ISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change

Similar documents
Why BSI? Our products and services. To find out more visit: bsigroup.com/en-au. Conclusion

ISO Revisions Whitepaper

AS9100 Series Aviation, Space and Defense. Product Guide

Implementing ISO9001:2015

ISO 9001:2015 Expected Changes

ISO Environmental Management PROVE YOUR ENVIRONMENTAL LEADERSHIP PRODUCT GUIDE

ISO 9001:2015 How your ISO 9001 audit will be different. Whitepaper

Risk Based Thinking & QMS Risk Management as per ISO

WHATS NEW IN ISO 9001:2015

ISO Your implementation guide

RISK IN ISO 9001:2015

AS9101 Revision E Understanding the Changes

ISO 14001:2015 Whitepaper

ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns

Integrating ISO 9001:2015 and ISO 14001:2015

ISO 9001:2015 Revision Frequently Asked Questions

ISO 9001:2015 Your implementation guide

ISO 9001:2015 Your implementation guide

Approaching change ISO Revisions Update Seminar

Moving to the AS9100:2016 series. Transition Guide

Moving from ISO/TS 16949:2009 to IATF 16949:2016. Transition Guide

Moving from ISO 9001:2008 to ISO 9001:2015 Transition Guide

April 2017 Latest update. ISO/DIS Understanding the new international standard for occupational health & safety

The Relevance of Risk Based Thinking in ISO 9001:2015 and ISO 14001:2015. March 4, 2016 Our webinar will begin at 1:00 PM

ISO 14001: 2015 Understanding the Revision Approaching Change. Copyright 2013 BSI. All rights reserved.

ISO 9001:2015 Transition Presentation. Presented by Fredric Leung

ISO 9001:2015 Readiness Review

Moving to the AS/EN 9100:2016 series. Transition Guide

How to manage the transition successfully ISO 9001:2015 TOP MANAGEMENT - QUALITY MANAGERS TECHNICAL GUIDE. Move Forward with Confidence

Business Framework Change How You Manage Safety

ISO 9001:2015 Revision overview

ISO 14001:2015 Transition Presentation. Presented by Fredric Leung

ISO 9001:2015 Overview

Moving from ISO 14001:2004 to ISO 14001:2015 Transition Guide

ISO 14001:2015 How your ISO audit will be different. Whitepaper

AS/NZS 4801 and OHSAS Your implementation guide

ISO Collaborative Business Relationship Management Your implementation guide

May 2018 Latest update. ISO/IEC Understanding the requirements of ISO/IEC :2011 and ISO/IEC FDIS

So, How Will You Audit a Risk Assessment in ISO 9001:2015?

May 2018 Latest update. ISO/IEC Understanding the requirements of ISO/IEC :2011 and ISO/IEC FDIS

ISO Business Continuity Management. Your implementation guide

Advantage Audit, Consult & Train (Pty) Ltd

IOSH head of policy and public affairs Richard Jones reviews the development of the universal management systems standard due in October.

ISO 9001:2015 UPGRADE GUIDE. What to expect from the latest version of the Quality Management System Standard.

ISO 9001:2015 and Risk Based Thinking

Clause-byclause. Interpretation. Transitioning to ISO 9001:2015

DMJ Miller & Assoc., Inc. 11/10/2015. Risky Business. Risk Based Thinking A Proactive Approach

Introducing ISO 22301

ISO 9001:2015. October 5 th, Brad Fischer.

A practical guide to ISO 14001:2015

ISO Food Safety Management Systems Your implementation guide

ISO Understanding the new international standard for Occupational Health & Safety

FAQ. Excellence. Assured.

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Guidelines for information security management systems auditing

ISO 14001:2015 Your implementation guide

A Risk Practitioners Guide to ISO 31000: 2018

ISO 9001: 2015 Quality Management System Certification. Awareness Training

ISO 9001:2015 Update. March Presented by Emily Delisle VP of Accreditations

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

ISO/IEC Service Management. Your implementation guide

ISO 45001:2018. ISO 45001:2018 (en) Occupational health and safety management systems Requirements with guidance for use

BSI ISO Revision Seminar Copyright 2014 BSI. All rights reserved.

Sample Corporate Risk Management Policy

ISO 14001:2015 Your implementation guide

Clarifying Risk Based Thinking (RBT) In ISO 9001:2015

SYSTEMKARAN ADVISER & INFORMATION CENTER QUALITY MANAGEMENT SYSTEM ISO9001:

Risk management Principles and guidelines

CUSTOMER RELATIONSHIPS FURTHER EXCELLENCE GENERIC STANDARDS TRAINING SERVICES THE ROUTE TO ISO 9001:2015 AVOIDING THE PITFALLS

ISO 9001:2000 Transition

ISO Overview. Global Partner for a safe world

ISO/DIS 9001: 2014 comparison with ISO 9001:2008. ISO 9001:2015 Updates. (Based on Draft International Standard, DIS) ISO/DIS 9001 ISO 9001:2008

Executive Overview. Transitioning to ISO 9001:2015 Quality Management System. Biafore Associates Inc. Overview Objectives

THE NEW ISO STANDARDS ON MANAGEMENT SYSTEMS & THE EFQM EXCELLENCE MODEL

ISO Revision Launch Event

Quality management systems Requirements

What's New In ISO 9001:2015

Enhanced Risk Management Policy

ISO 9001:2015 QUALITY MANAGEMENT SYSTEM ***** ISO 14001:2015 ENVIRONMENTAL MANAGEMENT SYSTEM

Fraud Risk Management

ISO 14001:2015 Revision Frequently Asked Questions

BSI ISO Revision Seminar Copyright 2014 BSI. All rights reserved.

Continuous Auditing/Monitoring Using Data Analytics Institute Of Internal Auditors/ISACA Conference, 27/28 August 2015 Presented by: Tricha Simon

NOT YOUR FATHER S STANDARD. Wali Alam Quality Institute of America ASQ-Houston Section 1405-May

ISO What to expect from the new standard. Andy Morley IOSH East Midlands Branch 19 th November 2015

ISO Standards in Strengthening Organizational Resilience and Mitigating Risk while Addressing Quality and Sustainability

Latest update March Final Standard. ISO Understanding the new international standard for Occupational Health & Safety.

Draft Sample ISO 9001:2015 Into the Future (KIS) October Annex SL (New ISO format for standards)

Analysis of the Use of Common Terms (JTCG/TF3 N117) in Identical Text (JTCG/TF1/N36) Graham Watson 18/10/2010

Gap Analysis Checklist ISO 14001:2015 Self-assessment

An EMS is a management tool to improve environmental performance by providing a systematic way of managing an organization s environmental affairs.

Changes in ISO 14001:2015, a Registrar's Perspective Session 5, 8:30 10:00 a.m., Thursday 17 September 2015

9 1.0 Step 1 Overview of what should be considered Step 2 ISO 9001:2015 Context of an organisation

ISO 9001:2015 AWARENESS

ISO 22000:2018 Understanding the changes to the food safety management systems standard

Johan G Nel Centre for Environmental Management. North-West University Potchefstroom Campus Private Bag X6001 POTCHEFSTROOM 2520

ISO/PC Occupational health and safety management systems Requirements with guidance for use

ISO 9001:2015 QUALITY MANAGEMENT SYSTEM ***** ISO 14001:2015 ENVIRONMENTAL MANAGEMENT SYSTEM

ISO 9001:2015 The Sticky Clauses

Risk Management and Corporate Governance in Local Government

Quality management systems Requirements

Transcription:

ISO Revisions ISO 9001 Whitepaper The importance of risk in quality management Approaching change

Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject to review on a regular basis. When considering the 2015 revision, the committee responsible decided that change was necessary in order to: Adapt to a changing world Enhance an organization s ability to satisfy its customers management system standards. This is known as Annex SL or the High Level Structure and provides a standardized core text and structure for all ISO management system standards. The structure of Annex SL and therefore all ISO management system standards in the future is: Provide greater focus on the customer Provide a consistent foundation for the future Reflect the increasingly complex environments in which organizations operate Ensure the new standard reflects the needs of all interested parties The research that was carried out as part of the review process recognized that several other important changes were required since the last major change in 2000. These were: Providing a foundation for the integration with other management systems Introducing risk-based thinking, now prevalent in many organizations Clause 1 Clause 2 Clause 3 Clause 4 Clause 5 Clause 6 Clause 7 Clause 8 Clause 9 Clause 10 Scope Normative references Terms and definitions Context of the organization Leadership Planning Support Operation Performance evaluation Improvement Aligning the QMS policy and objectives with the strategy of an organization Providing greater flexibility with documentation To facilitate the integration of management system standards by users, a new common format has been developed by ISO to use in all The fundamental objective of ISO 9001, however, remains the same, which is to provide confidence in the organization s ability to consistently provide customers with conforming goods and services, and to enhance customer satisfaction. Why is managing risk important in a quality management system? Risk-based thinking is something we all do automatically and often subconsciously. The concept of risk has always been implicit in ISO 9001 this revision makes it more explicit and builds it into the whole management system. Risk-based thinking ensures risk is considered from the beginning and throughout the process approach Risk-based thinking makes proactive action part of strategic planning Risk is often thought of only in the negative sense. Risk-based thinking can also help to identify opportunities. One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to risk, rather than treating it as a single component of a quality management system. In previous editions of ISO 9001, a clause on preventive action was separated from the whole. Now risk is considered and included throughout the standard. By taking a risk-based approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement. For all types of organizations, there is a need to understand the risks being taken when seeking to achieve objectives and attain the desired level of reward. Organizations need to understand the overall level of risk embedded within their processes and activities. The concept of risk in the context of ISO 9001 relates to the uncertainty of achieving the objectives of the system, which is to provide products and services that conform to customers requirements. By understanding those risks and exploring ways in which the risks can be mitigated, the organization will also have an opportunity to drive change and improvement. Also remember that as Annex SL is the framework for all ISO management system standards, risk will be a common theme across them all. In this context, it may be worth considering taking an enterprise-wide approach to risk management to assist future integration.

How is risk being incorporated into the new ISO 9001:2015 standard? In the Introduction of the revised standard, the concept of risk-based thinking is explained. Fundamentally, the PDCA (Plan, Do, Check, Act) cycle applies to risk-based thinking. In Clause 4 the organization is required to determine the risks which can affect its ability to meet the system objectives. It recognizes that the consequences of risk are not the same for all organizations. For some, the consequences of delivering a non-conforming product are minor; for others the consequence can be fatal. So risk-based thinking means considering risk quantitatively as well as qualitatively, depending on the business context. In Clause 5 top management is required to demonstrate leadership and commit to ensuring that risks and opportunities that can affect the conformity of a product or service are determined and addressed. In Clause 6 the organization is required to take action to identify risks and opportunities, and plan how to address the identified risks and opportunities. Clause 8 looks at operational planning and control. The organization is required to plan, implement and control its processes to address the actions identified in Clause 6. In Clause 9 the organization is required to monitor, measure, analyze and evaluate the risks and opportunities. In Clause 10 the organization is required to improve by responding to changes in risk. Act Implement changes to your approach and continually review opportunities for improvement Check Monitor your plans through measurents, internal audit and reporting Plan Gain leadership commitment; identify and assess risks; create plan to address risks and opportunities Do Implement your plan to mitigate risks through communication, training and controls What are the benefits? The outputs from successful risk management include compliance, assurance and enhanced decision-making. These outputs will provide benefits by way of improvements in the efficiency of operations, effectiveness of tactics (change projects) and the efficacy of the strategy of the organization. By considering risk throughout the organization, the likelihood of achieving the stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product or service. Risk-based thinking therefore: Establishes a proactive culture of improvement Assures consistency of quality of goods or services Improves customer confidence and satisfaction Builds a strong knowledge base Proactively improves operational efficiency and governance Builds stakeholder confidence in the use of risk techniques Enables organizations to apply management system controls to analyze risk and minimize losses Improves management system performance and resilience Enables organizations to respond to change effectively and protect their business as they grow Allows an organization to make informed decisions

What does this mean for organizations and how can they prepare? For many organizations this will be business as usual. But if it s not, they ll need to start using a risk-driven approach in their organizational processes: Identify the risks and opportunities this will depend on the context of an organization and its appetite for taking risks. Analyze and prioritize risks and opportunities. What is acceptable? What is unacceptable? What advantages or disadvantages are there to one process over another? Plan actions to address the risks. How can risk be avoided or eliminated? How can risks be mitigated? Implement the plan. Take the necessary actions. Check the effectiveness of the actions. Does it work? Audit the approach, learn from experience, continually improve and also continue to consider innovative opportunities. Reasons to consider ISO 31000 ISO 9001:2015 does not require a formal risk assessment or a specific document. The information must be kept and available, and could be electronic, audio, video, written or any other type of media. ISO 31000 (Risk management Principles and guidelines) may be a useful reference for organizations looking for a more formal enterprise-wide risk process, but it s not obligatory. Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty. ISO 31000 provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. ISO 31000 gives a useful list on how to deal with risk: Avoiding risk by deciding not to start or continue with the activity that gives rise to the risk Accepting or increasing the risk in order to pursue an opportunity Removing the risk source Changing the likelihood Changing the consequences Sharing the risk with another party or parties (including contracts and risk financing) Retaining the risk by informed decision Using the right solution to manage risk Companies are constantly looking for solutions that can improve business, enhance their operations, and optimize business performance. In today s market, success hinges on developing competitive advantage and profitability while demonstrating good corporate governance. Carefully calculating risk, going beyond the expected, and creating an environment for innovation are what generate the excellence needed to create that edge. Experience teaches that the more successful businesses embed best practice holistically across the entire organization, not just in one specific area. Instituting an enterprise-wide strategy breaks down longestablished silos separating departments and divisions, and, for many organizations, can represent a significant change in corporate culture. Initiating such culture change can be a challenge. An effective and successful transition requires a bold, well-planned, demonstrable commitment to enhance systems and critical processes that drive long-term sustainable performance and create a gateway to excellence. Organizations must ensure that institutional knowledge is captured, analyzed, managed, and improved upon so that they can be best in class. Businesses need tools that drive continual business improvement, delivering real-time visibility and providing a consistent framework for automation. Purpose-built software provides your risk team with a complete view that is shared among auditors, managers, and executives in real-time so more effective collaboration can occur on issues that pose risk to the business.

Next steps After the formal publication of the standard in 2015 (planned for September), there will be a 3-year transition period for certified organizations. However, early planning is advisable so: Please talk the transition through with your BSI Client Manager at the next visit Obtain a copy of the Draft International Standard ISO DIS 9001:2014 by calling 800 862 4977. Consider purchasing and/or attending one of BSI s ISO 31000 training courses. Review your current approach to risk management and identify the gaps Consider how your risk management team can begin automating at www.bsi-entropy.com Create an implementation plan and monitor progress Continually check BSI s dedicated web pages for the latest news and resources on ISO 9001:2015 Attend BSI s seminars and training courses on the revision Visit our website to find out the latest status www.bsigroup.com/isorevisions-us BSI Group America Inc. 12950 Worldgate Drive, Suite 800 Herndon, VA 20170 USA Tel:1 800 862 4977 Fax: 1 703 437 9001 Email: inquiry.msamericas@bsigroup.com www.bsiamerica.com BSI Group Canada Inc. 6205B Airport Road, Suite 414 Mississauga, Ontario L4V 1E3 Canada Tel: 1 800 862 6752 Fax: 1 416 620 9911 inquiry.canada@bsigroup.com www.bsigroup.ca www.bsigroup.ca/fr BSI Group BSI/USA/410/MS/115/E

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback