Implementing ISO9001:2015 John DiMaria; CSSBB, HISP, MHISP, AMBCI Sr. Product Manager, Systems Certification - Americas
Understanding the New Direction of Standards Navigating the ten clauses Annex SL/Directive 1 Key changes that are expected for ISO 9001 Breakout sessions I Leadership and Planning Breakout sessions II Risk and Planning Discussion and closing
Understanding the New Direction of Standards Navigating the ten clauses Annex SL The New High Level Structure (HLS) 19/10/2015
Reasons For The Changes Easier integration of multiple standards, using a common foundation and common language Increase involvement of Top Management Decrease the emphasis on Documentation Increase the emphasis on Achieving Value for the Organization and its customers Increase emphasis on Risk Management to achieve objectives
Annex SL ISO 14001 Environmental management system ISO 9001 Quality management system Annex SL ISO/IEC 27001 Information security ISO 45001 Health & safety TS 16949 Automotive ISO 22301 Business continuity management
ANNEX SL (HLS) Annex SL high level structure, identical core text, common terms and core definitions. Annex SL High level structure, identical core text, common terms and core definitions ISMS specific requirements EMS specific requirements QMS specific requirements BCMS specific requirements
Ten clauses of the new Annex SL Directive 1 for ISO Management Systems Annex SL describes the framework for a generic management system. However, it requires the addition of discipline-specific requirements to make a fully functional quality, environmental, service management, food safety, business continuity, information security and energy management system standard ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014 High level structure, identical core text, common terms and core definitions 10 Main Clauses 19/10/2015
Directive 1 10 Clauses 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement Implement Once, Comply Many 19/10/2015
High Level Structure 4 Context of organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance and Evaluation 10 Improvement 4.1 Understanding context 5.1 Leadership and commitment (MS) 6.1 Actions to address risk and opportunity 7.1 Resources 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.1 Nonconformity and corrective action 4.2 Interested parties 5.2 Policy 6.2 Objectives and planning 7.2 Competence 9.2 Internal audit 10.2 Continual improvement 4.3 Scope 5.3 Roles, responsibilities and authorities 7.3 Awareness 7.4 Communication 9.3 Management review 4.4 MS 7.5 Documented information
Identical Core Text 5 Leadership 10 Improvement 6 Planning 4 Context of the Organization 9 Performance Evaluation 7 Support 8 Operation
4. Context of the organization 4.1 Understanding the organization and its context Determine relevant external and internal issues that affect the ability to achieve the intended outcome(s)
4.2 Understanding the needs and expectations of interested parties Interested party Customers Owners/shareholders People in the organization Suppliers and partners Society Needs and expectations Quality, price and delivery performance of products Sustained profitability Transparency Good work environment Job security Recognition and reward Mutual benefits and continuity Environmental protection Ethical behavior Compliance with statutory and regulatory requirements Source ISO 9004
4.3 Determining the scope of the management system Source: ISO 9001:2015
4.4 Management system Establish, implement, maintain, and continually improve a management system, including the processes needed and their interactions, in accordance with the requirements of the International Standard A Process can be defined as a set of interrelated or interacting activities, which transforms inputs into outputs Source: ISO/TC 176/SC 2/N 544R3 Interrelated or interacting elements of an organization Policies, Processes and Objectives
5. Leadership 5.1 Leadership and commitment How top management* demonstrates leadership and commitment with respect to the management system Policy and objectives must be established compatible with the strategic direction of the organization How top management integrates the management system requirements into your organization s business processes Do they provide proper resources? Communicating the importance of effective management and of conforming to requirements * person or group of people who directs and controls an organization (3.01) at the highest level
5.1 Leadership and commitment How do they ensure the management system achieves its intended outcome(s) Top management must show how they direct and support persons to contribute to the effectiveness of the management system How do they promote continual improvement and support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility
5.2 Policy Top management must establish a documented policy: Appropriate to the purpose of the organization Set objectives Commitment to satisfy applicable requirements Commitment to continual improvement
5.3 Organizational roles, responsibilities and authorities Top management must show that they ensure that the responsibilities and authorities for relevant roles are assigned and communicated within the organization They must assign responsibility and authority for: Ensuring that the management system conforms to the requirements of the International Standard Reporting on the performance of the management system to top management
6. Planning 6.1 Actions to address risks and opportunities Let s discuss objectives first! 6.2 Objectives and planning to achieve them Establish objectives at relevant functions and levels Consistent with policy Measureable Consider applicable requirements Monitored, communicated, updated Determine resources, responsibilities, targets and how to evaluate results
6.1 Actions to address risks and opportunities Consider the issues referred to in 4.1* and the requirements referred to in 4.2** and determine the risks and opportunities that need to be addressed to: Give assurance that the management system can achieve its intended outcome(s); prevent, or reduce, undesired effects; (mitigate) achieve continual improvement *4.1 Understanding the organization and its context **4.2 Understanding the needs and expectations of interested parties
What is risk-based thinking? Risk-based thinking is something we all do automatically and often subconsciously The concept of risk has always been understood in ISO 9001 and not new to ISO 14001 this revision makes it more explicit and builds it into the whole of the management process Risk-based thinking should already part of the process approach Risk-based thinking makes preventive action routine
6.1 Actions to address risks and opportunities The organization shall plan: actions to address these risks and opportunities How to: integrate and implement the actions into its management system processes evaluate the effectiveness of these actions
7. Support 7.1 Resources Provide proper resources needed 7.2 Competence Competent on the basis of appropriate education, training, or experience, keep records and evaluate effectiveness 7.3 Awareness Policy, contribution and implications of not conforming 7.4 Communication Determine relevant the internal and external communications; what, when, who and how
7.5 Documented information 7.5.1 General Determine required documentation 7.5.2 Creating and updating Identification, format and review 7.5.3 Control of documented information Available and suitable for use, where and when it is needed; Protected, stored, controlled, change control, retention control
7.5 Documented Information The organization s quality management system shall include documented information required by the International Standard and determined by the organization as being necessary for the effectiveness of the quality management system. Documented information: Information required to be controlled and maintained by an organization and the medium on which it is contained. Documented information can be in any format and media and from any source. Source: ISO 9001:2015
8. Operation 8.1 Operational planning and control Plan, implement and control the processes needed to meet requirements, and to implement the actions determined in 6.1* *6.1 Actions to address risks and opportunities
9. Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation What needs to be measured, methods, when (what intervals) and when data should be analyzed and reported 9.2 Internal audit Conducted at planned intervals to ensure compliance with the standard and internal requirements 9.3 Management review Review the organization's management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness
10. Improvement 10.1 Nonconformity and corrective action React to the nonconformity and, as applicable Take action to control it Evaluate the need for action to eliminate the causes in order that it does not recur or occur elsewhere Retain documented evidence 10.2 Continual improvement Continually improve the suitability, adequacy, and effectiveness of the management system.
ISO 9001: 2015 Understanding the Revision 19/10/2015
What is the aim of ISO 9001? Increase customer satisfaction through improved operational consistency and continual improvement.
ISO 9001: Evolution 1979 1987 1994 BS 5750:1979 2000 2008 2015 ISO adopts BS 5750 as the basis for ISO standard ISO 9001:1987 ISO 9001:1994 Minor updates only ISO 9001:2000 Major update to introduce process approach ISO 9001:2008 Minor updates only ISO 9001:2015 Major update 1,138,155 Companies Certified ISO 2014 Survey
So, what s new? Leadership Risk Context of Organization Quality Importance Process Approach Documented Information Greater emphasis for senior managers to be involved in the management system Risk-based thinking incorporated into requirements Relevant needs of interested parties is emphasized Ensure quality management is now integrated and aligned with the strategic direction of the organization Adoption of a process approach More flexible approach Control of changes 19/10/2015 Review and control changes for production or service
Quality Management Principles Was 8: Now 7: Customer focus Customer focus Leadership Leadership Involvement of people Engagement of people Process approach Process approach System approach to management (Included in the process approach) Continual improvement Improvement Factual approach to decision making Evidence based decision making Mutually beneficial supplier relationships Relationship management
Major differences in terminology between ISO 9001:2008 and ISO 9001:2015 ISO 9001:2008 ISO 9001:2015 Products Exclusions Management Representative Documentation, quality manual, documented procedures, records Work environment Monitoring and measuring equipment Purchased product Products and Services Not used (See Clause A.5 for clarification of applicability) Not used Documented Information Environment for the operation of processes Monitoring and measuring resources Externally provided products and services Supplier 19/10/2015 External Provider
Changes from FDIS 5.2.1 Developing the quality policy Change Establishing the Quality Policy replaces Developing the quality Policy 8.2.2 Determination of requirements related to products and services Change Title changed to Determining the requirements for products and services 8.2.3 Review of requirements related to the products and services Change Title changed to Review the requirements for products and services
PLAN DO CHECK ACT
Benefits of Certification Benefits ISO 9001
Leadership and effecting culture change 19/10/2015
Clause 5 Defines Leadership Set policy and objectives and strategic direction Policy is communicated, understood and applied within the organization Integration of the management system s requirements into the organization s business processes and promoting the process approach Provide resources needed for the management system are available Ensure management system achieves its intended results Take accountability of the effectiveness of the management system Communicate the importance of an effective management system and of conforming to the management system requirements Engage, direct and support persons to contribute to the effectiveness of the management system Promote continual improvement Support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. 19/10/2015
Leadership and effecting culture change Leadership, the ability to motivate groups of people towards a common goal, is an important skill in today s business world. Without strong leadership, many otherwise promising businesses fail. 19/10/2015
The Difference Between Leadership and Management Management is mostly about processes. Leadership is mostly about behavior Leadership relies on less tangible and less measurable things like trust, inspiration, attitude, decision-making, and personal character. These are all necessary to motivate an organization to achieve its management systems objectives 19/10/2015
Top Management According to ISO Top management is the person or group of people who directs and controls an organization at the highest level. Top management has the power to delegate authority and provide resources within the organization. If the scope of the management system covers only part of an organization, then top management refers to those who direct and control that part of the organization.
Leadership and Policy Leadership needs to establish, review and maintain a policy, but also needs to ensure that it is applied within the organization.
Roles and Responsibilities Leadership needs to ensure that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.
Organizational Change Leaders need to ensure the integrity of the management system is maintained when changes are planned and implemented. Some of these tasks will be delegated, but it is the management s responsibility to ensure they are planned, implemented and achieved.
Breakout session Leadership and Planning and Risk Based Thinking
Leadership and Planning Implement the new requirements on Leadership and Planning Pick an industry from your team Define organizational objectives and plans to achieve them referencing 6.2 Must be measurable How will they be evaluated Define resources needed 19/10/2015
Clause 5 Defines Leadership Set policy and objectives and strategic direction Policy is communicated, understood and applied within the organization Integration of the management system s requirements into the organization s business processes and promoting the process approach Provide resources needed for the management system are available Ensure management system achieves its intended results Take accountability of the effectiveness of the management system Communicate the importance of an effective management system and of conforming to the management system requirements Engage, direct and support persons to contribute to the effectiveness of the management system Promote continual improvement Support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. 19/10/2015
6. Planning 6.1 Actions to address risks and opportunities Let s discuss objectives first! 6.2 Objectives and planning to achieve them Establish objectives at relevant functions and levels Consistent with policy Measureable Consider applicable requirements Monitored, communicated, updated Determine resources, responsibilities, targets and how to evaluate results
Risk and Planning Implement the new requirements on Risk and Planning Determine external and internal issues that are relevant to your purpose and its strategic direction and that affect your ability to achieve the intended result(s) (Objectives) of your management system. (4.1) Apply risk based thinking to meet requirements under section 6.1 Actions to address risks and opportunities Pick Team Spokesperson Present findings 19/10/2015
6.1 Actions to address risks and opportunities Consider the issues referred to in 4.1* and the requirements referred to in 4.2** and determine the risks and opportunities that need to be addressed (6.1)to: give assurance that the management system can achieve its intended result(s); prevent, or reduce, undesired effects; (mitigate) achieve continual improvement *4.1 Understanding the organization and its context **4.2 Understanding the needs and expectations of interested parties
6.1 Actions to address risks and opportunities The organization shall plan: actions to address these risks and opportunities How to: integrate and implement the actions into its management system processes evaluate the effectiveness of these actions
Likelihood : 1-5 (where 1 is highly unlikely and 5 is definite) Impact : 1-5 (where 1 is minimal and 5 is business closure) Risk Rating = Likelihood X Impact Risk Likelihood Total Impact Risk Rating Mitigating Controls Additional Controls implemented Owner Final Risk Rating 19/10/2015
Conclusions Feedback
What are the main changes that may affect you? The increased role that leadership must play Decrease in the amount of documentation needed Risk management processes may need to be developed to determine the level and extent of control for internal and external (supply-chain) processes and services, if not already in place. Auditors and stakeholders will need to become familiar with the revised standards and so training may need to be considered No Longer a requirement for a Quality Manual No Longer a requirement for a Management Representative Change management
Benefits Bringing Quality into the heart of our business Quality management will be integrated and aligned with our business strategies which will improve performance and drive real value Introduction of Risk & Opportunity Management Will help identify and manage risk more effectively and opportunities that contribute to bottom line improvements An Integrated Approach It will be easier to implement more than one management system providing a more holistic view leading to cost savings Leadership Greater involvement by our leadership team will ensure that we ll all be motivated towards the organizations goals and objectives
Buy the standard ISO 9001:2015 & ISO 14001:2015 is available from your national standards body Associated standards could be useful ISO 9000 Quality Management Systems Fundamentals and Vocabulary ISO 9004 Managing for the sustained success of an organization ISO 10001 Quality management customer satisfaction guidelines for codes of conduct ISO 31000 Risk management principles and guidelines 19/10/2015
Training Start your training as soon as possible This will help embed the knowledge Senior management briefing Transition training Implementing training Auditor training Deep dive training Risk Based Thinking Transition Course Annex SL Lead Auditor 19/10/2015 19/10/2015
What you need to do Set up a project team to manage the changes Communicate the project across the whole organization Create an implementation plan and monitor progress Take a fresh look at your QMS/EMS Highlight the changes as opportunities for improvement Make changes to your documentation to reflect the new structure (as necessary) Implement the new requirements on leadership, risk and context of the organization Review the effectiveness of your current control set Carry out an impact assessment 08/12/2015
Thank You! Address: BSI Group America Inc. 12950 Worldgate Drive, Suite 800 Herndon, VA 20170 John DiMaria john.dimaria@bsigroup.com Email Main Office Telephone: 1-800-862-4977 Fax: 703-437-9001 Email: Links: Inquiry.msamericas@bsigroup.com http://www.bsiamerica.com Copyright 2014 BSI. All rights reserved.