“Quality has to be Mohd Nizam Ab caused, not Rahman · 1 “Quality has to be caused, not...
Transcript of “Quality has to be Mohd Nizam Ab caused, not Rahman · 1 “Quality has to be caused, not...
11
“Quality has to be caused, not controlled.”
Philip B. Crosby
Mohd Nizam Ab Rahman
Pusat Jaminan Kualiti
UKM
FOR TRAINING PURPOSE ONLY
2
Introduction to ISO 9001:2015
Risk-Based Quality Management
System: Risk-Based Thinking
Model
33
By the end of this workshop, participants
will be able to:
1. Understand the concepts of changes in ISO
9001:2015 standards
2. Develop Risk-Based Thinking
3. Integrate Risk-Based Thinking with the Process
Approach as required by ISO 9001:2015
4. Understand the audit approach
44
Overview of ISO 9001
Standard
1
55
About ISO
Non-governmental organization (NGO) established in
1947, based in Geneva, Switzerland
Has a membership of 160 national standards institutes
from countries in all regions of the world
66
About ISO
Developed various standards for all dimensions of
sustainable development: economic, environmental and
societal
• Examples :
ISO 9001 – Quality Management Systems (QMS)
ISO 14001 – Environmental Management Systems (EMS)
ISO 27001 – Information Security Management Systems (ISMS)
ISO 31000 – Risk Management (Principles and Guidelines)
SIRIM and STANDARD Malaysia are major
representative to ISO
77
What is ISO 9001?
ISO 9001 is the world’s most popular and most
commonly used standard for Quality Management
Systems (QMS)
International consensus on good management practice
Focuses on meeting customer requirements and other
interested parties
Covers any organization – whatever the size, industry or
culture
88
Advantages of Certification
Compliance with customer requirements
specifying certification
Independent check of conformity
Indicates an effective Quality System
National/International recognition
Provides competitive advantage
Improves company image
99
Why Was ISO 9001 Revised?
Adapt to a changing world
Enhance an organization’s ability to satisfy customers
Maintain relevance, provide integrated approach to
organizational management, and integrate with other
management systems
Reflect needs of all user groups and increasingly
complex operating environments
Set a consistent foundation for the next 10 years
1010
Key Improvements to ISO 9001:2015
Increased emphasis on achieving value for the
organization and its customers
A greater emphasis on leadership and organizational
context
The focus on risk-based thinking
Emphasis on objectives, measurements and change
Stakeholder-focused communication and awareness
Decreased emphasis on documentation
11
ISO 9001 – Key Differences
ISO 9001:2008 ISO 9001:2015
0 Introduction 0 Introduction
1 Scope 1 Scope
2 Normative references 2 Normative references
3 Terms and definitions 3 Terms and definitions
4 Quality management system 4 Context of the organization
5 Management responsibility
5 Leadership
6 Planning
6 Resource management 7 Support
7 Product realization 8 Operation
8 Measurement, analysis and
improvement
9 Performance evaluation
10 Improvement
12
ISO 9001 – Different Terminology
ISO 9001:2008 ISO 9001:2015
Products Products and services
Documentation, quality manual,
documented procedures, records,
instructions
Documented information
Work environment Environment for the operation of processes
Monitoring and measuring equipment Monitoring and measuring resources
Purchased product Externally provided products and services
Supplier External provider
13
Term: “Documented Information”
“Retaining” Doc. Info. = Records “Maintain” Doc. Info. applies to…
Quality Objectives Quality Policy
Fitness for purpose of monitoring and measuring resources Quality Objectives
Evidence of Competence Scope of the QMS
Conformity of Products/Services
Review of Customer Requirements
Design and Development Process
Design and Development Changes
Evaluation/Performance of External Providers
Product/Service ID and Traceability
Pre and Post Delivery Change Authorizations
Conformity with Acceptance Criteria
Authorized Release of Products/Services
Non-conformances and C/A
Internal Audits
Management Reviews
1414
Benefits of the New ISO 9001:2015
Puts greater emphasis on leadership engagement
Helps address organizational risks and opportunities in a
structured manner
Uses simplified language and a common structure and
terms
Addresses supply chain management more effectively
Is more user-friendly for service and knowledge-based
organizations
1515
ISO 9001 and Risk
Structure
2
1616
Emphasis on Process Approach
Understanding and meeting
customer requirements
How do processes value add
Measure process
performance and
effectiveness
Continual improvement of
processes based on
measurement
1717
Risk-based Management
To improve customer
confidence and satisfaction
To assure consistency of
quality of products and
services
To establish a proactive
culture of prevention and
improvement
Successful companies
intuitively take a risk-based
approach
Improve governance
Risks Opportunities
18
ISO 9001 Approach is Based on the
Plan-Do-Check-Act (PDCA) Cycle
Organization and
its context (4)
Customer
Requirements
Customer
Satisfaction
Products
and services
Results of
the QMS
Needs and expectations
of relevant interested
parties (4)
Leadership(5)
Performance evaluation
(9)
Support & Operation
(7,8)
Planning(6)
Improvement(10)
Plan Do
CheckAct
19
PDCA and ISO 9001 Clause Structure
ACT PLAN
DOCHECK
9. Performance
Evaluation
4. Context of the
Organization
5. Leadership
6. Planning
7. Support
8. Operations
10. Improvement
0. Introduction
1. Scope
2. Normative References
3. Terms & Definitions
20
ISO 9001 Clause Structure (4-10)
PLAN DO CHECK ACT
4. Context of the
organization
5. Leadership 6. Planning for
the QMS
7. Support 8. Operation 9. Performance
evaluation
10. Improvement
4.1 Understanding the
organization and its
context
5.1 Leadership and
commitment
6.1 Actions to address
risks and
opportunities
7.1 Resources 8.1 Operational
planning and control
9.1 Monitoring,
measurement,
analysis and
evaluation
10.1 General
4.2 Understanding the
needs and
expectations of
interested parties
5.2 Quality policy 6.2 Quality objectives
and planning to
achieve them
7.2 Competence 8.2 Determination of
requirements for
products and services
9.2 Internal audit 10.2 Nonconformity
and corrective action
4.3 Determining the
scope of the QMS
5.3 Organizational
roles, responsibilities
and authorities
6.3 Planning of
changes
7.3 Awareness 8.3 Design and
development of
products and services
9.3 Management
review
10.3Continual
improvement
4.4 QMS and its
processes
7.4 Communication 8.4 Control of
externally provided
products and services
7.5 Documented
information
8.5 Production and
service provision
8.6 Release of
products and services
8.7 Control of
nonconforming
process outputs,
products and services
2121
Risk-Based Practices
3
2222
KAPAL TITANIC -1912
Why Risk Management is needed?
CHALLENGER DISASTER
2323
Risk Management
I have never known a battle plan to survive after a first contact
with the enemy.
2424
Context of the Organization
25
• Risk Based Thinking
• Is not new
• Make prevention a habit and reduces the probability
of negative results
• No “Preventive Action sub-clause”. PA is expressed
through a Risk-Based Approach to formulating QMS
requirements
• Risk-based approach has facilitated some reduction in
prescriptive requirements and their replacement by
performance-based requirements
• Actions taken to address Risks and Opportunities
shall be proportionate to the potential impact on the
conformity of products and services
2626
Decision making and ISO-9001:2015
The first is a quality principle quoted from ISO 9000:2015, namely “evidence-based decision making.” It is not hard to understand that better decisions are made when they are based on evidence rather than by conjecture.
Clause 4.1, “Addressing external and internal issues (risks and opportunities) associated with its context and objectives.”Addressing risks means proactively managing uncertainties. The simple meaning of “managing uncertainties” is that decisions should be made with consideration of the possible positive and negative consequences that the uncertain future may bring.
Clause 5.1, entitled Leadership and Commitment, there is a requirement for top management: “Ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organization.” Top management’s most basic role is strategic decision-making for the organization.
6.1 When planning for QMS, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed.
2727
What is Risk
The concept of RISK in the context of the
ISO Standard relates to the uncertainty in
achieving objectives
Risk is the possibility of events or activities
impeding the achievement of an
organization’s strategic and operational
objectives
2828
Risk Based Thinking Examples and Ideas
Purchasing
Design and Development
Process
The concept of RISK in the context of the
ISO Standard relates to the uncertainty in
achieving objectives
2929
What should you do?
Identify what the risks and opportunities are in your organization – it depends on context
Analyze and prioritize the risks and opportunities in your organization
• what is acceptable?
• what is unacceptable?
Plan actions to address the risks
• how can I avoid or eliminate the risk?
• how can I mitigate the risk?
Implement the plan – take action
Check the effectiveness of the actions – does it work?
Learn from experience – continual improvement
30
Failure Mode and Effects Analysis (FMEA)
Risk Based Thinking Tool
31
Jay Stahan January 12, 2016
Risk Based Thinking Tool
PROBABILITY
S
E
R
I
O
U
S
N
E
S
S
RISK MATRIX
32
Risk Based Approach Tool
Probability
Severity
Risk Register Ranking Matrix
33
Risk Based Thinking Tool
34
3535
Audit Approach
4
3636
What is a Quality Audit?
Systematic, independent and
documented process for
obtaining audit evidence and
evaluating it objectively to
determine the extent to which
audit criteria are fulfilled
Audit criteria
• Processes or procedures
• Standards
3737
What Are Audits Used For?
Looking at the overall process
Auditing conformity
Auditing effectiveness
Approving external service providers
Assessing for certification
Investigating problems
Way of improving
3838
Types of Quality Audits
First party audit
• Internal audit (by your organization’s Quality department)
Second party audit
• Your customer auditing your organization
Third party audit
• A certification body auditing your organization
3939
Internal Audit
To ensure the whole Quality
System is audited to check:
• The system is being followed
• The system meets ISO 9001
requirements
• The system is effectively
implemented and maintained
4040
Audit Approach
Focuses on employees’ understanding of the
organization’s processes and verifies that these
processes are:
• complied with
• under control
• achieving the desired results
Provide evidence, e.g. records, meeting minutes, reports,
data and emails
41
Audit Findings
Minor Non-conformity
Observation
Major Non-conformity
4242
Audit Findings
A major non-conformity relates to the absence or total
breakdown of a required process or a number of minor
non-conformities listed against similar areas
A major non-conformity at the Registration Audit would
defer recommendation for registration until that major
has been closed
Major Non-conformity
4343
Audit Findings
A minor non-conformity is an observed lapse in your
systems ability to meet the requirements of the standard
or your internal systems, while the overall process
remains intact
Minor Non-conformity
4444
Audit Findings
An observation or opportunity for improvement relates to
a matter about which the Auditor is concerned but which
cannot be clearly stated as a non-conformity
Observations also indicate trends which may result in a
future non-conformity
Observation
4545
Messages to take home…
RBT likely to increase organizational resilience and
success and element in Process Approach
RBT is an input to Management Review
Risk attitudes and cultures influence organizational
behavior
People resources can be trained in methods and tools
RBT is an element in PDCA process and focused on
prevention
Effective leaders listen and learn (PDCA)
We only scratched the surface here….