Call Today! (800) 244-5409

News

AS9100D – Risk Management vs Risk-Based Thinking: Just What is the Difference?

AS9100D – Risk Management vs Risk-Based Thinking: Just What is the Difference?

Risk-Based Thinking requires organizations to consider the risks they face during strategic planning, planning for product and service conformity, management review, and when taking corrective action. The idea is that the organization works to identify risks, decides if action is required, and if applicable, takes action. That said, It is important to note that it is not necessary to track the risk as the project progresses to judge the effectiveness of the action, and whether additional action is necessary.

Risk Management, on the other hand, is a process for identifying risks, determining actions to mitigate those risks, tracking those actions, and then re-assessing any remaining risk after actions are deployed. It involves not just thinking about risk at certain stages during the realization of products and services, but also having a process to track these risks until they are addressed, mitigated, or eliminated.

What is required for operational risk management, and what isn’t?

To start with what is not required – there is a note specifying that while clause 6.1 “Actions to address risks and opportunities” addresses the risks and opportunities for the QMS, clause 8.1.1 “Operational Risk Management” is limited to risks that are associated with operational processes needed by the organization to provide its’ products and services. Therefore, while your organization may identify a QMS risk that your organization might soon have a rival company to compete with, this is not a risk that needs to be tracked according to the risk management requirements, as it is not an operational risk.

There are at least five requirements that an organization needs to consider during the planning, implementation, and control of the operational risk management process. They are:

  1. Assign Responsibilities – Who owns the process? Who constitutes the Team? Which departments need to be included? If actions are likely to be assigned to a certain department or function, it is best to have them involved in the whole management process.
  2. Determine Risk Assessment Criteria – What criteria will be used for risk assessment? How will you quantify which risks to accept and what you will mitigate? A note in this clause states that within the aviation, space, and defense industry, risk is generally expressed in terms of the likelihood of the occurrence and the severity of the consequences (a good example of this might be Failure Mode Effects Analysis or FMEA).
  3. Identify, Assess, and Communicate Risks – Any risk of product failure due to must be communicated to those who design and realize the product. Without effective communication, risk identification is ineffective.
  4. Identify, Implement, and Manage Mitigation Actions – There are a multitude of ways to address risk, ranging from risk reduction all the way to complete elimination of the risk – or, in other words, try to prevent the risk from happening. If a risk exceeds your acceptable criteria, take actions to address the risk and track those actions.
  5. Re-evaluate the Risk that remains when mitigation is complete, and continue to work to reduce it – Risk management is an iterative process, where the risk can always be reduced.

Has anything really changed from AS9100 Rev C?

The requirements have remained greatly unchanged since the past revision. Risk management process requirements were already included in AS9100 Rev C as risk management, and the five requirements have remained basically as they were. The real change here is the clarification that these requirements only applied to operational risk, hence the name change in the clause. The other change from Rev C is the addition of the two notes to clarify how these requirements are separate from risk-based thinking and to make it clear that risk in aerospace is a combination of likelihood and severity. For organizations that are already compliant with AS9100 Rev C, the current risk management process should most likely remain unchanged.

ISO 9001:2015 Transitions – Embracing the Challenge and Lessons Learned So Far

Quality Resource Center proudly announces the successful completion of our 100th ISO 9001:2015 project. During that time, we have learned a lot…

It’s estimated that less than 25 percent of the more than one million organizations certified globally have made the transition to ISO 9001:2015 (as of mid-2017). The September 2018 deadline is approaching and your quality management system (QMS) isn’t going to transition itself. But there is so much to consider; Where to begin? How do you start? What happens next? This paper will assist you in answering those questions.

As with any successful project, start by defining your objectives and create a plan to achieve them. The main objective is to identify the additional as well as modified requirements within the standard and then demonstrate compliance to them during your organization’s transition audit.

But how? What does that involve? These steps can be invaluable in your successful transition to ISO 9001:2015.

Step 1: Get 39,000 Foot View

The fact that your Organization is transitioning means you are already working with an accredited Certification Body (CB), or Registrar. It is important to note that they too had to develop a plan, vetted by their accreditation body, to facilitate the transition. In other words, your Registrar will may have their own analysis for the transition. So, talk to your registrar. Better yet, contact Quality Resource Center, the industry’s oldest and most successful ISO 9001 consulting firm, with over 25 years of operation, and let us talk to them.

This type of guidance will give you valuable information on issues and challenges that may affect your organization’s transition:

• Deadlines – No later than Sept. 14, 2018, however it may be earlier based on your CB’s policies.

• Audits – It might be possible to have your transition conducted as part of a regularly scheduled surveillance or recertification. Some CB’s may offer separate standalone transition audits. In either case, determine what this audit will involve and how it will be conducted. Additional time may be added to address the changes, they may require additional preparation, and it will cover specific new elements of the new standard. Having your ISO 9001:2015 Internal Audits and Management Review conducted by Quality Resource Center can provide great value; having the industry’s premiere Audit teams prepare you for your Registrar audits can identify embarrassing and painful findings at the internal level and guard against ugly exposure and the consequences of same at your surveillance or re-certification audits. Studies show that outsourcing these activities to Quality Resource Center can result in as much as 85% reductions in time and cost, and greatly enhance your chances for a trouble free Registration audit process.

• Existing Certifications – You will want to maintain your existing ISO 9001:2008 certification until your organization has successfully completed the transition— but what will that entail? When does your current registration expire? How can you best achieve a seamless transition?

• Get Trained by Professionals – Gain a working knowledge of the standard. Your CB will give you a glimpse of what to expect in the new standard (and what they might expect from you), from the new clause structure to the new requirements. Quality Resource Center offers invaluable expertise in this area. If you plan on doing your own Audits, they will need training and certification. Quality Resource Center offers superior training and certification services.

Once you have an outline of the project and potential impacts, begin to fill in your plan. Target the audit date at which you wish to have your transition, then backfill the dates from there to develop a roadmap. Be sure to communicate with your CB to align expectations and availability for your transition audit, and make sure your target date works within the deadlines, gives you enough time to address any potential non-conformances, doesn’t risk any lapse of coverage, etc.

Finally, work on how you’ll address the new structure; start thinking about some of the major changes such as risk and context. Prioritize, prioritize, and, finally, prioritize. . Communicate the agreed upon schedule and plan to your organization, and ask for feedback.

Best advice is to have Quality Resource Center prepare your plan, and commit it to paper with a professional Gantt chart.

Step 2: Do Your Homework – Study the Standard

Read and comprehend the standard. You cannot address requirements you haven’t even read. It’s not a lengthy;

Get the companion ISO 9000 document, it provides guidance on terms and fundamental concepts used in the new standard.

The standard can also be a bit vague, however; that’s again where you should consult with a Quality Resource Center professional. QRC can provide expert knowledge regarding topics like the context of the organization, leadership, risks and opportunities, organizational knowledge, and other critical areas and changes pertinent for transition, and in many cases offer interpretive guidance on the expected outcomes related to these changes.

GAP analysis can cut through the interpretation of minor wording changes and get to the changes that need to be addressed within your organization’s QMS. Quality Resource offers a very cost effective GAP analysis that can identify all areas of concern.

Once the focal points have been identified, utilize the standard to determine the actual requirement and key deliverables. You may find existing processes that address these elements. Utilize them wherever possible. The key to successful deployment of ISO 9001:2015 is alignment with your actual business activities.

Regarding documentation (or documented information) – It is important to note that while the new standard does not require any specific documented procedures. However, documented information in the form of procedures, forms, records, etc. are beneficial for any new or changed requirements. Having objective evidence to review during a transition audit will avoid unnecessary back and forth.

Step 3: Implement, Operate, and Review

Once the key elements of the new standard are identified and the plan to address them has been developed, the required changes and improvements to your QMS need to be deployed. Take time to communicate the changes to the organization to ensure their understanding. Next, the new and updated QMS needs review and correction, similar to the preparation for your initial registrar audits. Identify and work with the appropriate players, especially process owners, throughout the organization to verify and validate changes, and take the time to review everything again before your transition audit. A month or two prior to your scheduled transition audit, conduct your own internal audit to the new requirements, then follow that up with a management review to go over the results and determine the effectiveness of the updated QMS. Again, a good rule of thumb here would be to give enough time to react to any internal audit findings or management review actions items prior to your transition audit. Quality Resource Center can offer valuable assistance in this endeavor.

Registrars have requirements for internal preparations and reviews such as this, and some may even have tools to use. Consider the checklist transition tools they may have developed for your use; look for any transition checklists, transition audit plans, or transition requirements to leverage in your own internal audits. Quality Resource Center offers a valuable tool set that is extremely cost-effective.

Look for any lessons learned that might help you avoid pitfalls and/or showstoppers.

Here are a few for consideration:

• Have Quality Resource Center convert your existing documentation and upgrade to fit the new standard. Renumbering your documents is not required, but it is a very good idea, especially for your Quality Manual and your QOP’s. Don’t unilaterally eliminate all your documentation, nor your management representative, nor your quality manual! While you have the flexibility to do so (either partly or completely) if it fits the context of your organization, remember that just because the new standard is silent on such things doesn’t prohibit you from keeping such approaches if they work for your organization. It will aid great in your Internal Audits, Management Review, Improvements, and Registrar Audits.

New areas to consider include –

• Context of the Organization (sub-clause 4.1) – This must be addressed within management review as a minimum. Additional consideration may be adding support to this in your quality manual you do retain, or other planning components of your QMS. In short, the context of your organization should drive the approach your QMS (and all applicable processes) takes.

• Leadership (sub-clause 5.1) – Expect auditors to ask for time with top management, see their active involvement in the QMS, and the applicable processes (e.g. objectives, resources, and management reviews).

• Organizational Knowledge (sub-clause 7.1.6) – While this is a new requirement it cannot be overlooked. Auditors will expect to see this addressed in some fashion, and it is an ever-evolving process. Focus on getting it up and running without being overwhelmed by the potential; create a process that can be expanded and improved upon in the future.

• Risks and Opportunities­ (sub-clause 6.1) – This is one of most important areas to consider getting professional training and help with. Risk is an intricate part of the new standard, and there are a variety of tools available. Quality Resource Center can help you identify the tools that will work best for you, and assist you in completing the process.

• And About Those Risks – Risk, specifically risk-based thinking is likely everyone’s No. 1 topic when discussing ISO 9001:2015—it is a given. But how will you demonstrate it? Is it simply by addressing sub-clause 6.1? That is part of it, as would be the inclusion of it in Management Review (sub-clause 9.3.2.e).But it shouldn’t stop there. It is not sufficient to solely consider product-focused risks via Failure Mode and Effects Analysis (FMEA) process. Incorporate risk into the language of any and all processes and departments. View every process in the context of risk, and understand that the actions to address identified risks will yield improvements, which again is synonymous with the overall intent of ISO 9001:2015.

Finally, remember that Quality Resource Center is the recognized industry leader in the upgrade, deployment, and implementation of ISO 9001:2015. We offer a rich skill set that that not only increases your chance for success in your project, it also offers maximum value and cost efficiency.

Experience the Difference that 25 years of Total ISO Solutions offers.

International Standards Upgrades and Direction Forward

2015 and 2016 have seen major revisions of many of the very important and popular international quality management systems standards –

  • ISO 9001:2015 – Released in September, 2015 in conjunction with Annex SL
    – Upgrades no later than 2018
  • ISO 14001:2015 – Released in September, 2015 in conjunction with Annex SL
    – Upgrades no later than 2018
  • AS9100D :2016 – Re-aligned with ISO 9001:2015 and Annex SL – Release by 2016
    – Upgrades no later than 2018
  • ISO 13485:2016 – Released in February 2016
    – Upgrade no later than February 2019
  • ISO/TS 16949:2016 – Re-aligned with ISO 9001:2015 and Annex SL
    – Release by Q4 of 2016; Upgrades no later than 2018

Alignment to Annex SL of these standards (other than ISO 13485:2016) has enabled new and upgraded systems to be easily integrated. This means that adding ISO 14001:2016 to and existing ISO 9001:2015 systems is easily achieved. Similar for upgrading ISO 9001:2016 to include AS9100D or ISO/TS 16949:2016.

It also means that maintaining these systems is more straightforward than ever before. But much depends on the accurate and correct design and deployment of your new or upgraded systems.

Quality Resource Center offers unmatched expertise in these areas.

It also means that you will need additional training, and your auditors will need upgrades to their Auditor Certifications.
Here again, Quality Resource Center is the recognized industry leader.

Take advantage of our complimentary telephone consultation via our toll free line -1 800 244 5409 or simply drop us an email through this we portal.

Quality Resource Center – Experience the Difference.

ISO 9001:2015 Risk Analysis

Key Questions –

  1. Why implement Risk Based Thinking?
  2. What does ISO 9001:2015 require?
  3. What is Risk Based Thinking?
  4. What is Risk?
  5. What is a simple Risk Tool?
  6. How does it integrate into the Process Approach?
  7. How do you make Risk Based Thinking a Continual Process Improvement activity?

ISO 9001:2015 Risk & Opportunities –

“4.4 Quality management system and its processes

The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.

“The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall determine…

f) The risks and opportunities in accordance with the requirements of 6.1, and plan and implement the appropriate actions to address them;”

6 planning for the Quality Management system

6.1 Actions to Address Risks and Opportunities

6.1.1 When Planning for the Quality Management System,

The organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

  1. Give assurance that the quality management system can achieve its intended result(s);
  2. Prevent, or reduce, undesired effects;
  3. Achieve continual improvement.

 

6.1.2 The Organization Shall Plan:

  1. a) Actions to address these risks and opportunities;
  2. b) How to integrate and implement the actions into its quality management system processes (see 4.4) and evaluate the effectiveness of these actions.

 

Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.”

 

The Main Objectives of International Standards are to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services and enhance customer satisfaction

 

The concept of “risk” in the context of the ISO 9001:2015 international standard relates to the uncertainty in achieving these objectives.

 

What is “Risk Based Thinking”?

Risk-based thinking is something we all do automatically and often sub-consciously

 

The concept of risk has always been implicit in ISO 9001, but the ISO 9001:2015 makes it explicit and requires formal inclusion across the entire management system

 

Risk-based thinking is already part of the process approach Risk-based thinking enhances Preventive Action. Risk is often thought of only in the negative sense.

 

Risk-based thinking can also help to identify opportunities. This can be considered to be the positive side of risk

Why Should I adopt “Risk-Based Thinking”?

  1. To improve customer confidence and satisfaction
  2. To assure consistency of quality of goods and services
  3. To establish a proactive culture of prevention and improvement
  4. Successful companies intuitively take a risk- based approach

 

What Should I Do?

Identify what the risks and opportunities are in your organization

  1. Analyze and prioritize risks and opportunities in your organization and quantify them
    1. What is acceptable?
    2. What is unacceptable?
  2. Plan actions to address the risks by prioritizing them based on RPN numbers
    1. How can I avoid or eliminate the risk? Can it be designed out?
    2. How can I mitigate the risk? Increase detection? Reduce Occurrence?
  3. Implement the plan – take action based on priorities
  4. Check the effectiveness of the actions – and re-score your RPN’s.
  5. Learn from experience – continual improvement

Key Points to Remember

 

  1. Risk Based Thinking is Preventative Action
  2. Risk Based Thinking is everyone’s job
  3. Risk Based Thinking is not just the sole responsibility of management
  4. Risk Based Thinking is an integral part of the organizational DNA

 

What is Risk?

Risk is the possibility of events or activities impacting the organization’s strategic and operational objectives.

 

Risk Definitions

Risk can be defined by three (3) parameters

 

  1. Severity – The Seriousness of the harm
  2. Probability (or Occurrence) – The Probability that the harm will occur
  3. Detection – How well can the item be detected

 

Severity x Occurrence x Detection or “SOD” = Risk Priority Number or RPN

 

The Importance of a Risk (or FMEA) Worksheet

 

The risk worksheet, (example – FMEA), is essential, as it records identified risks, their severity, and the actions steps to be taken.

 

It can be a simple document, spreadsheet, or a database system, but the most effective format is a table.

A table presents a great deal of information in just a few pages.

 

There is no standard list of components that should be included in the risk worksheet. Some important ones include –

 

  1. Description of the Risk: A phrase that describes the risk.
  2. Risk Type (business, project, failure, yield, stage, etc.)
  3. Classification of the risk:
    1. Business risks relate to delivery of achieved benefit
    2. Project risks relate to the management of the project such as timeframes and resources
    3. Stage risks are risks associated with a specific stage of the plan.
  4. Likelihood of Occurrence: An assessment on how likely or often the risk will occur. Examples are:
    1. L-Low >30%)
    2. M-Medium (31-70%)
    3. H-High (>70%).
  5. Severity of Effect: Provides an assessment of the impact that the occurrence of this risk would have on the project.
  6. Detection – how well a risk can be detected via countermeasures
  7. Components of a Risk Worksheet (example – FMEA)
  8. Countermeasures: Actions to be taken to prevent, reduce, or transfer the risk. This may include production of contingency plans.
  9. Owner: The individual responsible for ensuring that risks are appropriately engaged with countermeasures undertaken.
  10. Status: Indicates whether this is a current risk or if risk can no longer arise and impact the project.

 

Other columns such as quantitative values can also be added if appropriate.

 

FMEA TEMPLATES ARE IDEAL MODELS FOR RISK ANALYSIS!

 

Integrating Risk Based Thinking with the Process Approach

 

Purpose of the Process  Approach

The purpose of the process approach is to enhance an organization’s effectiveness and efficiency in achieving its defined objectives. This means enhancing customer satisfaction by meeting customer requirements. Effective Risk Management means integrating it into your Process & Interactions Map, and resulting KPI’s.

Integrating Risk Management into Management Review Input

“Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, and effectiveness. The management review shall be planned and carried out taking into consideration – d) The effectiveness of actions taken to address risks and opportunities (see clause 6.1)”

 

If the organization has a formalized Management Review procedure it is very important to update it to include the elements of Risk Management into the procedure.

 

In summary, Risk Management with respect to ISO 9001:2015 compliance is not optional. It is an integral part of the overall QMS.

 

Quality Resource Center offers an array of training and services in this area. Contact QRC today.

ISO 9001:2015 FAQ

Q – ISO 9001:2015 has been published. What now?

A – Obtain a copy of the Standard. They are available at www.ISO.org

Review the standard in detail and also become familiar with Annex SL. Annex SL establishes a consistent structure featuring 10 clauses and common terminology and definitions applicable to all ISO Management System Standards.

Check out the numerous publications, briefs, FAQ’s, and White Papers offered by Quality Resource Center.

Review the manner in which your organization currently manages the new and significantly changed areas of the standard and how this relates to your quality or integrated management system. Consider a full GAP Analysis performed by Quality Resource Center professional.

Start by putting together an outline as well as a Gantt chart, taking into account milestones and timings for when and how you will upgrade your current management system. Make sure to start including Risk Management in every aspect of planning.

Establish a transition team, identify requirements and a plan for necessary training for key team members, managers, and other leadership. It is imperative that executive Management update their knowledge ISO 9001:2015, as their responsibilities have been significantly expanded.

Q – Who needs to be aware of the revisions to ISO 9001:2015?

A – Determine the key stakeholders who need to be aware of and understand the ISO 9001:2015 revisions:

  1. While there is no longer a requirement for a designated management representative, significant responsibilities still remain; they can delegated by Top Management to the System Manager.
  2. Top Management must understand and engage the leadership aspects of the revised standard.
  3. Key Process Owners must understand their obligations in managing their defined processes and associated Key Process Indicators.
  4. Internal Auditors and Audit Program Managers need to understand their specific requirements.

Q – What changes and revisions have been made to ISO 9001:2015?

A – Annex SL, Annex SL, Annex SL! It is the single biggest change to the ISO 9001:2015 document.

Other new areas include:

  1. Organizational context
  2. Control of externally provided products and services
  3. Formal introduction of a risk based approach (several clauses), among others.

Revisions to the standard include:

  1. Increased emphasis on top management engagement with ISO 9001
  2. Managing change
  3. Performance and evaluation
  4. Management review
  5. Risk Management

Q – How do the changes impact integrated management systems?

A – Annex SL has the goal of aligning ISO 9001:2015, ISO 14001:2015, and ISO 45001 (replaces OHSAS 18001). Since each of the standards share the structure and terminology of Annex SL, integration of these three important standards is much straightforward.

Q – Who are the key internal interested parties for large and medium size organizations in relation to the ISO 9001:2015 revision?

A – The most important internal interested party is top management. ISO 9001:2015 requires much greater understanding of the external environment, including addressing risk as well as greater top management ‘quality leadership’, and establishing tighter links between the management system and product/service quality.

There is increased emphasis on their direct involvement or oversight for the design, implementation, structure and performance of the organization’s management system and to ensure the QMS is an integral part of the organization’s business processes.

Q – How are smaller organizations impacted?

A – All the new and changed requirements will likely apply. The approach and degree of formality should be appropriate to the organization’s operating environment. Bear in mind that an organization should not be doing more than it needs to do to meet its customer and product/ service regulatory requirements but should be achieving this through a management systems approach based on ISO 9001:2015.

Q – When does the transition need to be achieved?

The transition guidance from ISO shows that organizations have three years from publication of ISO 9001:2015 to transition to the new standard. The cutoff point is September 2018. While some may choose their next certification cycle, many will want to be among the first to benefit from the increased functionality that ISO 9001:2015.

Q – What is the bottom line?

Focus on the areas of ISO 9001:2015 that are completely new or have been revised. Those are the areas that need to be included in your transition plan. Make sure that quality managers and internal auditors understand the differences that Annex SL (common text and structure) will bring to the design, operation and performance of your QMS.

Engage a professional –

Talk to Quality Resource Center – We not only understand the revisions, but more importantly, we know what the revisions mean to your QMS and wider organization – and how to apply it to best effect.

Engage with QRC to find out how a gap analysis and training on specific areas of ISO 9001:2015 can benefit you personally, as well as your organization.

Quality Resource Center offers a range of services to help you transition to the revised standards. Find out more at www.qrccentral.com

 

ISO 9001 2015 Analysis

I. TIMELINE

  1. ISO 9001 scheduled to be published in September, 2015
  2. All clients need to be transitioned by September, 2018

II. IMPORTANT CHANGES

  1. Published version to very closely mimic the FDIS
  2. Continue to expand language to include and emphasize service organizations
  3. Emphasize Risk Based thinking
  4. Reliance on Annex SL (Part of “ISO / IEC Directives Part 1 – Consolidated ISO Supplement – Procedures Specific to ISO”)

II.KEY CHANGES IN TERMINOLOGY

A. “Procedures”, “Records”, and “Documents” replaced by “Documented Information.”

  1. Allows alternative approaches to these items.
  2. References to “Product” changed to “Products and Services. (Historically Clause 3 of ISO 9001:2008 reads “Wherever the term “Product” appears it can also mean Service).”
  3. Expands the notion of ISO 9001 as applicable to multiple types of businesses, i.e. those with and/or without a tangible or physical product.

B. “Management Responsibility” has become “Leadership”

  1. Advances the concept that Management lead by example and involvement.

C. “Continual Improvement” has morphed into a larger section called “Improvement”

  1. Continual Improvement is no longer the only aspect of improvement; improvement can also be realized through breakthroughs, reactive changes, and reorganizations.)

D. Suppliers, vendors and subcontractors are now defined as “External Providers”

  1. Better accommodates service organizations.
  2. FDIS 9001 Annex A, clause A.8 indicates that “External Providers” includes Outside suppliers, Associate companies, and Outsourcing.

E. Elimination of Required Content

  1. ISO 9001:2015 does not specifically require any of the following:
    a) Quality Manual
    b) Procedures Manual
    c) Work Instructions

Theoretically, an organization can achieve certification without these documents. Auditors will still be required to verify consistency with applicable requirements. Thus, the organization must be prepared to show effectiveness of processes in whatever activity is being reviewed. If this can be demonstrated without a procedure/quality manual, then it is acceptable.

F. Elimination of the Management Representative

  1. “Management Representative” does not appear within the ISO 9001:2015 standard.
  2. The implication is that while this terminology has been eliminated, many of this party’s key functions should now fall to top management itself.
  3. Organizations are encouraged to appoint a “key” person (arrangements for audits, key contact for corrective actions, etc.).

Elimination of Permissible Exclusions

  1. ISO 9001:2015 has removed all verbiage related to “Permissible Exclusions.”
  2. Organizations can now claim any item from ISO 9001:2015 under a “Non-Applicable” designation.
  3. No difference from ISO 9001:2008, other than the scope of what can be claimed for exemption now encompasses the entire standard

Interested Parties

  1. ISO 9001:2015 includes a new term, “Interested Parties”, intended to be applied to all Annex SL based standard.
  2. Definition –
    “Person or organization that can affect, be affect by, or perceive themselves to be affected by a decision or activity.” Examples given include customers, staff, the organization, suppliers, bankers, unions, partners, and even competitors.
  3. Clause 4.2 requires that organization determine who their interested parties are, but emphasizes those “relevant to the quality management system.”

IV. Annex SL

A. Annex SL was first published in 2012, the output of a special committee of the ISO – The Joint Technical Coordination Group (JTCG.)

B. The Annex is a 10 section “blueprint” for authoring all of the ISO family of standards.

C. Annex SL promotes (among other things) utilization of common terms and core definitions.

D. Eventual plan calls for full transition of all ISO standards to Annex SL structure by 2016 or 2017

    Annex SL

    1 Scope

    2 Normative references

    3 Terms and definitions

    4 Context of the organization

    1. understanding the organization and its context
    2. understanding the needs and expectations of interested parties
    3. determining the scope of the quality management system
    4. quality management system and its processes

    5 Leadership and Commitment

    1. general
    2. customer focus
    3. policy
    4. organizational roles, responsibility and authority

    6 Planning

    1. actions to address risks and opportunities
    2. quality objectives and planning to achieve them
    3. planning of changes

    7 Support

    1. resources
    2. competence
    3. awareness
    4. communication
    5. documented information

    8 Operation

    1. operational planning and control
    2. requirements for products and services
    3. design and development of products and services
    4. control of externally provided processes, products, and services
    5. production and service provision
    6. release of products and services
    7. control of nonconforming outputs

    9 Performance evaluation

    1. monitoring, measurement, analysis and evaluation
    2. internal audit
    3. management review

    10 Improvement

    1. general
    2. non-conformity and corrective action
    3. continual improvement

V.RISK

A. The term “risk” is used 16 times in the auditable language of the FDIS 9001;

B. A formal/documented Risk Management Process is NOT specifically required

C. Expands the notion of Risk aversion to one that affects all of the various areas of the Quality Management System.

D. Clause 6.1.1 of the FDIS 9001 standard states:

When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

    a) give assurance that the quality management system can achieve its intended result(s)
    b) enhance desirable effects
    c) prevent, or reduce, undesired effects
    d) achieve improvement

E. Clause 6.1.2 of the FDIS 9001 standard states:

The Organization shall plan:

    a) actions to address these risks and opportunities
    b) how to

      integrate & implement the actions into its quality management system processes (see 4.4)
      evaluate the effectiveness of these actions

Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.

NOTE 1 – Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.

NOTE 2 – Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new clients, building partnerships, using new technology and other desirable and viable possibilities to address the organization’s or its customers’ needs.

F. What ISO 9001:2008 requirements most directly correlate to Risk Management?

There are a number of activities that are required under ISO 9001:2008 standard that will help demonstrate compliance to Risk Management. These include:

  1. 6 Management Review (an assessment of your overall quality system leading to targeted improvement efforts),
  2. 2.2 Training (an assessment of competency needs with steps taken to ensure that personnel are fully qualified and competent.)
  3. 2.2 Review of Requirements related to the Product (an assessment of customer expectations against your current capabilities with steps taken to resolve discrepancies),
  4. 5.3 Preventive Action (an assessment of potential problems with actions taken to avoid those issues in the first place)

SECTION BY SECTION ANALYSIS

INTRODUCTION SECTION

0.1 – General

Provides an overview statement, intentions on whom the standard benefits, introduces the ideas of Risk Based Thinking, PDCA, and explains four key terms (of which three are formally defined for the first time):

    a) Shall – mandatory requirement (numerous instances);
    b) Should – recommendation (no uses within the auditable content);
    c) May – permission (this term appears once in the auditable content); and
    d) Can – possibility or capability – numerous instances.

0.2 – Seven Quality Management Principles – reference to the ISO 9000 standard is given:

    a) Customer Focus;
    b) Leadership;
    c) Engagement of People;
    d) Process Approach;
    e) Improvement;
    f) Evidence-Based Decision Making; and
    g) Relationship Management.

0.3 – Process Approach

    a) Reinforce the process approach an improved graphic therein.
    b) Reinforces of Plan-Do-Check-Act (PDCA)

0.3.3 – Risk Based Thinking – definition and explanation of importance

0.4 – Relationship with other management system standards (ISO 9000 and ISO 9004)

Sections 1-3Not specifically auditable (as before)

Section 4Context of the Organization

Similar to ISO 9001:2008 Clause 4.0 – Quality Management System

Key new questions:

    A. What purpose does the organization serve?
    B. Who does it exist for?
    C. Who are the interested parties?
    D. Does any part(s) of the ISO 9001:2015 standard qualify for a “non-applicable” designation?

Section 5 – Leadership

Key new questions:

    A. Is a Leadership structure evident?
    B. Is Leadership accountable for the effectiveness (or lack thereof) of the QMS?
    C. Has Leadership ensured that the Quality Policy/Objectives are consistent with the strategic direction of the company?
    E.Is the QMS integrated into the business processes?

Section 6 – Planning for the quality management system

Key new questions:

    A. Have all risks (and opportunities) been considered?
    B. Have actions been taken or planned for said risks?
    C. With regards to Quality Objectives –
    D. Who will be responsible?
    E. What is the target date?
    F. What is to be accomplished?

Section 7 – Support

    A.Similar to ISO 9001:2008 Section 6.0 – Resource Management
    B. One very slightly new area of content is provided in clause 7.1.6 that asks the following

key new question:

    a.“Has the organization considered changing needs and trends versus its current competency base and determined what is needed for the future?”

Section 8 – Operation

    A. Very similar to ISO 9001:2008 Section 7.0 – Product Realization, and parts of Section 8.0

Section 9 – Monitoring, Measurement, Analysis, and Evaluation

    A. Similar to ISO 9001:2008 Section 8.0 – Measurement, Analysis, and Improvement, includes content from Section 5.0 – this is now where Management Review (5.6) is found

Section 10 – Improvement

    A. Similar to ISO 9001:2008 Sections 8.5.1-8.5.2– Continual Improvement and Corrective Action.

VII. WHAT ABOUT THE OTHER STANDARDS?

    A. Most of the major sector specific standards, including TS 16949 (automotive), AS9100 (aerospace), and TL9000 (telecommunications) have indicated intentions to transition and continue alignment with ISO 9001. (ISO 14001 will also follow suit, and is being rolled out at the time of this report).
    B. Precise timelines for these other standard updates are to be announced, but a 2016 publication date seems likely for all three.
    C. At present the only major standard not planning to continue alignment to ISO 9001 is ISO 13485 (medical devices,) currently in the midst of its own update with a targeted publication of early 2016

VIII. WHAT SHOULD BE DONE NOW?

    A. Companies at various stages of implementing new quality management systems in accordance with ISO 9001:2008 may question if there is still value in registering to ISO 9001:2008.

    1. Important to note that ISO 9001:2008 still has at least 3 years of usability left in it.
    2. Equally important to note that the very first audits later this year to ISO 9001:2015 may be somewhat challenging for both auditee and auditor.

    B. Companies currently holding ISO 9001:2008 registrations seeking to transition – International Accreditation Forum (IAF) has published an Informative Document (ID 9) which recommends the following steps be taken in a transition to ISO 9001:2015.

    1. Top down Gap Analysis of the ISO 9001:2015 standard to identify the gaps that need to be addressed.
    2. Development of an implementation plan with assigned responsibilities, and milestones.
    3. Review and update of all quality management system documents (including the quality and procedures manual new or revised processes.
    4. Awareness and transition training.
    5. Full system internal audit followed by a Management Review.
    6. Full round of Corrective and Preventive Actions.
    7. Management Review and closure of any open findings should be in process or complete.
    8. Coordination with Registrar for planning transition logistics.

ISO 9001:2015 Transition News

For many industries and organizations around the world, ISO 9001 has evolved to become the foundational quality standard on which their complete quality management system is built.

However, as the integration of technology has changed many aspects of systems and operations in recent years, a degree of inflexibility and rigidness in the current ISO 9001:2008 standard was exposed. This latest revision-due to be published in September, 2015-will allow organizations to be more flexible in how they apply the standards and practices of IS0 9001 in the context of their unique processes, technologies and business needs.

The following questions and answers have been chosen for inclusion in this FAQ and organized by topic to facilitate organizations’ understanding of the changes afoot and how they will impact their business.

 

Where can I learn about the new structure of ISO 9001:2015?

Quality Resource Center has produced an abundance of materials that include overviews and analysis of the new high-level structure of ISO 9001, Annex SL. Quality Resource Center offers a full suite of value added training, including on-site, web based, as well are our state of the art training facility in northern California. The materials are available on the website.

You may also contact Quality Resource Center with any questions at certification through our web portal or by simply calling 1 800 244 5409.

 

When will the final version of ISO 9001:2015 be published, and where can I get a copy?

Timeline for publication and implementation of ISO 9001:2015

  1. July- October 2014: Comments on DIS were submitted
  2. July 2015 Final Draft International Standard FDIS issued
  3. September 2015 (estimate): ISO 9001:2015 issued
  4. September 2015- September 2018: Transition period. All current registrations to ISO 9001:2008 must be transitioned to the 2015 revision by this time, or they will lapse.

 

Will there be an implementation guide published for ISO 9001:2015?

Yes. Quality Resource Center will continue to offer additional important guides and updates. We also provide ISO 9001:2015 consulting, training, and auditing for businesses in need.

 

When should I start transitioning to ISO 9001:2015, and what should I do to prepare?

It would be prudent to begin planning discussions now based on the DIS, but hold off on taking any major action until the standard is published and the transition officially begins in September, 2015. One thing you can do is start taking inventory of your current processes and comparing them to the new high level structure proposed in the Dl S.

 

How much longer will ISO 9001:2008 compliance be recognized?

Conformance to the current standard will be recognized through the end of the three-year transition period, which is due to end September, 2018. Organizations can request to be audited to the FDIS when it is issued. The issuance of certificates is an Assurance Group decision. All organizations must transit ion to the new standard by the end of the transition period.

 

Are Organizations Permitted to Upgrade During Their Scheduled Re-certifications in 2016?

Yes, as long as your systems conform to the standards set forth in ISO 9001:2015.

Our Organization is Currently Implementing or Considering Certification to ISO 9001:2008. What is the Best Course of Action?

Continue as planned; there are three full years to achieve certification to ISO 9001:2015 after its publication in September, 2015. That said, Quality Resource Center can help to familiarize Organizations with the new high-level structure, so systems designed or upgraded with an eye toward the future.

 

Will the Transition Require Additional Resources Either in Budgets or Time?

Quite likely, but it will depend upon the current status of an Organization’s management system. Areas that will be impacted include personnel time developing or modifying current systems and processes to meet the new requirements.

For more information regarding how the ISO 9001:2015 might impact your organization, Quality Resource Center offer detailed ISO 9001:2015 GAP Analysis services that can assist in identifying where the audit against the revised standard will differ from your existing programme.

 

When May I begin transitioning? Do I Need to Wait Until My Surveillance Audit?

The transition process may commence as soon as the official three-year transition begins. While it is permissible to outside of your scheduled surveillance but it is more efficient to do an upgrade audit to ISO 9001:2015 during regularly scheduled surveillance audits.

 

How can Progress Best Be Measured During the Transition Process?

Quality Resource Center works closely with Organizations to develop approaches enable progress to be tracked towards the new standard and ensure proper training, support, and execution every step of the way. If you are implementing the standard for the first time, Quality Resource Center offers full turn-key solutions that offer maximum value with minimum risk.

 

When will auditor training be available for ISO 9001:2015?

Internal auditor training and certification will be available following publication of the FDIS in 2015; the rules and requirements have not yet been finalized. If your organization has a robust Internal Audit process, the auditing techniques should not change. However, the criteria you audit against and the scope of your audits will definitely be affected.

Quality Resource Center will provide customers with additional information as it becomes available. We also have a series of interactive webinars already scheduled, and public training courses on the transition all over North America. We also have a series of interactive webinars already scheduled, and public training courses on the transition a II over North America.

 

ISO 14001 Is Being Revised Along With ISO 9001. Will the Impact Organizations Utilizing Both Standards?

ISO 9001:2015 and ISO 14001:2015 will be more closely aligned than ever, as both standards will utilize the same high-level structure defined in Annex SL. Upwards of 30% of the language in the two management system standards will be identical. ISO 14001:2015 should be issued in September 2015 along with ISO 9001:2015 if everything goes according to plan.

 

What Impact Will the Revisions Have On ISO/TS 16949:2009 Automotive Standard?

The automotive industry is not enamored with the revisions to ISO 9001. Currently they are opting out of participating in the revision process in favor of creating their own standard. While the automotive group could certainly change their position between now and when the standard is finally issued in September 2015, no definitive position has been determined.

 

We Are Certified to AS 9100C. Are there any plans to revise this standard to accommodate new ISO 9001:2015 requirements?

AS 9100 will adopt the requirements of ISO 9001:2015 when the new standard is revised in 2016.

 

Is the ISO 13485 Medical Device Standard Changing As A Result Of The Updates To ISO 9001?

The draft ISO 13485:2015 is based on the clause structure in ISO 9001:2008, not the new requirements and clause structure of ISO 9001:2015 using Annex SL.

Tables correlating ISO 9001 and the previous version of ISO 13485 have been included in the document.

Similar to ISO 9001:2015, there will be a transition period for organizations upgrading from the 2003 revision to the ISO 13485:2015 standard. The date of the ISO 13485 transition has not been announced as yet.

The supplementary Annex Z in support of the European Medical Devices Directives has been included in anticipation of the next revision of ISO 13485 being harmonized under the three Medical Device Directives.

This means ISO 13485 and EN ISO 13485 will be published in a similar timeframe. Organizations can then use the Harmonized Standard with in Europe which provides for the “Presumption of Conformity” under the applicable clauses of the Directives. This revision has also been drafted recognizing that it will have to support the existing European Medical Devices Directives and the proposed European Medical Device Regulations when they are published in the future. Some of the content has therefore been specifically drafted to accommodate this requirement.

 

Where does Plan-Do-Check-Act (PDCA) Fit In With The New Standard?

Of course. The new standard is still built around the PDCA cycle. It’s featured prominently on page 8 of the Draft International Standard.

 

Will FMEA’s and Control Plans be required under ISO 9001:2015?

Although very valuable tools, FMEA’s and Control Plans are not required by ISO 9001:2015. Your organization could apply these tools as their approach to meet the requirements. Properly developed Control Plans would satisfy many of the requirements for section 8. FMEA’s are a useful tool to identify prioritize, and mitigate areas of risk required in section 6.

 

What Is The Practical Impact Of Eliminating The Management Representative?

The management system still needs a champion and a spokesperson, but it does not automatically mean that this is the quality manager-or any one person. Optimally, these duties would be shared by a member(s) of the leadership team. Once the management system has been implemented, this person’s role should transform into being a facilitator of continual improvement.   It should be noted that while the requirement for a designated Management Representative has been removed from the DIS, the responsibilities that were attributed to this position are still retained in the standard.

 

What Suggestions Are There For Organizations Wishing To Begin Preparing For ISO 9001:2015?

  1. Have a GAP Analysis performed and review the results. Identify Actions to fill the GAP’s.
  2. Train managers that will be affected by the proposed changes. Help them gain a comprehensive understanding of the issues at hand and help them begin to strategize an action plan for implementation
  3. If you have certification to more than one standard, look at where management system integration might be possible and beneficial. Make this part of the GAP Analysis.
  4. Talk to one of our representatives and ask how we can support your organization

 

I have an integrated management system based on ISO 14001 and OHSAS 18001-how will the revisions to ISO 9001 and these standards affect me?

The changes make system integration much easier as there will be greater alignment among these standards. But with differing projected publication dates and trans-national, you should plan your transitions carefully to retain certification on each.

It may be beneficial to acquire a copy of PAS 99, It offers valuable guidance on the design and structure of an integrated management system.

 

Is There A Requirement For a Quality Manual in ISO 9001:2015?

ISO 9001:2015 does not require a quality manual. The question each organization should consider is whether or not having one is beneficial to the organization. If it is used as intended in 9001:2008-an introduction to the management system that acts as a guide or roadmap to the overall system-then by all means have one. Quality Resource Center strongly recommends the Organizations maintain a Quality Manual.

 

What Are The Guidelines Like For Internal Audits Under ISO 9001:2015?

Refer to section 9.2.2 Internal Audit –

9.2.2

“The organization shall:

  1. a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration the quality objectives, the importance of the processes concerned, customer feedback, changes impacting on the organization, and the results of previous audits;
  2. b) define the audit criteria and scope for each audit
  3. c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process”

 

These requirements have been clarified from those in 9001:2008. Audits are still required to be conducted at planned (scheduled) intervals. Organizations need to establish goals, priorities, and objectives and align them to drive their decisions with respect to the audit function. Many of factors go into the development of an audit program, risk is being only one of them. Other things to consider: complexity and current state of the process or areas involved, and potential impact on customers and the Organization.

 

What Are The Key to Requirements for Design and Development of Products and Services? Will there be Requirements for Process Design?

Much of what is now required under ISO 9001:2015was implied and would have been considered good practices under ISO 9001:2008. Section 8.3 “Design and Development of Products and Services” enhances the requirements found in section 7.3 of ISO 9001:2008, which dealt with product design.   Some of the requirements have been reorganized (i.e. verification and validation have been consolidated in one section 8.3.4 “Design and Development Controls”). Technically, manufacturing process design is not included. However, a note at the end of section 8.3.1 encourages organizations to apply these same principles to process design and development.

 

Can you summarize the new approach to Preventative Action in ISO 9001:2015?

Organizations must understand their organization’s business context (Clause 4.1) and determine the risks and opportunities that need to be addressed (Clause 6.1). One of the key purposes of a quality management system is to act as a preventive tool. Consequently, the new standard does not have a separate clause or sub-clause titled “Preventive Action.” Instead, the concept of preventive action is expressed through a risk-based approach to formulating quality management system requirements. This resulted in a reduction of prescriptive requirements, which have been replaced by performance-based requirements. Although risks and opportunities have to be determined and addressed, there is no requirement for formal risk management or a documented risk management process. The implication is the entire management system, properly implemented, should function as a preventive tool.

Does Compliance With ISO 31000 Satisfy The Risk Management Requirements in ISO 9001:2015?

Clearly an Organization could apply the requirements of a risk management system as defined in ISO 31000 and more than meet the requirements for risk based thinking in ISO 9001:2015. While the standard does not require a formal risk management approach, organizations must identify and understand their business environment in the broadest of terms and the resulting potential risks they face. Armed with this data the organization can then develop and deploy an effective management system to control, mitigate, and eliminate these risks.

 

Is there a summary of the changes between ISO 9001:2008 and 9001:2015 available?

Yes. Quality Resource Center provides this summary and has made it discuss it at our training courses, both classroom and interactive webinars

 

How can Quality Resource Center provide support through the transition process?

Quality Resource Center will have the latest up-to-date information on the ISO 9001 revision all the way up to the planned publication in September, 2015. Upon publication, we can advise you on what to do to meet the new requirements.

Ultimately, it is up to you to plan and implement the changes, but Quality Resource Center will provide all the support you need to make the best possible decisions.

 

What training will be available?

Yes, we have a series of interactive webinars already scheduled, and public training courses on the transition all over North America.

 

I have questions about my certification I need to answer right now. Who should I call?

Quality Resource Center – 1 (800) 244 5409 or e-mail us at www.QRCCentral.com

Transition to ISO 9001:2015

Quality Professionals know that there has been much discussion over the last two years regarding impending changes in the ISO 9001:2015 standard

Understanding the revised standard’s impact on an organization can be a bit overwhelming.

Quality Resource Center is committed to assisting our clients and potential clients in achieving both compliance and maximum value added in transitioning to this new standard, and thus has drafted this FAQ to address some of the essential questions and issues and present guidance on steps needed to prepare for the coming change.

Additionally, Quality Resource Center has published several articles regarding changes to ISO 9001:2015 that are currently available at www.QRCCentral.com

Quality Resource Center offers a complimentary toll free call regarding ISO 9001:2015 transitioning –

Call today – 1 800 244 5409

A – Why is the ISO 9001 Standard Changing Again?

There are a number of important objectives imbedded with this revision.

There remains an unfortunate and erroneous perception that ISO 9001 is not fully compatible with service organizations. This is key, and there has been a targeted movement to streamline language used in order to improve understanding and promote consistency between accreditation bodies, certification bodies, auditors, and clients.

Simplifying and making the process more efficient for Organizations seeking multiple certifications (such as ISO 9001 and ISO 14001) has been addressed. Many of these Organizations have felt compelled to maintain multiple sets of quality and procedures manuals, SOP’s, Work Instructions, and Forms and Records. The new revision addresses these and other concerns. Quality Resource Center has been a pioneer in the development of Integrated Management Systems, and has developed and deployed more systems of this type than any other firm.

B – Will Other Standards (AS9100, ISO/TS 16949, etc.) Should Be Updated As Well?

The major sector specific standards, including ISO/TS 16949, AS9100, and TL9000 have indicated their intentions to transition and continue their alignment with ISO 9001. Timelines for these other standard updates are not fully known at this time; that said, a 2016 publication date seems likely for all three. At present only ISO 13485 has not announced plans to maintain alignment with ISO 9001, although it is in the midst of its own update with a targeted publication of early 2016. Continued alignment is expected.

C – What Are The Critical Changes?

Quality Resource Center has conducted analysis and prepared several separate reports detailing key changes, but there are two noteworthy elements:

1 ISO 9001:2015 has eliminated the terms “Documents, “Records”, and “Procedures,”. They have been replaced with the expansive terms “Documented Information.” The reasoning here is that it offers opportunities for greater understanding and acceptance of alternative methods of controlling a quality management system. ISO is no longer concerned with a process is controlled or shown to be effective. Thus, these terms have been removed.

2 – There has been a great deal of discussion regarding the introduction of Risk Management. There are already two ISO standards (ISO 14971 and ISO 31000) and numerous other published materials on methods that can be used to design and implement Risk Management. Quality Resource Center’s analysis has concluded that at least two existing processes within ISO 9001:2008 can be applied to an effective Risk Management program. These processes are 7.1 Planning of Product Realization and 8.5.3 Preventive Action.

Formal Risk Management is now required as a system wide element of the quality management system, similar in fashion as was Continual Improvement was when ISO 9001:2000 was published).

D – What is “Annex SL” and How Does It Relate to ISO 9001?

Annex SL is part of the “ISO/IEC Directives Part 1 – Consolidated ISO Supplement – Procedures Specific to ISO” document. This standard regulates and controls the process of developing, updating, and issuing ISO published standard. Annex SL is basically a ten section template to be used for all ISO standards. It establishes common terms and core definitions for much of the language used in the ISO family of standards. The mandatory structure of Annex SL enables organizations to be better positioned to attain multiple certifications such as ISO 9001, ISO 14001, and OHSAS 18001, as each of these standards will now contain the same 10 sections and include the same core terms and definitions.

E – What is the Timeline?

The projected publication dates for the FDIS (Final Draft International Standard) and the actual ISO 9001:2015 document are July 2015 and September 2015, respectively. It is Quality Resource Center’s contention that most organizations should wait until the final approved ISO 9001:2015 standard is published to make a purchase and obtain the Standard. Once the ISO 9001:2015 standard is published, a 36 month transition timeline will begin. Thus, if the ISO 9001:2015 standard is published on September 15, 2015, the ISO 9001:2008 standard will be viable until September 15, 2018.

It is important to note that ALL ISO 9001:2008 certifications issued in late 2015 and beyond will be required to bear an expiration date that matches the cut-off for ISO 9001:2008. Companies may be permitted to transition at their own pace, and certification bodies may establish their own individual cut-off dates for ISO 9001:2008 audits. That said, Quality Resource Center has declared there will be no cut-off in our support for ISO 9001:2008 audits. Quality Resource Center will be there to support our clients as long as that support is needed.

F – Our Organization Has a Re-certification Audit in Early 2016. Should It Conducted in Accordance with ISO 9001:2015?

This is a strategic decision that each Organization must determine, but there are several key points to consider. If the Organization has had a chance to perform an ISO 9001:2015 GAP Analysis, upgrade systems to comply with the revised requirements, and has confidence in the Organization’s ability to succeed, a request that a transition audit to ISO 9001:2015 be performed can be submitted.

Coordinating the timing of the transition to the existing recertification audit is ideal, but isn’t mandatory. An Organization could certainly perform its’ 2016 Re-certification Audit to ISO 9001:2008, and then complete a transition audit to ISO 9001:2015 in 2017.

G – Our organization has been certified for quite some time and our procedures are well implemented;

Will they need to be changed?

Quality Resource Center’s analysis has concluded that for the average ISO 9001:2008 certified company, the impact of the revised standard will be varied but quite manageable. It is important to bear in mind that the ISO is seeking greater inclusion for the ISO 9001 standard. They want to see it continue to grow into new sectors and be even more user friendly than it is now. Requiring a company to aggressively overhaul their current ISO 9001:2008 system is not consistent with this objective.

H – Should Our Staff Complete Transition Training?

It depends on the extent of revisions made to your quality management system, but generally speaking – of course you will be expected to provide some form of transition training to your staff. At a minimum, Quality Resource Center recommends that awareness training of the new standard would be conducted, as well as an assessment of the new standard’s impact on the various processes and personnel. Ideally, an ISO 9001:2015 GAP analysis would be conducted by Quality Resource Center’s certified Auditors. However, it is entirely conceivable that the majority of your staff will feel no effect from your company’s transition to ISO 9001:2015.

I – Where Can Internal Auditors Obtain Complete Transitional Training and Certification?

Internal auditing remains the cornerstone of demonstrating compliance to requirements within a quality management system. Organizations remain responsible for determining what competencies are required for its internal auditors, as well as the methods to be used to achieve those competencies. Simply stated, each organization must decide the extent to which transition training is required. It is conceivable that a seasoned team of internal auditors could conduct an ISO 9001:2015 GAP Analysis and period of self-evaluation to facilitate the successful transition to auditing ISO 9001:2015. The competency of internal auditors is judged by the overall effectiveness of the internal audit process.

Over the last 25 years Quality Resource Center has trained and certified thousands of Internal Auditors.

Contact Quality Resource Center immediately to schedule your training and certification project.

J – What Immediate Steps Can Be Taken?

Preparation must include a comprehensive review of the currently available DIS, or the soon to be available FDIS. Quality Resource Center can and does provide extensive early planning assistance and analysis. Expect to see an official transition guide from the ISO itself, and likely additional written materials from other bodies such as ANAB and RABQSA. The International Accreditation Forum (IAF) has published an Informative Document (ID 9) which recommends the following steps be taken in the transition to ISO 9001:2015. A full review of the ISO 9001:2015 standard should be performed by Top Management to identify the gaps that need to be addressed. A plan of implementation should be developed with assigned responsibilities. All quality management system documents (including the quality and procedures manual (if applicable)) should be updated to reflect any new or revised processes. Necessary awareness and transition training should be completed. A full system Internal Audit followed by a Management Review should be completed. Corrective Actions for all internal audit findings should be completed.

Only Quality Resource Center offers a full suite of transition and training options, including on-site, web based, and our state of the art training center in northern California. Contact Quality Resource Center for all planning of transition arrangements and training.

 

ISO 9001:2015 & ISO 14001:2015 Upgrade and Transition Training

Is your firm currently certified under ISO 9001:2008 and/or ISO 14001:2003?

Are you wondering what will happen with ISO 9001:2015 and ISO 14001:2015?

There are some very significant and important changes heading your way…

 

Since 2012, all ISO management system standards have been in the process of being updated against the new 10-clause High Level Structure (HLS).

 

The ISO 9001 and ISO 14001 standards are undergoing radical transformation, raising questions and concerns over their new structures, revised documentation requirements, and a variety of other changes needed to comply with the new and improved standards.

 

The ISO 9001:2015 Standard will be released in September 2015.

 

ISO 14001:2015 will be released in August 2015.

 

In addition to the new structures, there are other sweeping changes.

 

The new ISO 9001:2015 and ISO 14001:2015 emphasize risk-based thinking beyond that seen in earlier versions.

 

The ISO 9001:2015 Draft International Standard (DIS) was released in May 2014 and the target is now fairly well-defined.

 

Quality Resource Center offers practical, hands-on, 1 and 2 -day courses in developing your strategy for making a seamless transition to the new requirements; Available at our world class training center, on-site at your facility, or via the internet in our popular webinar based system.

 

Pre-Requisite: Participants should be knowledgeable of the ISO 9001:2008 QMS standard.

 

Who Should Attend?

 

Any interested party involved in ISO 9001:2015 or ISO 14001:2015 quality and/or environmental management system implementation or upgrade.

 

Course Description:

 

Attendees to this important course should include, but not be limited, to all personnel within the organization, especially Top Management; such that they may all understand how to successfully implement the upcoming changes in the ISO 9001 and ISO 14001 standards.

 

The new approaches, outlined in the drafts, represent a dramatic turn in direction. There are new demands on management. Risk Analysis now takes center stage and must be considered throughout the organization. Specific documentation is no longer mandatory, but remains conspicuously implied.

 

Quality Resource Center is uniquely positioned to lead you through the twists and turns of these important revisions and the effects they may have on your business. Our seasoned team of experts has experience that dates back to the original 1994 standard, the 2000 revision, and the 2008 revision.

 

Join us as we map out the latest versions of the revisions to ISO 9001 and ISO 14001. Quality Resource Center will provide the tools and techniques to help you understand the spirit and letter of the new revisions. With QRC, you can rise above the confusion and see how to prepare your team for management-led, risk-based thinking that can best position your organization.

 

These workshops will navigate you through the maze of changes and give you the latest information available from the technical committees to help you adopt this new approach.

 

Course Objectives:

 

This workshop will enable participants to:

 

  • Understand, interpret and plan for the changes in ISO 9001:2015
  • Receive up-to-date information on the key changes in both ISO 9001:2015 and ISO 14001:2015
  • Understand the 10 (ten) clauses of the new ISO Management System Annex SL
  • Gain insight into how the revisions provide closer relationship and alignment between ISO 9001, ISO 14001, ISO 13485, R2, AS9100C, OHSAS 18001, and ISO 27001, and ISO 22301
  • Get an overview of how these changes may affect the audit process
  • Learn the best practices that can help facilitate a smooth transition
  • Prepare for the transition plan to ISO 9001:2015 and ISO 14001:2015
  • Develop a strategy for effective implementation of the changes at their organization
  • Prepare for re-certification to ISO 9001:2015 and ISO 14001:2015
  • Understand how the new global push for a risk-based approach to business will affect your organization
  • Incorporate requirements for ISO 9001:2015 and ISO 14001:2015 Internal Audits
  • Train and prepare for ISO 9001:2015 and ISO 14001:2015 Internal Auditor Certification
  • Initiate Risk Analysis techniques and programs

 

BENEFITS:

 

At the conclusion of this course attendees will have been provided with:

 

  • An understanding of the reason for and the steps associated with revisions of the standards
  • An understanding of the philosophy behind, and the project management strategy to design a successful ISO 9001:2015 and/or ISO 14001:2015 implementation process
  • An understanding of the new structure of the ISO 9001:2015 and ISO 14001:2015 standards
  • An appreciation of the impact to organizations implementing the revisions

 

CONTENT:

 

  • ISO 9001:2015 and ISO 14001:2015 – a detailed comparison between the old and new versions of the standards. Highlights of the changes, including a detailed review of the potential impacts, together with discussion of the new focus in certain areas, plus discussion of the plans for adoption by other standards
  • Implications for organizations – Examination of how implementing the revisions will affect organizations in the process of achieving compliance
  • What about Top Management? What are the new requirements for Executives?
  • Selecting a Registrar – how to make the best choice.

 

Quality Resource Center has been providing world class training and certification services in the field of ISO 9001 and ISO 14001 Quality and Environmental Systems since 1994. We can help you navigate what will surely be an uncertain transition period. We invite you visit this website regularly and to contact us today. Classes are forming and we can design a program to meet your organization’s unique requirements. Contact us today.

ISO 9001:2015 & ISO 14001:2015 Update

ISO 9001 and ISO 14001 are under revision with updated versions due by the end of 2015.

FAQ 

  • Why is ISO 9001 being revised?

All ISO standards are reviewed every five years to establish if a revision is required to keep it current and relevant for the marketplace. The future ISO 9001:2015 will respond to the latest trends and be compatible with other management systems such as ISO 14001:2015.

  • Where are we at in the revision process?

ISO 9001 is currently nearing the Final Draft International Stage (FDIS ballot expected by July), the fifth stage of a six stage process, whereby the ISO subcommittee revising the standard will now go through all the comments received during the DIS vote in order to produce a final draft which will then be put forward to all ISO members for voting.

  • What is the next step?

Once all comments have been considered a final draft will be produced and put forward to ISO members for voting.

  • When will the new version be published?

ISO 9001:2015 will be published by the end of 2015.

  • What will be the main changes to the standard?

The new version follows a new, higher level structure designed to make it easier to use in conjunction with other management system standards, with increased importance given to risk.

  • I am certified to ISO 9001:2008. What does this mean for me?

Organizations are granted a three-year transition period after the revision has been published to migrate their quality management system to the new edition of the standard.

  • How do I find out more?

Contact Quality Resource Center as soon as possible for more information on how the FDIS is proceeding.

 

TRANSITION PLANNING GUIDANCE FOR ISO 9001:2015 & ISO 14001:2015

Parties who will benefit from this guidance include but are not limited to –

  1. Organizations using ISO 9001:2008
  2. Accreditation bodies (AB’s)
  3. Certification bodies (CB’s)
  4. Training bodies and consultants

 

Changes

The ISO 9001:2015 revision introduces significant changes and will be published in September 2015. It is is based on Annex SL of the ISO Directives, a high-level structure (HLS) which standardizes sub clause titles, core text, common terms and core definitions to enhance compatibility and alignment with other ISO management system standards. Main changes in the new version of ISO 9001:2015 are:

  1. Adoption of the HLS as set out in Annex SL of ISO Directives Part One
  2. Explicit requirement for risk-based analysis to augment and improve the understanding and application of the process approach
  3. Fewer prescribed requirements
  4. Reduced emphasis on documents
  5. Improved applicability for service based organizations
  6. Requirement to define the boundaries of the QMS
  7. Increased emphasis on organizational context
  8. Enhanced leadership requirements
  9. Greater emphasis on achieving planned outcomes to improve customer satisfaction.

 

Transition

The International Accreditation Forum (IAF), which monitors certifications/accreditations, and the ISO Committee on Conformity Assessment (CASCO) have agreed to a three year transition period from the publication date of ISO 9001:2015. The transition period will begin in September 2015 and end in September 2018.

 

ISO 9001:2008 certifications will not be valid after the end of September 2018. From March 2017 all initial certifications under accreditation shall be to ISO 9001:2015.

 

Guidance for transition

The degree of change necessary for any organization will be dependent upon the maturity and effectiveness of the current management system, its organizational structure and practices. Thus, an impact assessment is strongly recommended in order to identify realistic resource and time implications prior to initiation of any changes.

 

Specific guidance for parties involved in certification and accreditation –

Organizations operating under ISO 9001:2008 are encouraged to take the following actions-

  1. Identify organizational gaps which need to be addressed to meet new requirements
  2. Design and develop an implementation plan
  3. Facilitate training and awareness for all affected parties
  4. Update existing quality management system (QMS) to meet the revised requirements and verify its’ effectiveness,
  5. Where applicable, liaise with your certification body for transition arrangements.

 

Accreditation Bodies (AB’s) are recommended to

  1. Inform CB’s about the transition process using the appropriate guidance and IAF produced documents,
  2. Plan and allocate resources for training and performing assessments to the revised standard,
  3. Verify that criteria used to assess auditor competence are adequate.

 

Certification Bodies (CB’s) are recommended to –

  1. Train and monitor auditors to ensure competence is demonstrated
  2. Interact regularly with national standard bodies
  3. Communicate regularly with AB’s
  4. Communicate with other CB’s to co-ordinate information
  5. Inform existing clients and share guidance on the transition process and arrangements for transition
  6. Plan the timing and scheduling of audit and certification activities for the revised standard
  7. Consider the stated transition period and current certification period
  8. Plan the timing of certification decisions for upgrading certificates
  9. Encourage current users of ISO 9001:2008 to implement ISO 9001:2015 at an early stage, taking account of any changes that may occur during the DIS stage
  10. Encourage new users to implement ISO 9001:2015
  11. Arrange audit schedules for existing client organizations
iso

Keep checking this website for regular updates between now and the standard’s final publication.