clothing manufacturer ! Intended outcome: Production of men’s suits !Internal issues •Automation •Workforce •Design secrets •Capacity •Company culture •Innovation
!External issues •Customers •Fashion •New markets •Deadlines •Competition •Regulators •Utilities
!(Relevant) interested parties •Consumers •Employees •Owners/shareholders •Society •Suppliers and partners
Copyright GIC 2014
SWOT Analysis
4. Context of Organization 4.2 Understanding the needs and expectations of interested parties ! Due to their impact or potential impact on the organisation’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine: a) the interested parties that are relevant to the quality management system; b) the requirements of these interested parties that are relevant to the quality management system.
! The organization shall monitor and review the information about these interested parties and their relevant requirements.
Copyright GIC 2014
What is Interested Party
Copyright GIC 2014
4. Context of Organization 4.3 Determining the scope of the quality management system !
The organizaeon shall determine the boundaries and applicability of the quality management system to establish its scope.
!
When determining this scope, the organizaeon shall consider: a) the external and internal issues referred to in 4.1; b) the requirements of relevant interested parees referred to in 4.2; c) the products and services of the organizaeon.
!
Where a requirement of this Internalonal Standard within the determined scope can be applied, then it shall be applied by the organizalon.
! Copyright GIC 2014
4. Context of Organization 4.3 Determining the scope of the quality management system !
If any requirement(s) of this Internaeonal Standard cannot be applied, this shall not affect the organizaeon’s ability or responsibility to ensure conformity of products and services.
!
The scope shall be available and be maintained as documented informalon staeng the: • products and services covered by the quality management system; • juseficaeon for any instance where a requirement of this Internaeonal Standard cannot be applied.
Copyright GIC 2014
4. Context of Organization 4.4 Quality management system and its processes !
The organizaeon shall establish, implement, maintain and conenually improve a quality management system, including the processes needed and their interaceons, in accordance with the requirements of this Internaeonal Standard.
!
The organizaeon shall determine the processes needed for the quality management system and their applicaeon throughout the organizaeon and shall determine: a) the inputs required and the outputs expected from these processes; b) the sequence and interaclon of these processes; c) the criteria, methods, including measurements and related performance indicators needed to ensure the effeceve operaeon, and control of these processes; d) the resources needed and ensure their availability; Copyright GIC 2014
4. Context of Organization 4.4 Quality management system and its processes !
e) the assignment of the responsibililes and authoriles for these processes; f) the risks and opportuniles in accordance with the requirements of 6.1, and plan and implement the appropriate aceons to address them; g) the methods for monitoring, measuring, as appropriate, and evalualon of processes and, if needed, the changes to processes to ensure that they achieve intended results; h) opportuniles for improvement of the processes and the quality management system.
!
The organizaeon shall maintain documented informalon to the extent necessary to support the operaeon of processes and retain documented informalon to the extent necessary to have confidence that the processes are being carried out as planned. Copyright GIC 2014
Clause 5 -‐ Leadership 5.1 Leadership and commitment 5.1.1 Leadership and commitment to the quality management system 5.1.2 Customer focus
5.2 Quality policy 5.3 Organisation roles, responsibilities and authorities !
Copyright GIC 2014
Management Vs Leadership
!
What is TOP MANAGEMENT DEFINITIONS (ANNEX SL) a person or group of people who directs and controls an organisation at the highest level ! Note 1 Top management has the power to delegate authority and provide resources within the organization. Note 2 If the scope of the management system (3.04) covers only part of an organization then top management refers to those who direct and control that part of the organization.
Copyright GIC 2014
5.1 Leadership and Commitment 5.1.1 Leadership and commitment for the quality management system Top management shall demonstrate leadership and commitment with respect to the quality management system by: a) taking accountability of the effectiveness of the quality management system; b) ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the strategic direction and the context of the organization ; c) ensuring that the quality policy is communicated, understood and applied within the organization; d) ensuring the integration of the quality management system requirements into the organisation’s business processes; e) promoting awareness of the process approach; Copyright GIC 2014
5.1 Leadership and Commitment f) ensuring that the resources needed for the quality management system are available; g) communicating the importance of effective quality management and of conforming to the quality management system requirements; h) ensuring that the quality management system achieves its intended results; i) engaging, directing and supporting persons to contribute to the effectiveness of the quality management system; j) promoting continual improvement; k) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.
! NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence; whether the organization is public, private, for profit or not for profit. Copyright GIC 2014
5.1 Leadership and Commitment 5.1.2 Customer Focus !
Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that: a) customer requirements and applicable statutory and regulatory requirements are determined and met; b) the risks and opportuniles that can affect conformity of products and services and the ability to enhance customer saesfaceon are determined and addressed; c) the focus on consistently providing products and services that meet customer and applicable statutory and regulatory requirements is maintained; d) the focus on enhancing customer saesfaceon is maintained.
Copyright GIC 2014
5. Leadership 5.2 Quality policy !
5.2.1 Top management shall establish, review and maintain a quality policy that: a) is appropriate to the purpose and context of the organizalon; b) provides a framework for sejng and reviewing quality objeceves; c) includes a commitment to saesfy applicable requirements; d) includes a commitment to conenual improvement of the quality management system.
!
5.2.2 The quality policy shall: a) be available as documented informaeon; b) be communicated, understood and applied within the organizaeon; c) be available to relevant interested parles, as appropriate.
Copyright GIC 2014
5. Leadership 5.2 Organizational roles, responsibilities and authorities !
Top management shall ensure that the responsibiliees and authoriees for relevant roles are assigned, communicated and understood within the organizaeon.
!
Top management shall assign the responsibility and authority for: a) ensuring that the quality management system conforms to the requirements of this Internaeonal Standard; b) ensuring that the processes are delivering their intended outputs; c) reporlng on the performance of the quality management system, on opportuniles for improvement and on the need for change or innovalon, and especially for reporlng to top management; d) ensuring the promoeon of customer focus throughout the organizaeon; e) ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented. Copyright GIC 2014
Clause 6 -‐ Planning for the QMS ! 6.1 Actions to address risks and opportunities 6.2 Quality objectives and planning to achieve them 6.3 Planning of changes ! !
Copyright GIC 2014
What is RISK DEFINITIONS (ANNEX SL) effect of uncertainty
! Note 1 An effect is a deviation from the expected — positive or negative. Note 2 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. Note 3 Risk is often characterised by reference to potential events (ISO Guide 73, 3.5.1.3) and consequences (ISO Guide 73, 3.6.1.3), or a combination of these. Note 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (ISO Guide 73, 3.6.1.1) of occurrence.
Copyright GIC 2014
6.1 Action to address risks and opportunities ! 6.1 Actions to address risks and opportunities 6.1.1 When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to: a) give assurance that the quality management system can achieve its intended result(s); b) prevent, or reduce, undesired effects; c) achieve continual improvement.
Copyright GIC 2014
6.1 Action to address risks and opportunities 6.1.2 The organization shall plan: a) actions to address these risks and opportunities; b) how to: 1) integrate and implement the actions into its quality management system processes (see 4.4); 2) evaluate the effectiveness of these actions. Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.
! NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision. Copyright GIC 2014
Risk Analysis
Copyright GIC 2014
Risk Analysis
6.2 Quality objectives and planning to achieve them 6.2.1 The organizaeon shall establish quality objeceves at relevant funceons, levels and processes.
!
The quality objeceves shall: a) be consistent with the quality policy, b) be measurable; c) take into account applicable requirements; d) be relevant to conformity of products and services and the enhancement of customer saesfaceon; e) be monitored; f) be communicated; g) be updated as appropriate.
!
The organizaeon shall retain documented informalon on the quality objeceves.
Copyright GIC 2014
6.2 Quality objectives and planning to achieve them 6.2.2 When planning how to achieve its quality objeceves, the organizaeon shall determine: a) what will be done; b) what resources will be required; Nothing’s new but easier to c) who will be responsible; be understood d) when it will be completed; e) how the results will be evaluated.
Copyright GIC 2014
6.3 Planning of changes Where the organizaeon determines the need for change to the quality management system (see 4.4) the change shall be carried out in a planned and systemaec manner.
!
The organizaeon shall consider: a) the purpose of the change and any of its potenlal consequences; b) the integrity of the quality management system; c) the availability of resources; d) the allocaeon or reallocaeon of responsibiliees and authoriees.
Copyright GIC 2014
Clause 7 -‐ Support 7.1
Resources
7.1.1 General 7.1.2 People 7.1.3 Infrastructure 7.1.4 Environment for the operation of processes 7.1.5 Monitoring and measuring resources 7.1.6 Organizational knowledge
7.2 Competence 7.3 Awareness 7.4 Communication 7.5. Documented Information 7.5.1 General 7.5.2 Creating and Updating
!
Copyright GIC 2014
7.1 Resources 7.1.1 General
The organizaeon shall determine and provide the resources needed for the establishment, implementaeon, maintenance and conenual improvement of the quality management system.
! !
The organizaeon shall consider: a) the capabiliees of, and constraints on, exiseng internal resources; b) what needs to be obtained from external providers.
! 7.1.2 People
To ensure that the organizaeon can consistently meet customer and applicable statutory and regulatory requirements, the organizaeon shall provide the persons necessary for the effeceve operaeon of the quality management system, including the processes needed.
Copyright GIC 2014
7.1 Resources 7.1.3 Infrastructure
!
The organizaeon shall determine, provide and maintain the infrastructure for the operaeon of its processes to achieve conformity of products and services. NOTE Infrastructure can include: a) buildings and associated ueliees; b) equipment including hardware and solware; c) transportaeon; Previously Work Environment d) informaeon and communicaeon technology.
! 7.1.4 Environment for the operalon of processes
The organizaeon shall determine, provide and maintain the environment necessary for the operaeon of its processes and to achieve conformity of products and services. NOTE Environment for the operaeon of processes can include physical, social, psychological, environmental and other factors (such as temperature, humidity, ergonomics and cleanliness). Copyright GIC 2014
7.1 Resources 7.1.5 Monitoring and measuring resources !
Where monitoring or measuring is used for evidence of conformity of products and services to specified requirements the organizaeon shall determine the resources needed to ensure valid and reliable monitoring and measuring results.
!
!
The organizaeon shall ensure that the resources provided: a) are suitable for the specific type of monitoring and measurement aceviees being undertaken; b) are maintained to ensure their conlnued fitness for their purpose.
!
The organizaeon shall retain appropriate documented informalon as evidence of fitness for purpose of monitoring and measurement resources.
Copyright GIC 2014
7.1 Resources
!
Where measurement traceability is: a statutory or regulatory requirement; a customer or relevant interested party expectaeon; or considered by the organizaeon to be an esseneal part of providing confidence in the validity of measurement results; measuring instruments shall be: • verified or calibrated at specified intervals or prior to use against measurement standards traceable to internaeonal or naeonal measurement standards. Where no such standards exist, the basis used for calibraeon or verificaeon shall be retained as documented informaeon; • idenlfied in order to determine their calibralon status; • safeguarded from adjustments, damage or deterioralon that would invalidate the calibraeon status and subsequent measurement results.
!
The organizaeon shall determine if the validity of previous measurement results has been adversely affected when an instrument is found to be defeclve during its planned verificaeon or calibraeon, or during its use, and take appropriate correceve aceon as necessary. Copyright GIC 2014
7.1 Resources 7.1.6 O rganizalonal k nowledge !
!
The organizaeon shall determine the knowledge necessary for the operalon of its processes and to achieve conformity of products and services. ! This knowledge shall be maintained, and made available to the extent necessary. ! When addressing changing needs and trends, the organizaeon shall consider its current knowledge and determine how to acquire or access the necessary addieonal knowledge. ! NOTE 1 Organizaeonal knowledge can include informaeon such as intellectual property and lessons learned. ! NOTE 2 To obtain the knowledge required, the organizaeon can consider: a) internal sources (e.g. learning from failures and successful projects, capturing undocumented knowledge and experience of topical experts within the organizaeon); b) external sources (e.g. standards, academia, conferences, gathering knowledge with customers or providers). Copyright GIC 2014
7.2 Competence
!
The organizaeon shall: a) determine the necessary competence of person(s) doing work under its control that affects its quality performance; b) ensure that these persons are competent on the basis of appropriate educaeon, training, or experience; c) where applicable, take aceons to acquire the necessary competence, and evaluate the effeceveness of the aceons taken; d) retain appropriate documented informaeon as evidence of competence.
!
NOTE Applicable aceons can include, for example, the provision of training to, the mentoring of, or the re-‐assignment of currently employed persons; or the hiring or contraclng of competent persons.
Copyright GIC 2014
7.3 Awareness
!
Persons doing work under the organization’s control shall be aware of: a) the quality policy; b) relevant quality objectives; c) their contribution to the effectiveness of the quality management system, including the benefits of improved quality performance; d) the implications of not conforming with the quality management system requirements.
Copyright GIC 2014
7.4 Communication The organizaeon shall determine the internal and external communicaeons relevant to the quality management system including: a) on what it will communicate; b) when to communicate; c) with whom to communicate; d) how to communicate.
!
Copyright GIC 2014
7.5 Documented Information 7.5.1 General !
The organizaeon’s quality management system shall include a) documented informaeon required by this Internaeonal Standard; b) documented informaeon determined by the organizaeon as being necessary for the effeceveness of the quality management system.
!
!
NOTE The extent of documented informaeon for a quality management system can differ from one organizalon to another due to: a) the size of organizaeon and its type of aceviees, processes, products and services; b) the complexity of processes and their interaceons; c) the competence of persons.
Copyright GIC 2014
7.5 Documented Information 7.5.2 Creating and updating !
!
Nothing’s new but easier to be understood
When creaeng and updaeng documented informaeon the organizaeon shall ensure appropriate: a) idenlficalon and descriplon (e.g. a etle, date, author, or reference number); b) format (e.g. language, solware version, graphics) and media (e.g. paper, electronic); c) review and approval for suitability and adequacy.
Copyright GIC 2014
7.5 Documented Information 7.5.3 Control of documented information !
!
Nothing’s new but easier to be understood
7.5.3.1 Documented informaeon required by the quality management system and by this Internaeonal Standard shall be controlled to ensure: a) it is available and suitable for use, where and when it is needed; b) it is adequately protected (e.g. from loss of confideneality, improper use, or loss of integrity).
Copyright GIC 2014
7.5 Documented Information 7.5.3 Control of documented information !
!
Nothing’s new but easier to be understood
7.5.3.2 For the control of documented informaeon, the organizaeon shall address the following aceviees, as applicable: a) distribulon, access, retrieval and use; b) storage and preservalon, including preservaeon of legibility; c) control of changes (e.g. version control); d) retenlon and disposilon.
!
Documented informaeon of external origin determined by the organizaeon to be necessary for the planning and operaeon of the quality management system shall be idenefied as appropriate, and controlled.
!
NOTE Access can imply a decision regarding the permission to view the documented informaeon only, or the permission and authority to view and change the documented informaeon. Copyright GIC 2014
Clause 8 -‐ Operation 8.1 8.2
Operational planning and control Determination of requirements for products and services
8.2.1 Customer communication 8.2.2 Determination of requirements for products and services 8.2.3 Review of requirements related to products and services
8.3
Design and development of products and services
8.3.1 General 8.3.2 Design and development planning 8.3.3 Design and development inputs 8.3.4 Design and development controls 8.3.5 Design and development outputs 8.3.6 Design and development changes
! ! Copyright GIC 2014
Clause 8 -‐ Operation 8.4
Control of externally provided products and services
8.4.1 General 8.4.2 Type and extent of control of external provision 8.4.3 Information for external providers
8.5
Production and service provision
8.5.1 Control of production and service provision 8.5.2 Identification and traceability 8.5.3 Property belonging to customers or external providers 8.5.4 Preservation 8.5.5 Post-‐delivery activities 8.5.6 Control of changes
8.6 Release of products and services 8.7 Control of nonconforming process outputs, products and services Copyright GIC 2014
8.1 Operational Planning and Control
!
The organizaeon shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the aceons determined in 6.1, by: a) determining requirements for the product and services; b) establishing criteria for the processes and for the acceptance of products and services; c) determining the resources needed to achieve conformity to product and service requirements; d) implemeneng control of the processes in accordance with the criteria ; e) retaining documented informaeon to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate ! conformity of products and services to requirements. The output of this planning shall be suitable for the organizaeon's operaeons.
!
The organizaeon shall control planned changes and review the consequences of unintended changes, taking aclon to milgate any adverse effects, as necessary. The organizaeon shall ensure that outsourced processes are controlled in accordance with 8.4. Copyright GIC 2014
8.2 Determination of Requirements for Products and Services 8.2.1 Customer communicalon !
!
The organizaeon shall establish the processes for communicaeng with customers in relaeon to: a) informalon relaeng to products and services; b) enquiries, contracts or order handling, including changes; c) obtaining customer views and perceplons, including customer complaints; d) the handling or treatment of customer property, if applicable; e) specific requirements for conlngency aclons, when relevant
Copyright GIC 2014
8.2 Determination of Requirements for Products and Services 8.2.2 Determinalon of requirements related to products and services !
The organizaeon shall establish, implement and maintain a process to determine the requirements for the products and services to be offered to poteneal customers.
! !
The organizaeon shall ensure that: a) product and service requirements (including those considered necessary by the organisaeon), and applicable statutory and regulatory requirements, are defined; b) it has the ability to meet the defined requirements and substanlate the claims for the products and services it offers.
Copyright GIC 2014
8.2 Determination of Requirements for Products and Services 8.2.3 Review of requirements related to products and services !
!
The organizaeon shall review, as applicable: a) requirements specified by the customer, including the requirements for delivery and post-‐delivery aceviees; b) requirements not stated by the customer, but necessary for the customers' specified or intended use, when known; c) addieonal statutory and regulatory requirements applicable to the products and services; d) contract or order requirements differing from those previously expressed.
!
NOTE Requirements can also include those arising from relevant interested parles.
Copyright GIC 2014
8.2 Determination of Requirements for Products and Services 8.2.3 Review of requirements related to products and services !
This review shall be conducted prior to the organizaeon’s commitment to supply products and services to the customer and shall ensure contract or order requirements differing from those previously defined are resolved.
! !
Where the customer does not provide a documented statement of their requirements, the customer requirements shall be confirmed by the organizalon before acceptance.
!
Documented informalon describing the results of the review, including any new or changed requirements for the products and services, shall be retained.
!
Where requirements for products and services are changed, the organizaeon shall ensure that relevant documented informaeon is amended and that relevant personnel are made aware of the changed requirements. Copyright GIC 2014
8.3 Design and Development of Products and Services 8.3.1 General !
Where the detailed requirements of the organizalon’s products and services are not already established or not defined by the customer or by other interested parles, such that they are adequate for subsequent produclon or service provision, the organizalon shall establish, implement and maintain a design and development process.
!
!
NOTE 1 The organizaeon can also apply the requirements given in 8.5 to the development of processes for produceon and services provision
!
NOTE 2 For services, design and development planning can address the whole service delivery process. The organizaeon can therefore choose to consider the requirements of clauses 8.3 and 8.5 together.
Copyright GIC 2014
8.3 Design and Development of Products and Services 8.3.2 Design and development planning !
!
In determining the stages and controls for design and development, the organizaeon shall consider: a) the nature, duraeon and complexity of the design and development aceviees; b) requirements that specify parecular process stages, including applicable design and development reviews; c) the required design and development verificaeon and validaeon; d) the responsibiliees and authoriees involved in the design and development process; e) the need to control interfaces between individuals and parees involved in the design and development process; f) the need for involvement of customer and user groups in the design and development process; g) the necessary documented informaeon to confirm that design and development requirements have been met. Copyright GIC 2014
8.3 Design and Development of Products and Services 8.3.3 Design and development inputs !
The organizaeon shall determine: a) requirements esseneal for the specific type of products and services being designed and developed, including, as applicable, funceonal and performance requirements; b) applicable statutory and regulatory requirements; c) standards or codes of pracece that the organizaeon has commioed to implement; ! d) internal and external resource needs for the design and development of products and services; e) the poteneal consequences of failure due to the nature of the products and services; f) the level of control expected of the design and development process by ! customers and other relevant interested parees. Inputs shall be adequate for design and development purposes, complete, and unambiguous. ! Conflicts among inputs shall be resolved. Copyright GIC 2014
8.3 Design and Development of Products and Services 8.3.4 Design and development controls !
!
The controls applied to the design and development process shall ensure that: a) the results to be achieved by the design and development aceviees are clearly defined; b) design and development reviews are conducted as planned; c) verificaeon is conducted to ensure that the design and development outputs have met the design and development input requirements; d) validaeon is conducted to ensure that the resuleng products and services are capable of meeeng the requirements for the specified applicaeon or intended use (when known).
Copyright GIC 2014
8.3 Design and Development of Products and Services 8.3.5 Design and development outputs !
!
The organizaeon shall ensure that design and development outputs: a) meet the input requirements for design and development; b) are adequate for the subsequent processes for the provision of products and services; c) include or reference monitoring and measuring requirements, and acceptance criteria, as applicable; d) ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use.
!
The organizaeon shall retain the documented informaeon resuleng from the design and development process.
Copyright GIC 2014
8.3 Design and Development of Products and Services 8.3.6 Design and development changes !
The organizaeon shall review, control and idenefy changes made to design inputs and design outputs during the design and development of products and services or subsequently, to the extent that there is no adverse impact on conformity to requirements.
! !
Documented informaeon on design and development changes shall be retained.
Copyright GIC 2014
8.4 Control of Externally Provided Products and Services 8.4.1 General !
The organizaeon shall ensure that externally provided processes, products, and services conform to specified requirements.
! !
The organizaeon shall apply the specified requirements for the control of externally provided products and services when: a) products and services are provided by external providers for incorporaeon into the organisaeon’s own products and services; b) products and services are provided directly to the customer(s) by external providers on behalf of the organizalon; c) a process or part of a process is provided by an external provider as a result of a decision by the organizaeon to outsource a process or funceon.
Copyright GIC 2014
8.4 Control of Externally Provided Products and Services 8.4.1 General !
The organizaeon shall establish and apply criteria for the evalualon, seleclon, monitoring of performance and re-‐evalualon of external providers based on their ability to provide processes or products and services in accordance with specified requirements.
! !
The organizaeon shall retain appropriate documented informalon of the results of the evaluaeons, monitoring of the performance and re-‐evaluaeons of the external providers.
Copyright GIC 2014
8.4 Control of Externally Provided Products and Services 8.4.2 Type and extent of control of external provision !
In determining the type and extent of controls to be applied to the external provision of processes, products and services, the organisaeon shall take into consideraeon: a) the potenlal impact of the externally provided processes, products and services on the organizaeon’s ability to consistently meet customer and applicable statutory and regulatory requirements; ! b) ! the perceived effeclveness of the controls applied by the external provider. The organizaeon shall establish and implement verificalon or other aclviles necessary to ensure the externally provided processes, products and services do not adversely affect the organisaeon's ability to consistently deliver conforming products and services to its customers. Processes or funceons of the organizaeon which have been outsourced to an external provider remain within the scope of the organizaeon’s quality management system; accordingly, the organizaeon shall consider a) and b) above and define both the controls it intends to apply to the external provider and those it intends to apply to the resuleng process output. Copyright GIC 2014
8.4 Control of Externally Provided Products and Services 8.4.3 Informalon for external providers !
The organizaeon shall communicate to external providers applicable requirements for the following: a) the products and services to be provided or the processes to be performed on behalf of the organizaeon; b) approval or release of products and services, methods, processes or equipment; c) competence of personnel, including necessary qualificaeon; ! d) their interaceons with the organizaeon's quality management system; e) the control and monitoring of the external provider’s performance to be applied by the organizaeon; f) verificaeon aceviees that the organizaeon, or its customer, intends to perform at the external provider’s premises.
!
The organizaeon shall ensure the adequacy of specified requirements prior to their communicaeon to the external provider. Copyright GIC 2014
8.5 Production and Service Provision 8.5.1 Control of produclon and service provision !
The organizaeon shall implement controlled condieons for produceon and service provision, including delivery and post-‐delivery aceviees.
!
Controlled condieons shall include, as applicable: a) the availability of documented informalon that defines the characterisecs of the products and services; ! b) the availability of documented informalon that defines the aceviees to be performed and the results to be achieved; c) monitoring and measurement aceviees at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met. d) the use, and control of suitable infrastructure and process environment; e) the availability and use of suitable monitoring and measuring resources; Copyright GIC 2014
8.5 Production and Service Provision 8.5.1 Control of produclon and service provision !
Controlled condieons shall include, as applicable: f) the competence and, where applicable, required qualificaeon of persons; g) the validalon, and periodic revalidalon, of the ability to achieve planned results of any process for produceon and service provision where the resuleng output cannot be verified by subsequent monitoring or measurement; h) the implementalon of products and services release, delivery and post-‐delivery ! aceviees.
Copyright GIC 2014
8.5 Production and Service Provision 8.5.2 Idenlficalon and traceability !
Remain the same
Where necessary to ensure conformity of products and services, the organizaeon shall use suitable means to idenefy process outputs.
!
The organizaeon shall idenefy the status of process outputs with respect to monitoring and measurement requirements throughout produceon and service provision.
!!
Where traceability is a requirement, the organizaeon shall control the unique ideneficaeon of the process outputs, and retain any documented informaeon necessary to maintain traceability.
!
NOTE Process outputs are the results of any aceviees which are ready for delivery to the organisaeon’s customer or to an internal customer (e.g. receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc. Copyright GIC 2014
8.5 Production and Service Provision 8.5.3 Property belonging to customers or external providers !
The organizaeon shall exercise care with property belonging to the customer or external providers while it is under the organizaeon's control or being used by the organizaeon. The organizaeon shall idenefy, verify, protect and safeguard the customer’s or external provider’s property provided for use or incorporaeon into the products and services.
!!
When property of the customer or external provider is incorrectly used, lost, damaged or otherwise found to be unsuitable for use, the organizaeon shall report this to the customer or external provider.
!
NOTE Customer property can include material, components, tools and equipment, customer premises, intellectual property and personal data. Previous Customer Property Copyright GIC 2014
8.5 Production and Service Provision 8.5.4 Preservalon !
Remain the same
The organizaeon shall ensure preservaeon of process outputs during produceon and service provision, to the extent necessary to maintain conformity to requirements.
!
NOTE Preservaeon can include ideneficaeon, handling, packaging, storage, transmission or transportaeon, and proteceon.
!
Copyright GIC 2014
8.5 Production and Service Provision 8.5.5 Post-‐delivery aclviles !
As applicable, the organizaeon shall meet requirements for post-‐delivery aceviees associated with the products and services.
!
In determining the extent of post-‐delivery aceviees that are required, the organisaeon shall consider: ! a) the risks associated with the products and services; b) the nature, use and intended lifelme of the products and services; c) customer feedback; d) statutory and regulatory requirements.
!
NOTE Post-‐delivery aceviees can include aceons under warranty provisions, contractual obligaeons such as maintenance services, and supplementary services such as recycling or final disposal. Copyright GIC 2014
8.5 Production and Service Provision 8.5.6 Control of changes !
The organizaeon shall review and control unplanned changes esseneal for produceon or service provision to the extent necessary to ensure conenuing conformity with specified requirements.
!
The organizaeon shall retain documented informaeon describing the results of the ! review of changes, the personnel authorizing the change, and any necessary aceons.
Copyright GIC 2014
8.6 Release of Products and Services The organizaeon shall implement the planned arrangements at appropriate stages to verify that product and service requirements have been met. Evidence of conformity with the acceptance criteria shall be retained.
!
The release of products and services to the customer shall not proceed unel the planned arrangements for verificaeon of conformity have been saesfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.
!!
Documented informalon shall provide traceability to the person(s) authorizing release of products and services for delivery to the customer.
Copyright GIC 2014
8.7 Control of Nonconforming Process Outputs, Products and Services The organizaeon shall ensure process outputs, products and services that do not conform to requirements are idenefied and controlled to prevent their unintended use or delivery.
!
The organizaeon shall take appropriate correceve aceon based on the nature of the nonconformity and its impact on the conformity of products and services. This applies also to nonconforming products and services detected aler delivery of the products or during the provision of the service.
!!
As applicable, the organizaeon shall deal with nonconforming process outputs, products and services in one or more of the following ways: a) correceon; b) segregaeon, containment, return or suspension of provision of products and services; c) informing the customer; Copyright GIC 2014
8.7 Control of Nonconforming Process Outputs, Products and Services d) obtaining authorizaeon for: • use “as-‐is’; • release, conenuaeon or re-‐provision of the products and services; • acceptance under concession.
!
Where nonconforming process outputs, products and services are corrected, conformity to the requirements shall be verified.
! !The organizaeon shall retain documented informalon of aceons taken on
nonconforming process outputs, products and services, including on any concessions obtained and on the person or authority that made the decision regarding dealing with the nonconformity.
Copyright GIC 2014
Clause 9 -‐ Performance Evaluation 9.1
Monitoring, measurement analysis and evaluation
9.1.1 General 9.1.2 Customer satisfaction 9.1.3 Analysis and evaluation
9.2 9.3 ! !
Internal audit Management review
Copyright GIC 2014
9.1 Monitoring, Measurement, Analysis and Evaluation 9.1.1 General !
The organizaeon shall determine: a) what needs to be monitored and measured; b) the methods for monitoring, measurement, analysis and evaluaeon, as applicable, to ensure valid results; c) when the monitoring and measuring shall be performed; d) when the results from monitoring and measurement shall be analysed and evaluated.
!
The organizaeon shall ensure that monitoring and measurement aceviees are implemented in accordance with the determined requirements and shall retain appropriate documented informaeon as evidence of the results.
!
The organizaeon shall evaluate the quality performance and the effeceveness of the quality management system. Copyright GIC 2014
9.1 Monitoring, Measurement, Analysis and Evaluation 9.1.2 Customer Satisfaction !
Remain the same
The organizaeon shall monitor customer percepeons of the degree to which requirements have been met.
!
The organizaeon shall obtain informaeon relaeng to customer views and opinions of the organisaeon and its products and services.
!
The methods for obtaining and using this informaeon shall be determined.
!
NOTE Informaeon related to customer views can include customer saesfaceon or opinion surveys, customer data on delivered products or services quality, market-‐ share analysis, compliments, warranty claims and dealer reports.
Copyright GIC 2014
9.1 Monitoring, Measurement, Analysis and Evaluation 9.1.3 Analysis and evaluation !
Remain the same
The organizaeon shall analyse and evaluate appropriate data and informaeon arising from monitoring, measurement and other sources. ! The output of analysis and evaluaeon shall be used to: a) demonstrate conformity of products and services to requirements; b) assess and enhance customer salsfaclon; c) ensure conformity and effeclveness of the quality management system; d) demonstrate that planning has been successfully implemented; e) assess the performance of processes; f) assess the performance of external provider(s); g) determine the need or opportuniees for improvements within the quality management system.
!
The results of analysis and evaluaeon shall also be used to provide inputs to management review. Copyright GIC 2014
9.2. Internal Audit 9.2. Internal Audit !
Remain the same
9.2.1 The organizaeon shall conduct internal audits at planned intervals to provide informaeon on whether the quality management system; a) conforms to: 1. the organizaeon’s own requirements for its quality management system; 2. the requirements of this Internaeonal Standard; b) is effecevely implemented and maintained.
Copyright GIC 2014
9.2. Internal Audit 9.2. Internal Audit
Remain the same
9.2.2 The organization shall: a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the quality objectives, the importance of the processes concerned, customer feedback, changes impacting on the organisation, and the results of previous audits; b) define the audit criteria and scope for each audit; c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process; d) ensure that the results of the audits are reported to relevant management; e) take necessary correction and corrective actions without undue delay; f) retain documented information as evidence of the implementation of the audit programme and the audit results. Copyright GIC 2014
9.3 Management Review 9.3.1 Top management shall review the organizaeon's quality management system, at planned intervals, to ensure its conenuing suitability, adequacy, and effeceveness.
!
The management review shall be planned and carried out taking into consideraeon: a) the status of aceons from previous management reviews; b) changes in external and internal issues that are relevant to the quality management system including its strategic direceon;
Copyright GIC 2014
9.3 Management Review c) informaeon on the quality performance, including trends and indicators for: 1. nonconformiees and correceve aceons; 2. monitoring and measurement results; 3. audit results; 4. customer saesfaceon; 5. issues concerning external providers and other relevant interested parees; 6. adequacy of resources required for maintaining an effeceve quality management system; ! 7. process performance and conformity of products and services; d) the effeceveness of aceons taken to address risks and opportuniees (see clause 6.1); e) new poteneal opportuniees for conenual improvement.
Copyright GIC 2014
9.3 Management Review The outputs of the management review shall include decisions and aclons related to: a) conenual improvement opportuniees; b) any need for changes to the quality management system, including resource needs. The organizaeon shall retain documented informalon as evidence of the results of management reviews.
Copyright GIC 2014
Clause 10 -‐ Improvement 10.1 General 10.2 Nonconformity and corrective action 10.3 Continual improvement ! ! ! !
Copyright GIC 2014
10.1 General The organizaeon shall determine and select opportuniles for improvement and implement necessary aclons to meet customer requirements and enhance customer saesfaceon.
!
This shall include, as appropriate: a) improving processes to prevent nonconformiees; b) improving products and services to meet known and predicted requirements c) improving quality management system results.
!
NOTE Improvement can be effected reaclvely (e.g. correceve aceon), incrementally (e.g. conenual improvement), by step change (e.g. breakthrough), crealvely (e.g. innovaeon) or by re-‐organisalon (e.g. transformaeon).
Copyright GIC 2014
10.2 Nonconformity and Corrective Action 10.2 Nonconformity and corrective action 10.2.1 When a nonconformity occurs, including those arising from complaints, the organization shall: a) react to the nonconformity, and as applicable: 1) take action to control and correct it; 2) deal with the consequences; b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by: 1) reviewing the nonconformity; 2) determining the causes of the nonconformity; 3) determining if similar nonconformities exist, or could potentially occur; c) implement any action needed; d) review the effectiveness of any corrective action taken; e) make changes to the quality management system, if necessary. Copyright GIC 2014
10.2 Nonconformity and Corrective Action 10.2 Nonconformity and corrective action ! Corrective actions shall be appropriate to the effects of the nonconformities encountered.
!
NOTE 1 In some instances, it can be impossible to eliminate the cause of a nonconformity. NOTE 2 Corrective action can reduce the likelihood of recurrence to an acceptable level.
! 10.2.2 The organization shall retain documented information as evidence of: a) the nature of the nonconformities and any subsequent actions taken; b) the results of any corrective action.
Copyright GIC 2014
10.3 Continual Improvement The organizaeon shall conenually improve the suitability, adequacy, and effeceveness of the quality management system.
!
The organizaeon shall consider the outputs of analysis and evalualon, and the outputs from management review, to confirm if there are areas of underperformance or opportuniles that shall be addressed as part of conenual improvement.
!
Where applicable, the organizaeon shall select and ullise applicable tools and methodologies for invesegaeon of the causes of underperformance and for supporeng conenual improvement.
Copyright GIC 2014
ISO 9001:2015 – New Structure
Figure 1 – Model of a process-‐based quality management system, showing the links to the clauses of this International Standard
What should we do? ▪ Research and initiate in being updated on what is going on and be ready to implement the new requirements ▪ Takes full advantage of the revision of ISO 9001 to improve business performance ▪ Integrate their activities within the scope of multiple Management System Standards ▪ Decrease the emphasis on documentation when this is not mandated or does not add value ! ✓ Remember, don’t make any changes yet!
Copyright GIC 2014
ISO 9001:2015 Timeline
Reference: ISO/TC 176 presentation
Stay Tuned! ! Additional updates and information will be made available as the change process proceeds. Meanwhile, you can check www.iso.org for details
! ! Guardian Independent Certification (GIC) Indonesia PT. Verifikasi Independen Indonesia Jakarta (021) 29704026 - Surabaya (031) 8479096 for more details email to
[email protected]
! !
Acknowledgement and References: ISO / TC 176 presentation, DIS ISO 9001:2015, IRCA webinar
