Guidebook QUALITY BPA. All-in-one. Management Solution. Compliant with ISO 9001:2015. Page 1 / 29

Size: px

Start display at page:

Download "Guidebook QUALITY BPA. All-in-one. Management Solution. Compliant with ISO 9001:2015. Page 1 / 29"

Ambrose Wells
5 years ago
Views:

1 Guidebook All-in-one Quality/Risk Management Solution Compliant with ISO 9001:2015 BPA QUALITY Page 1 / 29

Synesis International is a Systems Integrations firm based in South Carolina and we are proud to introduce you to BPA's latest launched Quality Management System (QMS) for Microsoft SharePoint.

2 Synesis International is a Systems Integrations firm based in South Carolina and we are proud to introduce you to BPA's latest launched Quality Management System (QMS) for Microsoft SharePoint. As a BPA Partner, we implement customized solutions to help businesses meet and exceed Quality & Risk Management System requirements. Yours Sincerely, Ricardo Studart, President Synesis International, Inc. G U I D E B O O K The need to comply with customer demands and other regulations by enterprises is challenging for managers all over the world and in all industries and public sectors. It afflicts the entire enterprise chain and managers have to ensure that compliance can be achieved within the entire corporate structure, including all affiliates. Complex risk and quality management obligations must be observed on a daily basis and down to the affiliate level or sensitive setbacks or fines caused by noncompliance can hurt the bottom line and damage corporate market positions. With the following guidebook edition, we at BPA Solutions aim to help you with the implementation of your Quality & Risk Management System into your organization to become compliant with the international recognized ISO Standard ISO 9001:2015 and to successfully tackle all compliance challenges by using our BPA Quality & Risk software solution as a centralized and coherent Risk, Quality & Compliance Management System, your valuable partner solution on your continuous journey to Quality excellence. Yours Sincerely, Dr. Boris Lutz, CEO BPA Solutions Page 2 / 29

3 Contents Introduction...5 BPA Quality & Your Organization...6 The Context of ISO 9001:2015 Quality Management Systems...7 Determining your Strategic Quality Direction...8 Scope of Your QMS...9 Your Quality Policy...9 Management System Structure & Controls Process Approach Process Identification Process Controls & Objectives Outsourced Processes Compliance Documents & Records General Control of Documents Control of Records Change Management Risks and Opportunities Management & Leadership Management Leadership and Commitment Customer Focus Quality Policy Organizational Roles Responsibilities & Authorities Internal Communication Management Review Resources Provision of Resources Competency & Training Resources Infrastructure Work Environment Organizational Knowledge Operations Operational Planning and Control Customer-Related Activities Capture of Customer Requirements Review of Customer Requirements Customer Communication Custom Product Design Purchasing Provision of Products and Services Control of Provision of Products or Services Identification and Traceability Property Belonging to Third Parties Preservation of Materials Post-Delivery Activities Process Change Control Measurement and Release of Materials Control of Nonconforming Outputs Performance Evaluation & Improvement General Customer Satisfaction Internal Audit Corrective and Risk/Preventive Action BPA Contact Information Page 3 / 29

4 Explanation of symbols How BPA meets ISO 9001:2015 Requirements ISO 9001:2015 Requirements BPA Tips Page 4 / 29

1. Introduction Management of compliance scope, objectives and responsibilities within an enterprise wide Compliance & Quality Management System can be a challenging task, if not conducted in

5 1. Introduction Management of compliance scope, objectives and responsibilities within an enterprise wide Compliance & Quality Management System can be a challenging task, if not conducted in centralized compliance management system. This guidebook will help you understand how BPA Quality will help you describe, monitor and improve all quality processes in compliance with the ISO 9001:2015 Standard. The latest edition of the ISO 9001 standard, ISO's flagship quality management systems standard, has just been published in September Three years of revision work by experts from nearly 95 participating and observing countries have aligned the Standard with modern needs. Over 1 million certificates worldwide demonstrate to customers that these certified organizations can offer products and services of consistent good quality and acts as a tool to streamline processes and make them more effective. BPA has incorporated proactive and reactive tools to identify, evaluate, treat and monitor quality processes and risks. BPA is an innovative quality relationship management system where stakeholders are at the center. Daily stakeholder interactions and satisfaction will be tracked in the system. BPA s main focus is to drive continuous improvement for each process (Plan-Do-Check and Act). Achieve Excellence with BPA Quality BPA is the location to manage compliance documents with respect to any quality standard. The integrated risk management module ensures compliance with the ISO 9001:2015 revision. Key features of BPA Quality at a glance: Risks Audits Knowledge Stakeholders Objectives/KPIs Corrective actions Employee training Non-conformances Page 5 / 29

Compliance documents Competitive intelligence Prebuilt workflows (CAPA, compliance document approval) BPA Quality is adapted for single organizations and group of companies in any industry sector.

6 Compliance documents Competitive intelligence Prebuilt workflows (CAPA, compliance document approval) BPA Quality is adapted for single organizations and group of companies in any industry sector. BPA is a multi-entity software that will drive compliance for each affiliate or subsidiary. BPA is adapted to consulting companies to monitor compliance of their clients. 2. BPA Quality & Your Organization End-user experience is our main focus at BPA. Using the system is straightforward with the navigation bar. Along the navigation links you will be able to prepare, implement and monitor all related ISO clause based requirements of ISO 9001:2015. Manage relations with stakeholders (customers, suppliers, etc.), measure customer satisfaction and supplier evaluation, manage all activities (tasks, s, meetings, events) with stakeholders. Access key manager responsibilities from the organization chart. Access your core process map and all quality processes (50+ described processes), describe stakeholders needs and expectations, analyze competition, make a SWOT analysis and track business opportunities. List statutory requirements and regulations. Define your quality policy, objectives and KPIs. Track all improvement processes to Plan-Do-Check-Act, like improvement objectives, non-conformances, CAPA actions, management reviews, audits, training and knowledge. The audit question library contains 100+ questions to match ISO 9001:2015 clauses and supplier evaluation. Prebuilt workflows (8D/CAPA, document approval) will drastically shorten any process lifecycle. The embedded risk management module is transverse to all quality processes. Assess considered risks periodically using our scorecard component. Manage mitigation strategies, actions and controls. The system includes 60+ identified high level risks. Manage compliance documents with their approval process. The user-friendly navigation groups all important topics to meet ISO 9001:2015 requirements. Page 6 / 29

7 3. The Context of ISO 9001:2015 Quality Management Systems When planning for your quality management system, your organization has to consider the expectations of relevant interested parties and the external/internal factors that affect the ability to achieve the intended results of your quality management system. These subjects are part of the ISO 9001:2015 clause to understand the organization and its context. Keeping its quality context in view, your organization can determine all risks and opportunities that need to be addressed to: give assurance that the quality management system can achieve its intended results prevent or reduce undesired effects and achieve improvement enhance desirable effects Your organization may already have established its quality objectives at relevant functions, levels and processes needed for the quality management system. These objectives can change over time. Your top management shall ensure that the quality objectives: are consistent with the quality policy are measurable and take into account applicable requirements are relevant to conformity of services and to enhancement of customer satisfaction are monitored and communicated, and are updated as appropriate. Your quality objectives shall be maintained as documented information. When planning how to achieve its quality objectives, the organization determines: what will be done and what resources will be required who will be responsible when it will be completed, and how the results will be evaluated. We at BPA recommend that as best practice, your department supervisors prepare a Quality Objective Realization Plan for their functional area and submits a copy to the Managing Director for approval and monitoring. Manage the scope of your QMS by considering quality processes that are relevant for your organization. 50+ quality processes have been described with their purpose, input/output information, activities, possible indicators and suggested compliance documents to be prepared. The generic core process map is a possible entry door for your QMS. Tools will help you defining the context of your QMS, like competitive intelligence, business opportunities and SWOT analysis. Quality objectives are tracked periodically using our scorecard component. Page 7 / 29

8 3.1 Determining your Strategic Quality Direction According to the ISO 9001:2015 Standard, your organization shall review and analyze key internal considerations and external stakeholders expectations to determine its strategic direction. This involves: Understanding your core products and/or services and scope of the management system Identifying interested parties (stakeholders) who receive your Products and Services, or who may be impacted by them, or those parties who may otherwise have a significant interest in your organization Understanding internal and external challenges that will impact your organization and interested parties; these challenges may be identified through an analysis of risks facing either your organization or the interested parties. These challenges should be monitored and updated as appropriate, and discussed as part of your regular management reviews. The SWOT tool will highlight business opportunities and threats. This information can then be used by your top management to determine your organization s strategic direction. These subjects can be periodically reviewed in your management reviews. Your quality strategies can be described using our prebuilt tools for competitive intelligence and stakeholders expectations. Opportunities for business improvement and potential risks will be tracked in the system. Management reviews will be stored with their relation decisions and actions. Preparation of a strategic plan for the next years, is the best way to comply with these ISO requirements. If you make sure that your strategic planning objectives are well connected and broken down into your Quality Management objectives, you are on your way to an effective QMS, inclusive Third Party Audits. Page 8 / 29

9 3.2 Scope of Your QMS The scope of our quality management system covers all organizational activities of our organization. Based on analysis of the above issues of concern, interests of stakeholders, and in consideration of your organizations products and/or services, your organization should determine the scope of the quality management system, inclusive all relevant planning factors for the next years. See an example for a QMS SCOPE Statement below: Production and sale of.products, accessories and associated services to meet our customer requirements Your quality management system applies to all processes, activities and employees within the organization and should include considerations for any permissible exclusions from the scope. Whether your organization can claim any exclusions from the ISO 9001 standard scope has to be determined very carefully. Third Party Registrars for ISO 9001 look very carefully, whether an organization can justify its exclusions from their QMS. 4. Your Quality Policy In your quality policy statement you outline the quality focus of your organization. See an example of Quality Policy Statement below. You can change the artifacts with your own Quality Policy. Not less than three, but also not too many Quality objectives should be stated in numeric terms. To minimize the document changes later on, you may make department-wise yearly targets. The CEO or Top Manager usually signs the Quality Policy. OUR QUALITY POLICY (example) We strive to achieve total customer satisfaction by virtue of providing quality education through... Delivery of standardized courses using state-of-the-art (Your industry) methodologies Ensuring adequate industrial exposure Compliance with statutory and regulatory requirements Regular review of effectiveness of Quality Management System and Continual improvement of our Quality Management System processes. QUALITY OBJECTIVES (example) To increase sales by % per annum. To review the effectiveness of quality management system at an interval of six months and update the system to suit the company's overall business goals. To measure customer satisfaction and continuously improve the services to improve customer satisfaction by % per annum. Date : 01-Oct-2015 Place: (Managing Director) Page 9 / 29

10 Your quality policy can be added as a compliance document in the system. Quality objectives and KPIs are tracked in the system. Responsible persons for each quality process are named for 50+ identified quality processes. Quantifiable and measurable targets are normally used to achieve quality objectives. The top management normally decides on yearly targets at the beginning of each year, which is communicated to the concerned persons. Achievements are periodically reviewed against the targets. 5. Management System Structure & Controls 5.1 Process Approach ISO 9001:2015 promotes the adoption of a process approach when developing implementing and improving the effectiveness of a quality management system to meet customer requirements and improve customer satisfaction. Understanding and managing interrelated processes as a system contributes to your organization s effectiveness and efficiency in achieving its intended results, all in accordance with your quality policy and strategic direction of your organization Process Identification BPA has adopted the best practice process approach for your quality management system. We have identified and described 50+ top-level processes to facilitate your work. The core process map is the ideal entry door to your QMS. End-users can click a process to view the related quality process and further drill down to view the process summary and related risks and KPIs. We established a generic core process map based on ISO 9001:2015 requirements but you can easily customize it to your needs. Page 10 / 29

The core process map is the ideal entry door in your QMS The core process map and their related quality processes will ensure effective implementation and monitoring of all compliance documents, KPIs

11 The core process map is the ideal entry door in your QMS The core process map and their related quality processes will ensure effective implementation and monitoring of all compliance documents, KPIs and risks related to each process. With BPA you can easily determine and describe all your QMS processes with following details: process owner(s) link between processes applicable inputs and outputs applicable responsibilities and authorities proposed compliance documents and indicators applicable risks and KPIs critical and supporting resources Process Controls & Objectives Make sure that relevant KPIs are measured and gathered on a monthly basis for each quality process. Your Executive Management team should review, analyze and make decisions based on these KPIs during periodical management reviews. Adjustments or new objectives/kpis will be set in order to ensure continuous quality improvement. For each quality process, define at least one measurable key performance indicator (KPI) with a related objective. For each objective you need to define a responsible person and timeframe. KPIs are visible in the process detail page to determine the process ability to meet quality objectives. KPIs are periodically measured using scorecards. When a process does not meet a KPI goal, a corrective action or preventive risk should be implemented to research for root causes and resolve the issue Outsourced Processes Any process performed by a third party is considered an outsourced process and must be controlled, as well. The type and extent of control applied to your outsourced process should take into consideration: Page 11 / 29

12 the potential impact of the outsourced process on our Company s capability to provide product and services, that conforms to our quality requirements, the degree to which the control for our purchasing processes are shared, the capability of achieving the necessary control through the purchasing contract requirements. To tackle your organization s outsourced processes with their related control methods, it makes sense as best practice example to define these processes within a documented procedure for control of externally provided processes, products and/or services, which applies best to your organization. BPA proposes different tools to qualify and evaluate suppliers. Audit questions are proposed to qualify and evaluate suppliers. The supplier evaluation scorecard allows tracking periodical scores for your critical suppliers or subcontractors. In addition, all interactions with stakeholders are tracked in the system, like important calls, s, meetings and documents. The procedure for control of externally provided processes and related instructions will be added in the compliance document library, linked with the related quality process. 5.2 Compliance Documents & Records General ISO 9001:2015 does not make it mandatory anymore to develop a Quality Manual, but requires you to establish and maintain so called documented information. Your quality management system documentation can include both documents and records in hardcopy and electronic format. Documents can be developed based on the following considerations: The size of our Organization/Company Complexity and interaction of our organizational/business processes Competence of your personnel Risks and opportunities With BPA you can mass import existing compliance documents from a file server into our document library. Documents can be categorized in many virtual folders, using metadata. Thanks to the SharePoint technology, we offer the best integration with Microsoft Office. Document versions are automatically tracked and permissions can bet set. A prebuilt document approval workflow makes sure only approved documents will be visible to endusers. The electronic signature module can be added for CFR 21/11 compliance. Obsolete documents will be archived. The system lets you know when a documents needs to be revised. Use metadata to organize your documents, like Quality System Procedures Manual (QSP), Department Procedures (QMS-SOP) and Work Instructions (QMS-WI), Forms (QMS-FM), Quality Specifications and Quality Records (QMS-REC) and relations between them. Page 12 / 29

13 Example of a quality document hierarchy Control of Documents Documented information required for managing your quality management system must be controlled. Therefore it makes sense to write up a Procedure for Management of Documented Information. The purpose of document control should be to ensure that staff has access to the latest, approved Quality information, and to restrict the use of obsolete information. All documents like procedures, policies, etc. should be established, documented, implemented and maintained, either in hardcopy or electronic format and follow the following document management cycle as outlined in the example below: Control of documents Create document Get approval Register document Distribute document Review document Amend document Get reapproval Update register Identify external documents Register external documents Check for updates Update register Dispose obsolete document Stamp obsolete document if retained Example of a document approval process BPA lets you manage both document and form templates. Form templates are mostly used in paper systems. Because BPA is a powerful collaborative solution including a database system, we will rather configure strategic forms in an electronic format. This brings huge benefits, like automating business processes and providing real-time statistics. Page 13 / 29

14 5.2.3 Control of Records The ISO 9001:2015 standard requires your organization to define the controls needed for the identification, storage, retrieval, protection, retention time, and disposition of related QMS Quality records. We recommend preparing a Procedure for Management of Documented Information to define methods for controlling records that are created by and/or retained by suppliers. These controls are also applicable to those records which provide evidence of conformance to requirements; this may be evidence of product or service requirements, contractual requirements, procedural requirements, or statutory/regulatory compliance. In addition, quality records should include any records which provide evidence of the effective operation of your QMS management system. Charts will let you know about real-time statistics for your records. Measured values for any process will periodically be entered as KPIs in our scorecard component. Trends will be automatically calculated and actions/risks can be declared in the system. 5.3 Change Management When your organization or Company determines the need for changes to your quality management system or its processes, these changes should be planned, implemented, and then verified for effectiveness. To be on the safe side for ISO 9001:2015 requirements, plan all QMS changes according to a Procedure for Management of Operational Changes and your Procedure for Management of documented Information. 5.4 Risks and Opportunities To comply with ISO 9001:2015 requirements, your organization must consider risks and opportunities when taking actions within your quality management system, as well as when implementing or improving the quality management system; likewise, these considerations should be considered relative to products and services on a regular or quarterly basis within management reviews. BPA has identified 60+ high level risks ready to be prioritized and periodically assessed using our scorecard component, based on your dedicated impact by probability matrix. Define your own risk acceptance levels and cost impact formulas. Define mitigation strategies and treat risks with corrective actions. Monitor risks with heat maps and set periodical controls. Page 14 / 29

15 60+ risks have been identified ready to be assessed periodically. All operational Risks and opportunities should be managed in accordance with a documented Procedure for Operational Planning and Risk Control based on results from periodical risk assessments within your BPA tool. Your general Risk Management Process Flow should be similar to this one: Repeat Quarterly Identify Risks Analyze Risks Plan Risk Mitigation Monitor & Manage Risks Change Management Process for Risk Management Reviews/Risk Committee meetings Example of a risk treatment process flow 6. Management & Leadership 6.1 Management Leadership and Commitment To comply with ISO 9001:2015 requirements, your organization or Company s Executive Management must provide evidence of its effective leadership and commitment to the development, and implementation of your quality management system and continually improving its effectiveness by: taking accountability of the effectiveness of the QMS; ensuring that the Quality Policy and Quality Objectives are established for the management system and are compatible with the strategic direction and the context of your organization; ensuring that your quality policy is communicated, understood and applied within your organization; Page 15 / 29

16 ensuring the integration of the QMS requirements into your organization s other business processes, as deemed appropriate; promoting awareness of the process approach; ensuring that the resources needed for the QMS are available; communicating the importance of effective quality management and of conforming to the QMS requirements; ensuring that the QMS achieves its intended results; engaging, directing and supporting persons to contribute to the effectiveness of the QMS; promoting continual improvement; supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. Business processes such as e.g. accounting/taxation, employee benefits management and HR legal activities are normally out of scope of the QMS. 6.2 Customer Focus To comply with ISO 9001:2015 requirements, your Executive Management must adopt a customer-first approach to ensure that customer needs and expectations are determined, converted into requirements and are met with the aim of enhancing customer satisfaction. This is normally accomplished by assuring: customer and applicable statutory and regulatory requirements are determined, understood and consistently met; the risks and opportunities that can affect conformity of products and/or services and the ability to enhance customer satisfaction are determined and addressed; the focus on enhancing customer satisfaction is maintained. The BPA tool provides many tools to track customer satisfaction. Each important customer interaction is tracked in the system, like s, calls, requests, meetings. For each interaction you can track customer s satisfaction. Customers audits or surveys can be prepared and executed with BPA. 6.3 Quality Policy To comply with ISO 9001:2015 requirements, your organization represented by your Top Management should develop a Quality Policy, as outlined in section 4 above, that governs day-to-day operations to ensure quality. The Quality Policy should be released as a standalone document, defined in more detail, communicated and implemented throughout the organization. Page 16 / 29

6.4 Organizational Roles Responsibilities & Authorities To comply with ISO 9001:2015 requirements, your Top Management has to assign responsibilities and authorities for all relevant roles in your

17 6.4 Organizational Roles Responsibilities & Authorities To comply with ISO 9001:2015 requirements, your Top Management has to assign responsibilities and authorities for all relevant roles in your organization or Company. These are usually communicated through the combination of the Organization Chart and Job descriptions. Executive Management should accept responsibility and authority for: ensuring that the QMS conforms to applicable standards; ensuring that the processes are delivering their intended outputs; reporting on the performance of the QMS; providing opportunities for improvement for the QMS; ensuring the promotion of customer focus throughout your organization and ensuring that the integrity of the QMS is maintained when changes are planned and implemented. BPA has documented 50+ key quality processes with their related responsible managers. The organizational chart lets you view the related quality processes and needed skills/experience for each manager. BPA Quality will help you managing Job Descriptions and your Job Description Matrix (to be added in the compliance document library). For each collaborator, you can view if additional skills and experience is needed to comply with job descriptions, and you can plan training courses. The organizational chart lets you view key processes and skills needed for each manager. 6.5 Internal Communication Executive Management of your organization has also to ensure that internal communication takes place regarding the effectiveness of our QMS. Page 17 / 29

18 Internal communication methods can include: use of corrective and preventive action processes to report nonconformities or suggestions for improvement meetings (periodic, scheduled and/or unscheduled) to discuss aspects of the QMS use of the internal audit process results regular company meetings with all employees use of the results of data analysis memos to employees internal s Executive Management open door policy which allows any employee access to Executive Management for discussions on improving the quality system BPA and the SharePoint technology provide many tools to improve internal communication, like alert, , task and workflow management. Prebuilt workflows will automatically push the right information to the right people and alert them. BPA is seamlessly interfaced with Microsoft Office and synchronization options are available with Outlook calendar and tasks, which will facilitate meeting and task management. BPA Quality has a powerful ing system included. s are tracked in the system. Reporting tools will give instant information about the effectiveness of each process. Prepare a Procedure for Assigning Responsibilities and Authorities which regulates all details for internal communication policies. This way your organization or Company is on the safe side with all ISO 9001:2015 requirements. 6.6 Management Review According to ISO 9001:2015 requirements, Executive Management must also review the QMS at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. The review should include assessing opportunities for improvement, and the need for changes to the QMS, including the Quality Policy and Quality Objectives. Schedule your QMS Management review frequency, and define regular agenda (inputs), outputs, required members, actions taken and other review requirements within documented Procedure for QMS Planning and Management Review, which regulates all that. Keep regular records from management reviews to have evidence about all QMS review artifacts and action plans decided within the meetings. BPA Quality lets you review all KPIs, objectives, risks and pending CAPA actions during your management reviews. Decisions will be tracked in the system. Page 18 / 29

19 7. Resources 7.1 Provision of Resources To comply with ISO 9001:2015 requirements, your organization must determine and provide the resources needed: to implement and maintain the QMS and continually improve its effectiveness to enhance customer satisfaction by meeting customer requirements Resource allocation should be done with consideration of the capability and constraints on existing internal resources, as well as needs related to any supplier expectations. Resources and resource allocation should be assessed during management reviews. 7.2 Competency & Training Resources To comply with ISO 9001:2015 requirements, your organization, especially Senior Management should ensure to provide sufficient qualified staffing for the effective operation of the QMS and identified processes. Staff members performing work affecting product or service quality must be competent on the basis of appropriate education, training, skills and experience. Any kind of HR procedures which outlines these factors is suitable to use here. BPA Quality lets you manage skills, education, experience and training accomplished for each collaborator. Responsibilities for each manager are described in the system. The system will let you know when staff needs training. Create a documented Procedure for Quality Competence Evaluation and Training which defines these activities in detail. Training and subsequent communication procedures should ensure that staff is aware of: your quality policy; relevant quality objectives; their contribution to the effectiveness of the QMS, including the benefits of improved performance; the implications of not conforming with the management system requirements. Note: the QMS does not include other aspects of Human Resources management, such as payroll, benefits, insurance, labor relations or disciplinary actions. 7.3 Infrastructure To comply with ISO 9001:2015 requirements, your organization must determine, and maintain the infrastructure needed to achieve conformity to material and service quality requirements. Page 19 / 29

20 Infrastructure can include: your buildings, workspace and associated facilities; process equipment, hardware and software; supporting services such as transportation; information and communication technology. Using BPA Quality, power users can rapidly configure a tailored system for equipment maintenance and calibration. No development is needed. Determine and manage validation of all of your physical resources, IT and as well your calibration equipment per a Procedure for Control of Monitoring & Measuring Resources, which covers ALL resources. Where equipment is used for critical operational activities, such as transportation, inspection and testing of materials and service components, make it subject to control and either calibration or verification within this procedure. Note: Calibration and measurement traceability is not employed for all measurement devices. Instead, determine which devices and IT Materials will be subject to calibration based on your processes, products and services, or in order to comply with specifications or requirements. Base these decisions also on the importance of a measurement, and considerations of risk. 7.4 Work Environment Your organization should provide a clean, safe and well maintained working environment. Executive Management normally manages the work environment needed to achieve conformity to product and service quality requirements. Specific safety and environmental requirements for your operations are determined normally during quality planning and are documented in procedures, work instructions, or job documentation. Where special work environments needs to be implemented, these shall also be maintained per Paragraph 7.3 above. Human safety factors should be considered to the extent that they directly impact on the quality of our Products or Services. Note: Social, psychological and safety aspects of the work environment are sometimes managed through activities outside of the scope of a QMS. Only work environment aspects which can directly affect process efficiency or product and service quality should be managed through the QMS management system. 7.5 Organizational Knowledge To comply with ISO 9001:2015 requirements, your organization must determine the knowledge necessary for the operation of its processes and to achieve conformity of products and/or services. This may include knowledge and information obtained from: internal sources, such as lessons learned, feedback from subject matter experts, and/or intellectual property, as well as capturing of knowledge of our experienced senior staff; external sources such as standards, academia, conferences, and/or information gathered from customers or suppliers. Page 20 / 29

21 This knowledge shall be maintained, and made available to the extent necessary. When addressing changing needs and trends, your organization should consider its current knowledge and determine how to retain and develop knowledge in the company. BPA Quality provides a wiki system to be used as a knowledge base. Knowledge articles can be linked to each quality process. Contributors can continuously improve content. Establish an official Procedure for Management of Organizational Knowledge based on the detailed information outlined in the BPA DEMINGS 14 Quality Points descriptions. 8. Operations 8.1 Operational Planning and Control To comply with ISO 9001:2015 requirements, your organization must plan and develop the processes needed for product and/or service realization. Planning of product and/or service realization within the BPA tool must be consistent with the requirements of your other processes of any other used electronic based ERP/MRP management system. Such planning must consider the information related to your Context of the Organization (see section 3 above), current resources and capabilities, as well as all product and service requirements. Changes to operational processes should be planned as described in accordance with your Procedure for Management of Operational Changes. 8.2 Customer-Related Activities Capture of Customer Requirements During the intake of new operations, your organization must capture: requirements specified by your customer, including the requirements for delivery and postdelivery activities; requirements not stated by the customer but necessary for specified or intended use, where known statutory and regulatory requirements related to the product; any additional requirements determined by your organization or Company. These activities are normally defined in greater detail in QMS SOP Procedures for e.g.: Procedure for Marketing/Sales and Order Review Procedure for Customized Product Development Management Procedure for Control of Externally Provided Processes, Products, and Services Procedure for Supplier Management & Purchasing Procedure for Control of Product & Service Provision Page 21 / 29

22 Procedure for Logistics Management, etc Review of Customer Requirements Once requirements are captured, your organization must review the requirements prior to your commitment to supply of your Product and Services. This review should ensure that: your product order requirements are defined, contract or order requirements differing from those previously expressed are resolved, your organization or Company has the ability to meet your defined requirements, and/or warranty terms for anticipated products and/or services you offers, and that risks have been identified and considered. These activities are normally defined in greater detail in QMS SOP - Procedures for Marketing/Sales and Order Review Customer Communication To comply with ISO 9001:2015 requirements, your organization must implement effective communication with customers. Effective customer communication includes: providing information relating to your products and/or services; handling enquiries, contracts or orders, including changes; obtaining customer feedback relating to products and services, including customer complaints; handling or controlling customer property; establishing specific requirements for contingency actions, when relevant. 8.3 Custom Product Design For new design sales orders and for significant design changes, and to comply with ISO 9001:2015 requirements, your organization must ensure the translation of your customer needs and requirements into detailed design outputs. These address performance, reliability, maintainability, testability, and safety issues, as well as regulatory and statutory requirements. Your Design & Development procedures should be structured in the following best way to ensure: Custom design planning is conducted Design inputs (requirements) are captured Design outputs are created under controlled conditions Design reviews, verification and validation are conducted Design changes are made in a controlled manner. Page 22 / 29

23 These activities are usually further defined in documents like a formal Procedure for Customized Product or Service Development Management. Power users can easily configure a simple project management solution to track design projects with their related activities and documents. 8.4 Purchasing To comply with ISO 9001:2015 requirements, your organization must ensure that purchased Product and/or Services conform to your specified purchase requirements. The type and extent of control applied to your supplier and the purchased product is dependent on the effect on subsequent product realization or the final product. Your organization should evaluate and selects suppliers based on their ability to supply product and service in accordance with your requirements. Criteria for selection, evaluation and re-evaluation should be established. Your purchases should be made via the release of formal purchase orders and/or contracts which clearly describe what is being purchased. Received Products and Services are then verified against requirements to ensure satisfaction of requirements. Suppliers who do not provide conforming Products and Services may be requested to conduct formal corrective action (SCAR). BPA Quality has an integrated audit module to qualify and evaluate suppliers. Predefined supplier audit questions are available. Our scorecard component allows periodically evaluate suppliers and analyze trends. These activities are normally further defined in documents like Procedures for Control of Externally Provided Processes, Products, and Services and Procedures for Supplier Management & Purchasing. 8.5 Provision of Products and Services Control of Provision of Products or Services To control your provision of Products and/or Services, your organization must consider the following: the availability of documents or records that define the characteristics of your Products and/or Services, as well as the results to be achieved; the availability and use of suitable monitoring and measuring resources; the implementation of monitoring and measurement activities; the appointment and use of suitable infrastructure and environment and competent persons; the implementation of actions to prevent human error; the implementation of release, delivery and post-delivery activities. Page 23 / 29

24 Make one Top Manager of your organization or Company responsible for operational control of all of your operations within a documented Procedure for Control of Service Provision. This way you will be safe for ISO 9001:2015 requirements Identification and Traceability To comply with ISO 9001:2015 requirements, your organization must identify its incoming Products and Services or other critical process outputs by suitable means. Such identification includes the status of the material delivery with respect to your QMS monitoring and measurement of operations requirements. Unless otherwise indicated as nonconforming, e.g. pending inspection or disposition, or some other similar identifier, all Product or Services shall be considered conforming and suitable for use. If unique traceability is required by your contract, regulatory, or other established requirements you must apply controls and records to identify all materials or services. These control methods should be described in detail within Activity Flow Charts outlined throughout our QMS Quality Procedures Property Belonging to Third Parties To comply with ISO 9001:2015 requirements, your organization must exercise care with customer or supplier property while it is under your organization s control or being used by your organization. Upon receipt, such property must be identified, verified, protected and safeguarded. If any such property is lost, damaged or otherwise found to be unsuitable for use, this is reported to the customer or supplier and records maintained. For customer intellectual property, including customer furnished data used for design, production and/or inspection, this is normally identified by customer and maintained and preserved to prevent accidental loss, damage or inappropriate use. Make these processes and activities visible in greater detail in your documented Procedures for Customized Product Development Management Preservation of Materials To comply with ISO 9001:2015 requirements, your organization must preserve materials and its conformity of product or other process outputs during internal processing and delivery. This preservation include normally identification, handling, loading, storage, and protection. Preservation also applies to the constituent parts of a material product delivery. Page 24 / 29

25 Create a documented Procedure for Operations (Preservation, Storage, Protection, Dispatch and Transportation) which defines these methods for preservation of materials Post-Delivery Activities As applicable, and to comply with ISO 9001:2015 requirements, your organization must conduct the following activities which are considered post-delivery activities compliant with our quality management system. See some examples below Delivery Confirmation Notice Customer follow up on delivery (Phone or electronic ) Customer Complaint & Warranty activities (If needed) Process Change Control To comply with ISO 9001:2015 requirements, your organization must review and control both planned and unplanned changes to processes to the extent necessary to ensure continuing conformity with all requirements. Process change management should be defined in your documented Procedure for Management of Operational Changes Measurement and Release of Materials Acceptance criteria for Products or Services are normally defined in appropriate subordinate documentation. Reviews, inspections and tests are conducted at appropriate stages to verify that your product and service requirements have been met. This is done before Products or Services are released or services are delivered. If your inventory management utilizes different methods for measuring and releasing Products or Services, you should create and define these methods within Inventory Process Definitions Work Instructions (WI) Control of Nonconforming Outputs To comply with ISO 9001:2015 requirements, your organization or Company must ensure that all Products or Services or other process outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery. BPA Quality provides powerful tools to track non-conformances with their relation CAPA actions and risks. The prebuilt workflow lets you push information to responsible persons for each important step, based on the 8D (9D) methodology. Real-time statistics and reports are available in the system. Page 25 / 29

26 Example of a workflow-driven 8D (9D) CAPA report generated with BPA 9. Performance Evaluation & Improvement 9.1 General To comply with ISO 9001:2015 requirements, your organization must use the Quality management system to improve its processes, products and services. Such improvements aim to address the needs and expectations of customers as well as other interested parties, to the extent possible. Improvement shall be driven by data analysis. The results of analysis shall be used to evaluate: conformity of products and services; the degree of customer satisfaction; the performance and effectiveness of the management system; the effectiveness of planning; the effectiveness of actions taken to address risks and opportunities; the performance of external providers; other improvements to the management system. BPA Quality provides many tools to measure the effectiveness of quality processes. Graphical charts will give instant insights about your processes. With scorecards you can track important KPIs or risks periodically and trends will be automatically calculated. Shared reports will tell you about cross-list information. Workflow statistics will let you know about bottlenecks in your processes. In tracking daily relations with stakeholders, you will be able to measure satisfaction rates. Page 26 / 29

27 Start to develop your QMS Performance evaluation based on your quality improvement plan and develop a Procedure for QMS Performance Evaluation which will ensure to follow up on all performance matters within improvement activities for your Company. 9.2 Customer Satisfaction As one of the measurements of the performance of your QMS and to comply with ISO 9001:2015 requirements, your organization must monitor information relating to customer perception as to whether the organization has met your customer requirements. The methods for obtaining and using this information should include: recording customer complaints product rejections or returns (Claims management) repeat orders for product changing volume of orders for product trends in on-time delivery obtain customer scorecards from certain customers submittal of customer satisfaction surveys Your BPA CAPA System has an in-build Corrective and Risk/Preventive Action System which can be used to drive your developed and implemented plans for customer satisfaction improvement that address deficiencies identified by these evaluations, and assess the effectiveness of the results. Develop an official Procedure for Monitoring & Review of Customer and Procedure for Handling of Customer Complaints Management, which apply to this process best. 9.3 Internal Audit To comply with ISO 9001:2015 requirements, your organization must conduct internal audits at planned intervals to determine whether the management system conforms to contractual and regulatory requirements, to the requirements of ISO 9001, and to management system requirements. Your Internal Audits should also seek to ensure that the QMS has been effectively implemented and is maintained. BPA Quality includes 100+ predefined audit questions to check your ISO 9001:2015 compliance. Additional audit questions have been added for supplier audits. A predefined workflow ensures audits are tracked in the system with their related corrective actions until the action plan is effective. Audit campaigns can be planned in the system and assigned to internal/external auditors. Plan these activities within a defined document and call it Procedure for Internal Auditing of our QMS. Page 27 / 29

28 9.4 Corrective and Risk/Preventive Action To comply with ISO 9001:2015 requirements, your organization must take corrective action to eliminate the cause of nonconformity in order to prevent recurrence. Likewise to comply with ISO 9001:2015 requirements, your organization must take preventive risk reducing actions to eliminate the causes of potential nonconformities in order to prevent their occurrence. BPA Quality provides tools to plan corrective actions with their activities and documents. A prebuilt workflow makes sure actions are completed and effective. The preventive risk module allows identifying, prioritizing, assessing, treating and monitoring risks. The heat map diagram will let you know about high risks with their related controls, mitigation strategies and actions. Good luck and all the best with your QMS Implementation! Page 28 / 29

10. Contact Information Contact a Synesis Quality expert and request additional ISO consulting support or implementation services to help you registering or

29 10. Contact Information Contact a Synesis Quality expert and request additional ISO consulting support or implementation services to help you registering or renewing your ISO 9001:2015 certificate and guide your organization to excellence. 30 Creekview Ct., Greenville, SC, win@synesisintl.com Page 29 / 29