ISO 9001 2015 ASQ Workshop by Colin Gray
-
Upload
colin-gray -
Category
Business
-
view
3.363 -
download
0
description
Transcript of ISO 9001 2015 ASQ Workshop by Colin Gray
ASQ Denver ISO DIS 9001:2015
Workshop
01/21/12 © 2012 Cavendish Scott, Inc.www.CavendishScott.com
1
Agenda
• Introduction• The Current and Expected Development of ISO 9001• TS 9002• Quality Principles• Annex SL• The Structure of ISO 9001• Key Points
– Attachment to the Standard– Introduction to the Standard
• Key Definitions• Interesting Clauses• Auditability• Transition• Probable Implementation• Summary, Questions, Close
Colin Gray & Cavendish Scott, Inc.
• Consulting, training and auditing for 25+ years• IRCA/RABQSA professional auditor• Registrar Auditor
• Cavendish Scott, Inc.• Accredited IRCA Training Organization• Consulting – Guaranteed Certification• Training – in-house, public, accredited, customized• Auditing – internal auditing, consulting and support
ISO 9001 Development
• In the beginning…• 1979• 1987• 1994, 2000, 2008
– Was the process approach invented in 2000– “What Happened” in 2008!
ISO 9001 Development
• User Surveys (following release)• Strategic plans, committee structures
– 70+ Countries• TC 176, USTAG, SC/WG• CD, DIS, FDIS, ISO
ISO.ORG
Look it up! ISO.ORG
58 Swiss Fr = $65.04
Guide to the Stages
Current Stage
SC2
SC2
Original Design Specification
According to the draft design specification, the revised standard should (among other things) :
• •Provide a stable core set of requirements for the next 10 years or more• •Remain generic, and relevant to all sizes and types of organization operating in any sector• •Maintain the current focus on effective process management to produce desired outcomes• •Take account of changes in quality management systems practices and technology since the last
major revision in 2000• •Reflect changes in the increasingly complex, demanding and dynamic environments in which
organizations operate• •Apply Annex SL of the ISO Directives to enhance compatibility and alignment with other ISO
management system standards• •Facilitate effective organizational implementation and effective conformity assessment by first,
second and third parties• •Use simplified language and writing styles to aid understanding and consistent interpretations of its
requirements
ISO 9001:2015 and beyond - Preparing for the next 25 years of quality management standardsby Nigel H. Croft on 28 August 2012 Chair ISO/TC 176/SC 2, Quality systems
Timeline
Timescale
Date ISO 9001 (QMS)
August 2013 Close of CD ballot/CD Issued/Initiation of DIS Development
January 2014 DIS (Final draft)
March 2014 DIS draft to ISO (*Cavendish Scott to provide workshops)
April 2014 DIS ballot opens
August 2014 DIS ballot closes/DIS Issued/Initiation of FDIS Development
January 2015 Final draft FDIS
July 2015 FDIS Ballot opens (Jan-July FDIS avail. Cavendish Scott to provide Workshops)
August 2015 FDIS ballot closes
September 2015 ISO Publication
October 2015
November 2015
December 2015
March 2014
• The CD achieved a 78% approval.• 66% is required.
• Negative votes (12) included significant countries such as Germany, Japan, US, and Canada.
• 3,000 comments were received. • The need for an interim meeting was determined.• Interim working draft submitted – 1400 comments
received. March, Verseille could not address all.• Declared plan is to get the DIS to “countries” by April –
publication June/July• Get to “countries” for translation (previous issues)• NEW WORK TS 9002…guidance
TS 9002 – (Goal)
• Guidance – for suppliers (to implement) and customers (to understand)
• In drafting ISO 9001, ISO/TC 176/SC2 has an objective to write the standard in such a way as to make it understandable by all users.
• However, owing to the constraint of trying to write generic requirements that are applicable to all organizations and also due to translation issues, it is recognized that it is not always possible to achieve the level of clarity required, particularly for certain types of organization.
• It is expected that the provision of these application guidelines, supported by specific types of examples, will enable users to be able to put ISO 9001 more readily into their own context, and so have greater understanding of its requirements.
• SC2 March 2014
TS 9002 (Response)
• The US Expert Recommendation will be based on the following criteria. (DRAFT)
• The fact that we are writing a guidance document is evidence that the requirements cannot be effectively implemented by organization.
• From the earliest days of ISO 9001(also including 9002 and 9003 in the early days) the standard has been written in a language that line management, who are not quality experts, can understand. This has been an important contributor to the success of ISO 9001. Writing the next revision of ISO 9001 in a language that only quality experts can understand undermines 25 years of effort to make Quality Management Requirements Standards readily understandable by line management, and would be a giant step backwards.
• In addition, the generic level of the standard has existed in the standard since its inception. There is no evidence that the generic level of the standard requires guidance.
Quality Principles
NEW• QMP 1 – Customer Focus• QMP 2 – Leadership• QMP 3 – Engagement of People• QMP 4 – Process Approach
• QMP 5 – Improvement• QMP 6 – Evidence-based Decision
Making • QMP 7 – Relationship Management
ORIGINAL• Customer focus• Leadership• Involvement of people• Process approach• System approach to management • Continual improvement• Factual approach to decision
making• Mutually beneficial supplier
relationships
Annex SL – Why we Know What we Know!
• Purpose is a consistent (high level) structure, terminology and requirements (text) between different management system standards.• 9001, 14001, 27001, etc.
• 27001 published, 14001 in draft for publication (TC207)
• Currently in force (restricting what TC176 can do)
Annex SL – Why we Know What we Know!
• Annex SL, Appendix 2 allows discipline specific additions to the core text and this has been utilised for the following:– specific quality management system requirements
considered essential to meet the scope of the standard;– requirements that may appear to be generic but are
considered essential to reflect use of the Quality Management Principles that form the basis for the quality management system standards within the ISO 9000 family;
– requirements and notes that enhance or clarify the core text.
– (from CD)
The Old (current) Structure
• 4 Quality System• 5 Management Responsibility• 6 Resources• 7 Production Realization• 8 Monitoring, Measuring, and Improvement
The Structure of Annex SL……
• 4 Context of the organization• 5 Leadership• 6 Planning• 7 Support• 8 Operation• 9 Performance evaluation• 10 Improvement
The Structure of CD 9001:2015
• 4 Context of the organization• 5 Leadership• 6 Planning• 7 Support• 8 Operation• 9 Performance evaluation• 10 Improvement
DIS 9001:2015 Titles
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization• 4.1 Understanding the organization and its context• 4.2 Understanding the needs and expectations of
interested parties• 4.3 Determining the scope of the quality
management system• 4.4 Quality management system and its processes
5. Leadership• 5.1 Leadership and commitment• 5.2 Quality policy• 5.3 Organizational roles, responsibilities and
authorities
6. Planning for quality management systems• 6.1 Actions to address risks and opportunities• 6.2 Quality objectives and planning to achieve them• 6.3 Planning of changes
7. Support• 7.1 Resources *• 7.2 Competence• 7.3 Awareness
• 7.4 Communication• 7.5 Documented information
8. Operation• 8.1 Operational planning and control• 8.2 Determination of requirements for products and
services• 8.3 Design and Development of products and
services• 8.4 Control of externally provided products and
services• 8.5 Production and service provision• 8.6 Release of goods and services• 8.8 Control of nonconforming process outputs,
products and services
9. Performance evaluation• 9.1 Monitoring, measurement, analysis and
evaluation• 9.2 Internal audit• 9.3 Management review
10. Improvement • 10.1 General• 10.2 Nonconformity and corrective action• 10.2 Continual improvement
Annex A Quality management principles (Informative)
Bibliography
Review of 9001:2015 – Key Points
• 2 areas• Attachment 1 to SC2/N1147• Introduction to CD – 0.3 Significant Changes
Review of 9001:2015 – Key Points
• Attachment 1 to SC2/N1147• a) Exclusions
• there should no longer be any technical reasons for an organization's QMS not to be able to meet all the requirements
• b) Goods and services• instead of Product (NOW – PRODUCTS AND SERVICES)
• c) Improvement• (continual) improvement - (delete continual)
Review of 9001:2015 – Key Points
• Introduction to CD – 0.3 Significant Changes• a) Redrafting to make the standard more generic and more
easily applicable by service industries• Goods and Services (versus Product)
• b) Context of the organisation• 4.1 Understanding the organization and its context and • 4.2 Understanding the needs and expectations of interested
parties• - determine the issues and requirements that can impact on the
planning of the QMS - used as an input into the development of the QMS
• - determining the requirements of relevant interested parties there is no new requirement to ensure ... meet the needs …of external parties other than those already identified in ISO 9001:2008. Such a change would require a change to the scope of the standard which is not permitted by the design specification for the revision.
Review of 9001:2015 – Key Points
Introduction to CD – 0.3 Significant Changes• c) Process approach
• This proposed revision to the standard makes (the adoption of a process approach) more explicit by including clause 4.4.2 Process approach – specifying requirements considered essential to the adoption of a process approach.
• d) Risk and Preventive Action• Annex SL does not include a clause giving specific requirements for
‘preventive action’ - key purposes of a formal management system is to act as a preventive tool.
• (4.1 Understanding the Org.) …external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s)’
• (6.1 Actions to add. risks) determine the risks and opportunities that need to be addressed to: assure the QMS can achieve its intended outcome(s); prevent, or reduce, undesired effects; achieve continual improvement.
• Although risks have to identified and acted upon there is no requirement for formal risk management.
Review of 9001:2015 – Key Points
Introduction to CD – 0.3 Significant Changes• e) Documented information
• The Annex SL Appendix 2 clause on Documented Information has been adopted without significant change or addition. Where appropriate, text elsewhere in the standard has been aligned with its requirements. Consequently the terms ‘document’ and ‘record’ have both been replaced throughout the requirements text by ‘documented information’.
• f) Control of external provision of goods and services (8.6)• addresses all forms of external provision, whether it is by purchasing from a
supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organisation or by any other means. The organisation is required to take a risk based approach to determine the type and extent of controls appropriate to each external provider and all external provision of goods and services.
DIS 9001:2015 Titles
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization• 4.1 Understanding the organization and its context• 4.2 Understanding the needs and expectations of
interested parties• 4.3 Determining the scope of the quality
management system• 4.4 Quality management system and its processes
5. Leadership• 5.1 Leadership and commitment• 5.2 Quality policy• 5.3 Organizational roles, responsibilities and
authorities
6. Planning for quality management systems• 6.1 Actions to address risks and opportunities• 6.2 Quality objectives and planning to achieve them• 6.3 Planning of changes
7. Support• 7.1 Resources *• 7.2 Competence• 7.3 Awareness
• 7.4 Communication• 7.5 Documented information
8. Operation• 8.1 Operational planning and control• 8.2 Determination of requirements for products and
services• 8.3 Design and Development of products and
services• 8.4 Control of externally provided products and
services• 8.5 Production and service provision• 8.6 Release of goods and services• 8.8 Control of nonconforming process outputs,
products and services
9. Performance evaluation• 9.1 Monitoring, measurement, analysis and
evaluation• 9.2 Internal audit• 9.3 Management review
10. Improvement • 10.1 General• 10.2 Nonconformity and corrective action• 10.2 Continual improvement
Annex A Quality management principles (Informative)
Bibliography
DIS Definitions
• Went from 22 to 69 (this will not stand)• Includes the word “unicorn” – 3.36 (nor this?)
Key (new) Definitions
• 3.02• interested party (preferred term)• stakeholder (admitted term)• person or organization (3.01) that can affect, be affected by, or perceive themselves
to be affected by a decision or activity• • 3.09• risk• effect of uncertainty• Note 1 to entry: An effect is a deviation from the expected — positive or negative.• Note 2 to entry: Uncertainty is the state, even partial, of efficiency of information
related to, understanding or knowledge of, an event, its consequence, or likelihood.• Note 3 to entry: Risk is often characterized by reference to potential events (ISO
Guide 73, 3.5.1.3) and consequences (ISO Guide 73, 3.6.1.3), or a combination of these.
• Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood (ISO Guide 73, 3.6.1.1) of occurrence.
Key (new) Definitions
• 3.11• documented information• information required to be controlled and maintained by an organization (3.01) and
the medium on which it is contained• Note 1 to entry: Documented information can be in any format and media and from
any source.• Note 2 to entry: Documented information can refer to• – the management system (3.04), including related processes (3.12);• – information created in order for the organization to operate (documentation);• – evidence of results achieved (records).• • 3.14• outsource (verb)• make an arrangement where an external organization (3.01) performs part of an
organization’s function or process (3.12)• Note 1 to entry: An external organization is outside the scope of the management
system (3.04), although the outsourced function or process is within the scope.
DIS 9001:2015 Titles
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization• 4.1 Understanding the organization and its context• 4.2 Understanding the needs and expectations of
interested parties• 4.3 Determining the scope of the quality
management system• 4.4 Quality management system and its processes
5. Leadership• 5.1 Leadership and commitment• 5.2 Quality policy• 5.3 Organizational roles, responsibilities and
authorities
6. Planning for quality management systems• 6.1 Actions to address risks and opportunities• 6.2 Quality objectives and planning to achieve them• 6.3 Planning of changes
7. Support• 7.1 Resources *• 7.2 Competence• 7.3 Awareness
• 7.4 Communication• 7.5 Documented information
8. Operation• 8.1 Operational planning and control• 8.2 Determination of requirements for products and
services• 8.3 Design and Development of products and
services• 8.4 Control of externally provided products and
services• 8.5 Production and service provision• 8.6 Release of goods and services• 8.8 Control of nonconforming process outputs,
products and services
9. Performance evaluation• 9.1 Monitoring, measurement, analysis and
evaluation• 9.2 Internal audit• 9.3 Management review
10. Improvement • 10.1 General• 10.2 Nonconformity and corrective action• 10.2 Continual improvement
Annex A Quality management principles (Informative)
Bibliography
“Interesting” Clauses
• “Accountable”• Change management?• Documented Information !#*%$!!• Risk!• Control of External Processes (purchasing, outsourced
processes)
Accountable
• 5.1.1 Leadership and commitment for the quality management system
• Top management shall demonstrate leadership and commitment with respect to the quality management system by:
• a) taking accountability of the effectiveness of the quality management system;
• Of vs for
Change Management DIS
• 6.3 Planning of changes• Where the organization determines the need for change to the quality management
system (see 4.4) • the change shall be carried out in a planned and systematic manner. • The organization shall consider: • a) the purpose of the change and any of its potential consequences; • b) the integrity of the quality management system; • c) the availability of resources; • d) the allocation or reallocation of responsibilities and authorities.
• ISO 9001:2008 5.4.2 Quality management system planning • Top management shall ensure that:
– the planning of the quality management system is carried out in order to meet the requirements given in 4.1, as well as the quality objectives, and
– the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.
Change Management CD
• 6.3 Planning of changes• The organization shall determine the needs and opportunities for change to maintain
and improve the performance of the quality management system.• The organization shall undertake change in a planned and systematic manner,
identifying risks and opportunities and reviewing the potential consequences of change.
• NOTE Specific requirements on control of changes are included in clause 8.
• 6.3 Planning of changes• Where the organization determines the need for change to the quality management
system (see 4.4) • the change shall be carried out in a planned and systematic manner. • The organization shall consider: • a) the purpose of the change and any of its potential consequences; • b) the integrity of the quality management system; • c) the availability of resources; • d) the allocation or reallocation of responsibilities and authorities.
Change Management DIS
• 7.5.3 Control of documented Information• …the organization shall address the following activities, …• control of changes (e.g. version control)• 8 Operation / 8.1 Operational planning and control• The organization shall plan, implement and control the processes needed to• … The organization shall control planned changes and review the
consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. (SL)
• 8.5.6 Control of changes• The organization shall review and control unplanned changes essential for
production or service provision to the extent necessary to ensure continuing conformity with specified requirements.
• The organization shall retain documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions.
Documented Information (2008)
• 4.2.3 Control of documents• Documents required by the quality management system shall be controlled. Records are a
special type of document and shall be controlled according to the requirements given in 4.2.4.• A documented procedure shall be established to define the controls needed
– A) to approve documents for adequacy prior to issue,– B) to review and update as necessary and re-approve documents,– C) to ensure that changes and the current revision status of documents are identified,– D) to ensure that relevant versions of applicable documents are available at points of use,– E) to ensure that documents remain legible and readily identifiable,– F) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation
of the quality management system are identified and their distribution controlled, and– G) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for
any purpose.
• 4.2.4 Control of records• Records established to provide evidence of conformity to requirements and of the effective
operation of the quality management system shall be controlled.• The organization shall establish a documented procedure to define the controls needed for the
identification, storage, protection, retrieval, retention and disposition of records.• Records shall remain legible, readily identifiable and retrievable.
Documented Information (SL)
7.5 Documented information• 7.5.1 General• The organization’s quality management system shall include • documented information required by this International Standard,• documented information determined by the organization as being necessary for the
effectiveness of the quality management system.• NOTE The extent of documented information for a quality management system can
differ from one organization to another due to– the size of organization and its type of activities, processes, products goods and services, – the complexity of processes and their interactions, and – the competence of persons.
• 7.5.2 Creating and updating• When creating and updating documented information the organization shall ensure
appropriate– identification and description (e.g. a title, date, author, or reference number),– format (e.g. language, software version, graphics) and media (e.g. paper, electronic),– review and approval for suitability and adequacy.
• 7.5.3
Documented Information (SL)
7.5 Documented information7.5.1, 7.5.2
• 7.5.3 Control of documented Information• 7.5.3.1 Documented information required by the quality management system and by
this International Standard shall be controlled to ensure– it is available and suitable for use, where and when it is needed, and– it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
• 7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable
– distribution, access, retrieval and use, – storage and preservation, including preservation of legibility,– control of changes (e.g. version control), and– retention and disposition.
• Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and controlled.
• NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.
Risks (SL)
• 6.Planning, 6.1 Actions to address risks and opportunities• When planning for the quality management system, the organization shall
consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to
– assure the quality management system can achieve its intended outcome(s), – assure that the organization can consistently achieve conformity of goods and services and customer
satisfaction,– prevent, or reduce, undesired effects, and– achieve continual improvement.
• 6.1.2 The organization shall plan:– actions to address these risks and opportunities, and– how to
• integrate and implement the actions into its quality management system processes (see 4.4), and• evaluate the effectiveness of these actions.
• Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.
• NOTE Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
Risks
• 4.4.2 Process approach– Shall determine – d) determine the risks to conformity of goods and services and customer satisfaction
• 5.1.2 Customer Focus– Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring
that– b) the risks and opportunities that can affect conformity of products and services and the ability to enhance
customer satisfaction are determined and addressed;
External/Outsourced Processes
8.4 Control of external provision of goods and services• 8.4.1 General• 8.4.2 Type and extent of control of external provision• 8.4.3 Information for external providers
Other Observations
• No specific requirement for “procedures”
• 4.4 Quality management system and its processes• …The organization shall maintain documented information to the extent
necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.
– - basically requires a procedure for everything?
•
Other Observations
• Context of the organization• Interested Parties• Leadership (accountable)• Planning - Change• Risk (note – no requirement for risk management)• Organizational Knowledge• External processes• Management Rep. Special Processes. Preventive Action - missing. • Structure – Operations-Support
DIS 9001:2015 Titles
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization• 4.1 Understanding the organization and its context• 4.2 Understanding the needs and expectations of
interested parties• 4.3 Determining the scope of the quality
management system• 4.4 Quality management system and its processes
5. Leadership• 5.1 Leadership and commitment• 5.2 Quality policy• 5.3 Organizational roles, responsibilities and
authorities
6. Planning for quality management systems• 6.1 Actions to address risks and opportunities• 6.2 Quality objectives and planning to achieve them• 6.3 Planning of changes
7. Support• 7.1 Resources *• 7.2 Competence• 7.3 Awareness
• 7.4 Communication• 7.5 Documented information
8. Operation• 8.1 Operational planning and control• 8.2 Determination of requirements for products and
services• 8.3 Design and Development of products and
services• 8.4 Control of externally provided products and
services• 8.5 Production and service provision• 8.6 Release of goods and services• 8.8 Control of nonconforming process outputs,
products and services
9. Performance evaluation• 9.1 Monitoring, measurement, analysis and
evaluation• 9.2 Internal audit• 9.3 Management review
10. Improvement • 10.1 General• 10.2 Nonconformity and corrective action• 10.2 Continual improvement
Annex A Quality management principles (Informative)
Bibliography
Auditability
• Standards are ultimately written for assessment (comparison)
• Problems with 2000 version and current misunderstanding of “process”
• Reluctance of auditors, certification bodies and accreditation agencies to “require” process
• Many inadequate applications of the standard• Training and competency of auditors in general
– In particular we some new “softer” requirements – strategy and direction, interested parties (IRCA Annex SL training)
• Stage 1/Document Review
Transition
• 3 years (certification cycle)• Upgrade at surveillance (with extra time)• Upgrade at re-certification (with ½ extra time)• Cut off time for the expiration of 2008 certificates• Early adopters• Stage 1/Document review for transition• Qualification requirements for auditors will be set (by
Auditor organizations) (IRCA 1 day on Annex SL 1 Day on 9001 specifically)
• Accreditation requirement set by accreditation agencies (e.g. ensuring they have implemented competency criteria)
Probable Implementation
• Quality Manual (not a requirement – but a “guide” will be useful/needed by customers) and terminology throughout
• New processes/documents– Context of the Organization– Interested parties– Risks and Opportunities– Objective setting, monitoring and achievement– Change Management– Communication (at least tools)
Probable Implementation
• Process Approach – could mean a complete re-write• Scope, Leadership, Quality Policy and Objectives
– Same – but need strengthening and “right”ing– Processes for monitoring and achieving objectives
• Knowledge (identify/define – does it change)• Change Record control (optional) (document control = documented
information)• Operations should be the same.
– Opportunity to update, “process-ize”, better define.– Change Purchasing (optional)– External providers (of goods and service)
• Change Preventive Action Process (optional)
Probable Implementation
• Book your CB– Date based on transition period, surveillance stage and
surveillance/certificate dates– Leader or laggard
• Book you consultant– This is usually a secondary function for you. This is what we do
every day– This is not a simple transition.– We have already designed solutions to address these
requirements– We can apply them quicker– Change is often easier when driven from outside– Guaranteed! Can you afford to fail – why risk it?
Probable Implementation
• Awareness training/management sessions• Document Review as your control document• Documentation changes• New process design and documentation• Informal auditing• Internal Audit
Cavendish Scott Implementation
• Training Workshops- (DIS forwards)• Standard upgrade packages based on QMS structure (process vs
standard)– Awareness training– Tweaking of existing documents– Generation of new documents (for new processes e.g. risk) – Training
and Support– Thorough cross reference/Document Review of documentation to new
requirements (proof of conformance)– Task list of Activities and actions– Review of evidence created (to early review process functionality)– Internal audit (to test new processes)
• Guaranteed ISO Success
Summary
• Background to the development of the standard– Importance of DIS, FDIS.
• Role of Annex SL– Rumors!!!
• Structure of the Standard• Review of content – probable and possible• Timeline for issue• Implementation
Contact
• Colin Gray• [email protected]