ISO 9001: 2015 -

Going Beyond Quality

Session M09
John DiMaria; CSSBB, HISP, MHISP, AMBCI
ISO Product Manager
BSI Group Americas
Risk is on the Front Lines
Agenda
– Understanding the New Rules of the Game – Annex SL/Directive 1
– Latest Timelines
– Key Changes to ISO 9001:2015
– Best Practice Transition Journey
– Understanding How the New Changes may Affect your
Organization

Copyright © 2015 BSI. All rights reserved.

Understanding the New Rules of the Game
and the Alliances that can be made across
several Standards
Ten clauses of the new Annex SL - Directive 1 for
ISO Management Systems

• Annex SL describes the framework for a generic management

system. However, it requires the addition of discipline-specific
requirements to make a fully functional quality, environmental,
service management, food safety, business continuity, information
security and energy management system standard

• ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014

• High level structure, identical core text, common terms and core
definitions – 10 Main Clauses

Copyright © 2015 BSI. All rights reserved.

Reasons For The Changes

• Easier integration of multiple standards using a common

foundation and common language

• Increase involvement of Top Management

• Decrease the emphasis on Documentation

• Increase the emphasis on Achieving Value for the Organization

and its customers

• Increase emphasis on Risk Management to achieve objectives

Copyright © 2015 BSI. All rights reserved.

Directive 1 – 10 Clauses

1. Scope 6. Planning

2. Normative references 7. Support

3. Terms and definitions 8. Operation

4. Context of the 9. Performance evaluation

organization
10. Improvement
5. Leadership

Implement Once, Comply Many

Copyright © 2015 BSI. All rights reserved.

4. Context of the organization
4.1 Understanding the organization and its context

Determine relevant external and internal issues that affect the

ability to achieve the intended outcome(s)

Copyright © 2015 BSI. All rights reserved.

4.2 Understanding the needs and expectations of
interested parties

Source ISO 9004

Copyright © 2015 BSI. All rights reserved.

4.3 Determining the scope of the management
system

Source: ISO 9001:2015 DIS

Copyright © 2015 BSI. All rights reserved.
 4.4 Management system

Establish, implement, maintain, and continually improve a management

system, including the processes needed and their interactions, in
accordance with the requirements of the International Standard

A “Process” can be defined as a “set of interrelated or interacting activities,

which transforms inputs into outputs”
Source: ISO/TC 176/SC 2/N 544R3

Interrelated or interacting elements of an organization

Policies, Processes and Objectives

Copyright © 2015 BSI. All rights reserved.

5. Leadership
5.1 Leadership and commitment
How top management* demonstrates leadership and commitment
with respect to the management system

• Policy and objectives must be established compatible with the strategic

direction of the organization
• How does top management integrate the management system
requirements into your organization’s business processes
• Do they provide proper resources
• Communicating the importance of effective management and of
conforming to requirements

* person or group of people who directs and controls an organization (3.01) at the highest level

Copyright © 2015 BSI. All rights reserved.

5.1 Leadership and commitment

• How do they ensure the management system achieves its

intended outcome(s)
• Top management must show how they direct and support persons
to contribute to the effectiveness of the management system
• How do they promote continual improvement and support other
relevant management roles to demonstrate their leadership as it
applies to their areas of responsibility

Copyright © 2015 BSI. All rights reserved.

5.2 Policy

Top management must establish a documented policy:

• Appropriate to the purpose of the organization
• Set objectives
• Commitment to satisfy applicable requirements
• Commitment to continual improvement

Copyright © 2015 BSI. All rights reserved.

5.3 Organizational roles, responsibilities and
authorities

Top management must show that they ensure that the

responsibilities and authorities for relevant roles are assigned
and communicated within the organization

They must assign responsibility and authority for:

• ensuring that the management system conforms to the
requirements of the International Standard
• reporting on the performance of the management system to
top management

Copyright © 2015 BSI. All rights reserved.

6. Planning

6.1 Actions to address risks and opportunities

Let’s discuss objectives first!

6.2 Objectives and planning to achieve them

• Establish objectives at relevant functions and levels
• Consistent with policy
• Measureable
• Consider applicable requirements
• Monitored, communicated, updated
• Determine resources, responsibilities, targets and how to
evaluate results

Copyright © 2015 BSI. All rights reserved.

6.1 Actions to address risks and opportunities

Consider the issues referred to in 4.1* and the requirements referred to

in 4.2** and determine the risks and opportunities that need to be
addressed to:

• give assurance that the management system can achieve its

intended outcome(s);
• prevent, or reduce, undesired effects; (mitigate)
• achieve continual improvement

*4.1 Understanding the organization and its context

**4.2 Understanding the needs and expectations of interested parties

Copyright © 2015 BSI. All rights reserved.

6.1 Actions to address risks and opportunities

The organization shall plan:

• actions to address these risks and opportunities

How to:
• integrate and implement the actions into its management system
processes
• evaluate the effectiveness of these actions

Copyright © 2015 BSI. All rights reserved.

7. Support

7.1 Resources
• Provide proper resources needed
7.2 Competence
• Competent on the basis of appropriate education, training,
or experience, keep records and evaluate effectiveness
7.3 Awareness
• Policy, contribution and implications of not conforming
7.4 Communication
• Determine relevant the internal and external
communications; what, when, who and how

Copyright © 2015 BSI. All rights reserved.

7.5 Documented information

7.5.1 General
• Determine required documentation
7.5.2 Creating and updating
• Identification, format and review
7.5.3 Control of documented information
• Available and suitable for use, where and when it is
needed;
• Protected, stored, controlled, change control, retention
control

Copyright © 2015 BSI. All rights reserved.

Documentation

“The organization shall maintain documented

information to the extent necessary to
support the operation of processes and
retain documented information to the extent
necessary to have confidence that the
processes are being carried out as planned”.
Source: ISO 9001:2015 DIS

“documents that provide objective evidence

of activities performed or results achieved;
such documents are referred to as records”.

Documents can also be records – “stating

results achieved or providing evidence of
activities performed”. ~ISO 9000~
Copyright © 2015 BSI. All rights reserved.

Source: ISO 9001:2015 DIS

 8. Operation

8.1 Operational planning and control

• Plan, implement and control the processes needed to meet
requirements, and to implement the actions determined in 6.1*

*6.1 Actions to address risks and opportunities

9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
• What needs to be measured, methods, when (what
intervals) and when data should be analysed and reported
9.2 Internal audit
• Conducted at planned intervals to ensure compliance with
the standard and internal requirements
• 9.2.2 plan, establish, implement and maintain
including the frequency, methods, responsibilities,
planning requirements, document and reporting and
impartiality
9.3 Management review
• Review the organization's management system, at planned
intervals, to ensure its continuing suitability, adequacy and
effectiveness

Copyright © 2015 BSI. All rights reserved.

10. Improvement

10.1 Nonconformity and corrective action

• React to the nonconformity and, as applicable
• Take action to control it
• Evaluate the need for action to eliminate the causes in
order that it does not recur or occur elsewhere
• Retain documented evidence

10.2 Continual improvement

• Continually improve the suitability, adequacy, and
effectiveness of the management system.

Copyright © 2015 BSI. All rights reserved.

What is “risk-based thinking”?

• Risk-based thinking is something we all do automatically and often

sub-consciously.
• The concept of risk has always been implicit in ISO 9001 – this
revision makes it more explicit and builds it into the whole of the
management process
• Risk-based thinking should already part of the process approach.
• Risk-based thinking makes preventive action routine.

Copyright © 2015 BSI. All rights reserved.

Aligning Risk with Corrective Action

• One of the key purposes of a formal management system is to act

as a preventive tool.

• Consequently, the standard requires an assessment of the

organization’s “external and internal issues that are relevant to its
purpose and that affect its ability to achieve the intended
outcome(s)‟ in clause 4.1, and to “determine the risks and
opportunities that need to be addressed to: assure the quality
management system can achieve its intended outcome(s); prevent,
or reduce, undesired effects; achieve improvement” in in clause 6.1.

Copyright © 2015 BSI. All rights reserved.

Copyright © 2015 BSI. All rights reserved.
Key changes that are expected for
ISO 9001:2015
QMS Structure
PLAN DO CHECK ACT

4 Context of 9 Performance
5 Leadership 6 Planning 7 Support 8 Operation 10 Improvement
organization and Evaluation

Understanding Actions to Operations of Monitoring, Nonconformity

of the Leadership and address risk Resources planning and measurement, and corrective
organization commitment and control
analysis and action
and its context opportunity evaluation

Determination
Expectations of of requirements Continual
Quality policy Competence
interested Quality for products improvement
objectives and services
parties
Internal audit

Roles, Design and

Scope of development of
responsibilities Awareness products and
management and authorities Planning of
changes services
system
Management
Control of review
external provided
Communication products and
QMS services

Production and
Documented
service
information provision

Release of
products and
services

Control of
nonconforming
process outputs,
products and
services

Copyright © 2015 BSI. All rights reserved.

ISO 9001 Key differences

Copyright © 2015 BSI. All rights reserved.

 ISO 9001 – Key changes

Copyright © 2015 BSI. All rights reserved.

Understanding How the New Changes may
Affect your Organization
What are the main changes that may affect you?
• The increased role that leadership must play
• Decrease in the amount of documentation required
• Risk management processes may need to be developed to determine
the level and extent of control for internal and external (supply-chain)
processes and services, if not already in place.
• Auditors and stakeholders will need to become familiar with the
revised standards and so training may need to be considered
• No Longer a requirement for a Quality Manual
• No Longer a requirement for a Management Representative
• Change management

Copyright © 2015 BSI. All rights reserved.

Benefits
• Bringing Quality into the heart of our business
• Quality management will be integrated and aligned with
our business strategies which will improve performance
and drive real value
• Introduction of Risk & Opportunity Management
• Will help identify and manage risk more effectively and
opportunities that contribute to bottom line improvements
• An Integrated Approach
• It will be easier to implement more than one management
system providing a more holistic view leading to cost
savings
• Leadership
• Greater involvement by our leadership team will ensure
that we’ll all be motivated towards the organizations goals
and objectives
Copyright © 2015 BSI. All rights reserved.
What we need to do

• Set up a project team to manage the changes

• Communicate the project across the whole organization

• Create an implementation plan and monitor progress

• Take a fresh look at our QMS
• Highlight the changes as opportunities for improvement
• Make changes to our documentation to reflect the new structure (as
necessary)*
• Implement the new requirements on leadership, risk and context of
the organization
• Review the effectiveness of our current control set
• Carry out an impact assessment
Copyright © 2015 BSI. All rights reserved.
*May require minimal change using process mapping
Thank You!

Address: BSI Group America Inc.

12950 Worldgate Drive, Suite 800
Herndon, VA 20170
Email John DiMaria – john.dimaria@bsigroup.com
Main Office
Telephone: 888-429-6178
Fax: 703 437 9001
Email: Inquiry.msamericas@bsigroup.com
Links: http://www.bsiamerica.com

Copyright © 2015 BSI. All rights reserved.