ISO9001:2015 and ISO14001:2014 Transition Update March 2017

Transcription

1 ISO9001:2015 and ISO14001:2014 Transition Update March 2017 TIMESCALES The ISO 9001:2015 and ISO14001:2015 standards were issued on the 15 th September 2015 and they replace ISO 9001:2008 and ISO14001:2004. For existing certified organisations using the old Standards a three year transition period was set for them to transition to the new Standards. The cut-off date is 14 th September 2018, following which, Certificates to ISO 9001:2008 and ISO14001:2004 will no longer be valid. We are now half way through the transition period. WCS aims to cease undertaking Stage 2 / Re-certification audits to the ISO 9001:2008 standard from the 7 th September Should you have any queries / concerns on upgrading to the new standards, please contact WCS or info@world-cert.co.uk STRUCTURE OF ISO 9001:2015 and ISO14001:2015 Guidance on the structure of the new Standards has already been provided in previous Newsletters/Updates. As a reminder, both Standards are based on the high level structure, Annex SL Framework, which is being applied to all new and revised ISO management system standards. The following notes describe the common structure and some of the main changes : Structure 1. Scope 2. Normative References 3. Terms and Definitions 4. Context of the Organisation 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance Evaluation 10. Improvement KEY CONCEPTS Context of the organisation Context of the organization requires the organization to evaluate itself and its context and identify/define influences that impact on the organization in terms of the company s culture, markets, complexity of products, flow of processes and information, objectives and goals, size of the organization, customers, etc. It is also a means of identifying risks and opportunities related to the organisation s business Many certificated organisations will have a management system manual, marketing material, or web site which contains an overview of the business. This can be reviewed/improved/developed to better demonstrate the organisation s awareness/ability to meet the requirements. It can be updated to describe External factors such as legal, technological, competitive, market, cultural, environmental, location, impact on neighbours, international, national, regional or local, and also Internal factors which can include staff/personnel, infrastructure/facilities/resources, company values, culture, knowledge and performance Understanding the needs and expectations of interested parties : This requires the organization to determine the needs and expectations of interested parties, both internal and external. Interested parties could include Employees, Contractors, Clients/Customers, Suppliers, Regulators, Shareholders/Directors, Neighbours, Non-Governmental Organizations (NGOs), Parent organizations, Landlords etc. There is a need for organizations to think clearly and logically about what can internally and externally affect their business. For ISO14001 systems the identification of aspects and impacts should be undertaken whilst taking a life cycle perspective, i.e. from the acquisition of raw material to end-of-life disposal. A life cycle perspective should also be taken when establishing value chain controls. Leadership There is now more of a requirement for top management to demonstrate their leadership and management relating to the system. Top management will have to be able to demonstrate accountability for the effectiveness of the management system(s) and to provide support/resources as necessary. Applicable legal and regulatory requirements have to be determined, understood and complied with, and the Policy(s) and objectives need to be consistent with the overall business strategy. Policy(s) needs to be communicated to all employees and they

2 need to understand the part they play in ensuring they remain effective. The policy(s) should be documented and available to interested parties. Planning This includes a requirement to address risks and opportunities and to carefully plan changes within the management system. Organisations should be able to demonstrate that they have assessed the risks and opportunities for their business. The topics identified in the Context of the organisation and relevant interested parties will provide suitable inputs for risks and opportunities to be identified and acted on. There is no formal requirement for risk registers to be established but many organisations may choose to produce them to record both risks and opportunities. There are other techniques which can be used, including SWOT analysis. The degree of complexity may depend on the size of the organisation, the complexity of its operations, and other factors such as H&S, legislation/regulation, customer requirements, employee considerations, shareholder interests, range and capability of suppliers etc. Risk registers may include outcomes, risk levels, control measures, residual risks. With regard to Objectives, these should be established at relevant functions, levels and processes. There is a need to consider what will be done, what resources are required, who is responsible, when they are expected to be completed, and how evaluation of the objectives will occur. Support This new term builds upon existing requirements for competence and awareness, and is now extended to include persons under the organisation s control and not just employees. Document control and records is now referred to as Documented Information. There is no longer a requirement for a documented quality manual and procedures, but many organisations may choose to retain their existing systems and review/update them to address the additions resulting from the introduction of the new standards. Employees will need to be aware of the organisations current Quality and/or Environmental Policy, relevant objectives, their own contribution to the effectiveness of the management system, and the implications of not conforming to the requirements. Operation This includes many of the old requirements, and the basic principles of controlling operations have not changed. Control of externally provided processes, products and services now covers much broader ground than the old clause on purchasing. It aims at ensuring that the purchased processes/products/services that are needed are suitable for ensuring that customer requirements can be met. Initial evaluation needs to take account of the impact that purchases can have on the final product/service. The criteria for selection, evaluation and reevaluation of suppliers must be determined and applied, and controls put in place to take account of the results of evaluations and the relative impacts they could have (risk management) must be determined and applied. It is important that all necessary information is provided to the supplier. The purchase requirements should be checked for adequacy before they are communicated to the supplier. The process needs to be verified and there is a need for suppliers to be re- evaluated periodically. Performance Evaluation This has similar themes to the existing standard, but with a new emphasis on evaluation in addition to the current requirement to measure and analyse. The requirement to monitor customer perception still exists. Improvement This section includes non-conformity, corrective action and continual improvement. The requirement for preventive action has been removed and replaced by the risk based thinking described earlier in the standard. PRACTICAL STEPS TO TRANSITION Organisations currently certified to the old Standards should now be planning how they are going to transition to the new standard. A staged approach might include: Buy and read the new Standard(s) Look at the freely available and practical information on the internet to help understand the changes and the impact on your existing management system(s) Highlight the key changes Develop an implementation plan Consider having a gap assessment by WCS Ltd. to confirm the areas already compliant and to highlight gaps in the system Provide appropriate training and awareness to all parties Make changes to your existing documentation to reflect the new structure of the standard

3 Implement the new requirements including leadership, risk and context of your organisation Check the impact and compliance with the new requirements by auditing against the standard(s) Review the impact and need for further changes WCS APPROACH TO TRANSITION WCS is able to undertake a gap analysis if an organisation requests it. The gap analysis is aimed at identifying omissions, misunderstandings, and areas of weakness against the new Standard(s). A gap analysis audit is chargeable at a day rate of 600 plus VAT. A report is provided at the end of the audit highlighting any actions required. If you are interested in this service please info@world-cert.co.uk. If a gap analysis is not required, WCS encourages organisations to request that they be audited to the new Standard at one of their scheduled surveillance or recertification visits. To comply with accreditation requirements some additional time has to be allocated to such audits. * Please Note: Auditors will not be able to undertake an audit to the new Standard(s) at a normal surveillance audit/re-certification audit without WCS HQ being advised in advance. This is necessary so that a transition review can be undertaken to establish the additional time to be allocated. If non-conformances are raised against the requirements in the new standards this will not impact on existing certification. However, the nonconformances will have to be satisfactorily addressed before certification to the new Standard(s) can be progressed. Once organisations have satisfactorily demonstrated conformance to the new Standard, the old certificate(s) will be withdrawn and new certificates issued. Please Advise World Certification Services when you wish your organisation to be audited to the new standards WCS Support Transition training Transition training can be provided by WCS if required at a cost of The training is aimed at supplementing existing basic knowledge of management systems, and providing an understanding of the new requirements. At the end of the course Delegates will: Understand the purpose of the management system and management systems standard Understand the structure of the new standard Understand the specific requirements the new standard Understand and be able to apply a risk-based thinking approach Be aware of how their existing system can be modified to meet the new requirements Certificates of attendance will be provided following the training course. An optional technical questionnaire will be provided following the course to test attendee understanding of the new standard. Should you wish to attend a training course please complete the Booking Form which is available on our website and return to training@world-cert.co.uk If you have any queries, please do not hesitate to contact WCS on or info@world-cert.co.uk ISO 9001:2015 Foundation Training Foundation training can be provided by WCS at a cost of 399 for a one day training event At the end of the course Delegates will be able to: Understand the purpose of a quality management system, of quality management systems standards, and the business benefits of improved performance of the quality management system Understand the structure and content of ISO 9001 and its relationship with ISO 9000 Understand the specific quality management requirements of ISO 9001:2015 Understand how quality systems can be documented and structured to meet the requirements

4 Booking arrangement can be found at ISO 9001:2015 Internal Auditor Training Day Training event At the end of the course Delegates will: With reference to the PDCA cycle, be able to explain the process-based quality management system model for ISO 9001 and the role of an internal audit in the maintenance and improvement of quality management systems (see 3.1). Explain the role/responsibilities of an auditor to plan, conduct, report and follow-up an internal quality management system audit in accordance with ISO Plan, conduct, report and follow-up an internal audit of part of a quality management system based on ISO 9001, and in accordance with ISO Booking arrangement can be found at ISO 14001:2015 Foundation Training Foundation training can be provided by WCS at a cost of 399 for a one day training event At the end of the course Delegates will be able to: Explain the purpose of an Environmental Management System, of environmental management systems standards, and the business and societal benefits of improved environmental performance Outline the structure and content of ISO Explain the specific environmental management related requirements of ISO Booking arrangement can be found at ISO 14001:2015 Internal Auditor Training Day Training event At the end of the course Delegates will be able to : With reference to the PDCA cycle, be able to explain the process-based environmental management system model for ISO and the role of an internal audit in the maintenance and improvement of environmental management systems Explain the role and responsibilities of an auditor to plan, conduct, report and follow-up an internal environmental management system audit in accordance with ISO Plan, conduct, report and follow-up an internal audit of part of an environmental management system based on ISO 14001, and in accordance with ISO Booking arrangements can be found at : ISO 9001:2008 to ISO 9001:2015 Correlation Matrix follows and ISO 14001:2004 to ISO 14001: Correlation Matrix follows

5 ISO 9001:2008 to ISO 9001: Correlation Matrix ISO 9001:2008 ISO 9001:2015 Clause title Clause Clause Clause title Quality Management Systems general requirements Quality Management Systems and its processes Documentation requirements Documented information Management Responsibility Leadership and commitment Customer Focus Customer Focus Quality Policy Quality Policy Planning Planning for the Quality Management System Quality Objectives Quality Objectives and planning to achieve them Quality Management System Planning Planning for the Quality Management System Responsibility and authority Organisational roles, responsibilities and authorities Management Representative Organisational roles, responsibilities and authorities Internal Communication Communication Management Review Management Review Resource Management Resources Human Resources Competence Infrastructure Infrastructure Work Environment Environment for the operation of processes Product Realisation 7 8 Operation Planning of product realisation Operational planning and control Customer related processes Determination of requirements for products and services Design and development Design and development of products and services Purchasing Control of externally provided products and services Verification of purchased product Release of products and services Control of production and service provision Control of production and service provision Post-Delivery activities Validation of processes for production and service provision Control of production and service provision Identification and traceability Identification and traceability Customer Property Property belonging to customers or external providers Preservation of product Preservation Control of monitoring and measuring equipment Monitoring and measuring resource Measurement, analysis and improvement Monitoring, measurement, analysis and evaluation Customer Satisfaction Customer Satisfaction Internal Audits Internal Audits Monitoring and measurement of processes General Monitoring and measurement of product Release of products and services Control of nonconforming product Control of nonconforming process outputs Analysis of data Analysis and evaluation Continual Improvement Continual Improvement Corrective Action Nonconformity and corrective action Preventative Action Actions to address risks and opportunities

6 ISO 14001:2004 to ISO 14001: Correlation Matrix ISO 14001:2004 ISO 14001:2015 Clause title Clause Clause Clause title Introduction 0 0 Introduction Scope 1 1 Scope Normative references 2 2 Normative references Terms and definitions 3 3 Terms and definitions 4 Context of the organization (title only) 4.1 Understanding the organisation and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the environmental management system General requirements Environmental Management System 5 Leadership (title only) 5.1 Leadership and commitment Environmental policy Environmental policy Planning (title only) Planning (title only) 6.1 Actions to address risks and opportunities (title only) General Environmental aspects Environmental aspects Legal and other requirements Compliance obligations Planning action 6.2 Environmental objectives and planning to achieve them (title only) Environmental objectives Objectives, targets and programme(s) Planning actions to achieve environmental objectives Implementation and operation (title only) Support (title only) Resources, roles, responsibility and 7.1 Resources authority 5.3 Organizational roles, responsibilities and authorities Competence, Awareness, Training Competence 7.3 Awareness 7.4 Communication (title only) General Communication Internal communication External communication Documentation Documented information (title only) General Control of documents Creating and updating Control of records Control of documented information Implementation and operation (title only) Operation (title only) Operational control Operational planning and control Emergency preparedness and response Emergency preparedness and response Checking (title only) Performance evaluation (title only) 9.1 Monitoring, measurement, analysis and evaluation (title only) Monitoring and measurement General Evaluation of Compliance Evaluation of compliance Nonconformity, corrective action and preventive action Nonconformity and corrective action Creating and Updating Control of records Control of documented information 9.2 Internal Audit General Internal Audit Internal audit programme Management Review Management Review 10 Improvement (title only) 10.1 General 10.3 Continual Improvement Annex Annex Guidance on the use of this International Standard Guidance on the use of this International Standard A A Annex Correspondence between ISO 14001:2015 and ISO 14001:2004 B