Professional Documents
Culture Documents
The idea behind ISO 9001 can be traced back to the British Standard 5750 in 1979, however the ISO9000s history is as follows:
o The first version of ISO 9000 was published in 1987 and was based on BS5750 standard. It was also influenced by Defense Military
standards.
o The second version of ISO 9000:1994 was published in 1994. This version stressed quality assurance through preventative action.
o The third version was published in 2000 as ISO 9001:2000. This version radically changed thinking as it held the belief that process
management should be the core of the standard.
o The fourth version is ISO 9001:2008 standard. This edition on made slight changes to the previous version. The goal of this revision was
to better explain 2000 edition requirements and to increase compatibility with other management systems, such as ISO 14001.
o The fifth major revision was published in 2015. This version is called ISO 9001:2015. Because the revision in 2008 was just a minor
update of the 2000 version, this revision sought to fill in gaps that have been formed over the fifteen years since 2000.
Timeline from Committee Draft to Publication of ISO 9001:2015
Global Status of ISO 9001 and Revision
By 2014, the ISO: 9001 standard was used by more than 1.1 million people and organizations in 180 countries worldwide, which makes it easy
to believe that this number will have surely grown as of 2017.
BSI Group claims to have achieved the first global accreditation for ISO 9001:2015.
This revision will influence all certification and authorization bodies, training bodies, advisors, implementing agencies and business clients.
The standard has helped to build systems for various sectors such as the manufacturing sector, automotive sector, the medical sector,
governments and more.
ISO 9001 version 2015 is meant for companies who want to:
o Prove that they are capable of delivering high quality products and services, which will then fulfill client requirements and regulatory
needs.
o Building a quality management system that is well matched to each organization’s particular needs.
o Top management must be involved in the management system in order to make comprehensive enterprise strategy.
o The prevalence of risk-based thinking across the standard enables the entire management system to be used as a preventive instrument,
which will continually boost improvement.
o Less enforcing requirements for records and documentation. The enterprise can now decide independently what documented information
it requires and what is the appropriate format.
Nigel Croft, Chairperson of the ISO subcommittee for revising the standard, emphasizes that the revision is based on three basic concepts:
o Process approach
There are two prevalent misconceptions about revision due to incorporation of risk based thinking:
o Substitution of Process Approach by Risk Based Thinking
o Preventive Action Has Been Removed
o There are concerns that risk based thinking substitutes the process approach, which is incorrect. It is part of the process approach itself,
because before one begins the process, one must identify any hazards and opportunities so that they may decide which process best
meets the objectives in a given context.
Currently accredited management systems can be adapted with some minor modifications. In many situations, organizations should have
sufficient documentation and protocols already in place with their presently certified management system.
As risk is incorporated in many sections of the revision of ISO 9001, companies should focus on establishing their risk management protocols if
they do not currently have a system in place for controlling risks. The companies must start thinking about how to incorporate risk in their
businesses at both a strategic level as well as an operational level.
The transitional period does not end until 2018, so organizations will have had three years to update their systems and make sure it comply with
the revision.
o Stage 1 Audit is a readiness review audit to prove that the organization is prepared for certification.
o Stage 2 Audit is an assessment of implementation, along with the effectiveness, and performance evaluation of the management system
of the organization. This is the stage where certification is awarded. A certificate is valid for 3 years and is awarded based on the results
of stage 2 audit.
Surveillance Audits are conducted to prove that the management system maintains fulfillment against requirements of standard and are also
conducted to observe the continual improvement of the management system.
Re-Certification Audits are done after 3 years to endorse the effectiveness of the management system as a whole. Certificate is then reissued for
next 3 years.
o Improved customer retention, satisfaction and acquisition.
o Exhibition of management commitment towards quality of services and products.
o High Level Structure (HLS) to easily integrate with more than one standard.
Benefits of ISO 9001 Certification Program to Customers
Some clients will only purchase or buy services or products from certified companies since it provides them the assurance that management
systems are continuously assessed, improved and monitored.
o Reduces repeated mistakes.
o Performance will be maintained with the help of external certification body annual assessments program.
What Can't Companies Do?
o Companies cannot employ or change ISO’s logo. It is ISO’s brand and intellectual property.
o Companies cannot equate ISO 9001 certification to being ISO certified. Companies which are ISO 9001:2015 certified are not certified
by ISO or by ISO 9001 technical committee, but rather by an Accreditation Body like UKAS.
o ISO 9001:2015 cannot be branded on company products or utilized in literature to denote that product is certified by ISO 9001. It is not
a product certification but a company quality management system certification.
o Companies must be careful with their scope so to correctly describe their certified activities and geographic locations. A certification is
only awarded on the defined scope. Activities of companies outside the certification scope cannot be implied to gain benefits of ISO
9001 certification.
History of ISO 9001 Revision
A process is usually defined as reproducible, interacting activities that together convert an input into an output. The elements in the process
approach cycle are discussed below:
o With What means the infrastructure i.e. process equipment, software, hardware, and supporting devices.
o With Who means the human resource i.e. personnel, training, and qualification needed to carry out the process.
o How is the procedure or work instructions that explain how the process will be carried out and describe the entities responsible entities
for the process.
o How many? These are the process monitoring parameters like action plan, trends, production reports. This also counts as evidence for
PDCA.
o Input is something that starts the process. Input can be workers, event, resources, or supplies. For example, a maintenance requisition
starts the process for maintenance.
o Output is a consequence of the process, or its result. Output should comply with the expectation of a customer both in-house or external.
Normally outputs are goods, services, or the input into other in-house process.
o Training process
o Maintenance process
o Assembly process
o Marketing process
o Purchasing process
Organizational Processes
Determinants of a Process
Process Characteristics
o Predictable
o Quantifiable
o Explainable
Plan-Do-Check-Act (also known as “PDCA”) is a cyclic process that was conceptualized by Walter Shewhart and widely promoted by Edward
Deming – two founders of most of the quality philosophies that are followed today.
This concept is a cycle for bringing about a change which, when implemented and repeated, would yield repeated improvements in any process.
A case study we all can recognize will be the process we go through when selecting a wireless carrier:
o We Plan to have no issues like dropped calls, interruption in voice delivery or receiving etc.
o And the Act part occurs when we make our future course of action based on Check. For example, we could accept the number of
interruptions in calls, or we could complain to the vendor to have the complaint corrected, or we could change the service provider.
Plan, Do, Check & Act is a cycle that was devised by Walter Shewhart and propagated by Edward Deming. PDCA is an iterative four-step
managing technique utilized in industry for the continual improvement of processes.
Plan – This step includes the establishment of the objectives and processes essential to provide outcomes that are in line with needed output.
Planning of the QMS starts with the initial documentation of the Quality Manual, control of documents and records, Quality Policy and Quality
Objectives, plan to achieve policy & objectives, Additional planning on how to realize the product or service, including what resources are
required and how they will be used, is the last step in the early planning.
Check – Examine the real results of ‘Do’ step, and check it against the expected results of the plan phase.
It is mandatory to check and measure not merely the product to make sure it fulfills requirements, but moreover to check and measure the
processes as well. Analysis of data, internal audits, external audits & Management Review are mandatory in ISO 9001. All these extensive
processes are part of ‘check’ phase in PDCA cycle.
Act – If the Check analysis reveals that the Plan that was applied in Do phase is a progressive improvement to the earlier results, then the
present ‘Do’ should become the new standard for how the organization should Act going forward.
If the Check analysis reveals that the Plan that was applied in Do phase is not an improvement, then the prior standard will remain.
In both cases, i.e. improvement or no improvement, more learning is needed and that will inform next PDCA cycle. Corrective actions and action
plans that resulted from output of management review meetings and internal audits are part of the Act phase in PDCA cycle.
o When opting for continuous improvement.
o When preparing data collection and analysis so as to verify and prioritize problems or root causes.
o Plan
o Do
o Planning is one of the vital parts of the QMS and begins with realizing the context of the organization and the expectations of
interested parties (Clauses 4.1 & 4.2), which is then utilized to define the QMS scope and the processes (Clauses 4.3 & 4.4).
Then commitment of leadership in the company guides the organization to a customer focus by outlining organizational roles and
responsibilities and by instituting a quality policy to focus on QMS (Clauses 5.1, 5.2 & 5.3).
Then planning identifies and addresses the risks and opportunities of the QMS, including setting and planning for quality objectives
and changes to support continual improvement (Clauses 6.1, 6.2 & 6.3).
The final layer of planning is to recognize and define the support structure to perform plans. This comprises resources (Clause 7.1),
recognizing competence (Clause 7.2), awareness (Clause 7.3), communication (Clause 7.4) and to have the system for creation and
control of documented information (Clause 7.5).
o Check
o Act
o There are numerous places in the standard to check the processes of the QMS to make sure they are effective as per plan. The ISO
standard requires enterprises to monitor, measure, analyze and evaluate the products or services to make sure that the processes
employed are satisfactory and effective, and that customer satisfaction is achieved (Clause 9.1). Internal Audits (Clause 9.2) are required
as a means of measuring the effectiveness of the QMS. The Management Review procedure (Clause 9.3), analyses and evaluates all the
collected information related to QMS and helps to identify solutions to resolve any issues or problems.
End of Topic
Context of Organization and Risk Based Thinking
Clause 4 of ISO 9001:2015 states that the organization to assess itself in regards to the organizations' context and how this context may affect the
QMS.
o Influences of various elements on the organization.
What is an internal context of organization?
An organization’s internal context is the environment in which it aims to achieve its objectives.
o Approach to governance
o Interested parties
o Culture, beliefs, values, or principles inside the organization.
o Technology advancements.
Context Of Organization And Risk Based Thinking
End of Topic
The main points from this module are as follows:
The idea for ISO 9001 can be traced back to British standard 5750 in 1979, however the first publication was made in 1987.
The second revision (1994) stresses quality assurance through preventive action. The third revision (2000) was based on process approach. The
forth revision (2008) was based on alignment with other standards. The current version was published in 2015.
The current revision was presented as committee draft in June 2013, then as draft international standard in April 2014, then as final draft
international standard in July 2015. Finally, the revision was published in September 2015.
o Process Approach
o Plan, Do, Check, and Act cycle
Risk based thinking does not replace the process approach. Preventive action is built into risk based decision making.
o Defining the scope of business i.e. physical boundaries, products etc.
o After certification, surveillance audits are done annually for three years.
Some of benefits of ISO 9001:2015 to business owners are: customer satisfaction, improved efficiency, decreased defects, and high level
structure for easy integration with other standards.
Some benefits of ISO 9001:2015 to customers are: reduced mistakes, improved complaint handling system, consistent performance etc.
Companies cannot use ISO logo on products, or cannot change it. Companies cannot say they are ISO certified, because they are ISO 9001:2015
certified by an accredited body like UKAS.
Processes have elements like: inputs, outputs, with what, with who, how and how many.
With What includes software and process equipment used to execute activities in process.
With Who refers to human resources and their qualification to run processes.
Walter Shewhart's Plan, Do, Check and Act cycle is the basis of ISO 9001:2015 and is used to analyze the context of an organization to plan for
its optimization.
The planning of processes, the setting of quality objectives, and planning to achieve them are part of Plan phase in PDCA cycle.
Do involves support activities like human resource allocation, infrastructure, equipment. Do also involves production and operational activities.
Design activities are also included in Do.
Check is the management review, performance evaluation example inspection, internal audits etc.
Act is continual improvement based on internal audits, non-conformities and corrective actions.
Context of Organization is the analysis of organization’s context both internal and external.
Organizations can list their internal and external issues and identify the parties involved and their needs and expectations.
They can then document context by listing these issues and needs of interested parties.
Then, they can rate each issue and need on a priority ranking scale.
If needed, a treatment method can be provided to optimize the opportunity and to mitigate the risk.
Risk based thinking is a thinking process that we do in our everyday life. Organizations need to adopt it in their processes and activities.
Risk driven approach from risk based thinking is based on recognizing risks and opportunities, examining and prioritizing recognized risks and
opportunities, planning actions to mitigate risk or optimize opportunities, implementing a plan, assessing the effectiveness of implemented plan,
and finally, improve continually by learning from experience.
End of Topic
Upon completion of this module, you will be able to:
o List the auditable clauses of ISO 9001:2015
o Clarify the Planning requirements for the Quality Management System (QMS).
o Discuss the Performance Evaluation requirements related to measurement and monitoring, internal audits, and management reviews.
End of Topic
Clause 4 - Context of Organization
Context of Organization is the new requirement of ISO 9001:2015. New requirements related context of organization are already discussed in the
earlier module's last topic. The requirements and guidelines are expressed here in simple but meaningful terms:
o Clause 4.2 - Clarify the Needs and Expectations of Interested Parties related to Organization
This sub-clause is the part of Context of Organization. Organization has to develop a quality management system and should incorporate
documented information to support that. The requirements of these clause are expressed in two different clauses:
The organization has to take care of the following requirements under this clause:
o Clause 5 - Leadership
o The first sub-clause on Leadership is clause 5.1 which is focused on " Provide leadership by focusing on quality and customers".
Requirements are expressed in two different heads:
o
Clause 5.1.1 - Offer Leadership by Encouraging a Focus on Quality
The organization has to take care of the following requirements under this clause:
o
o The second clause is related to offer leadership be establishing an appropriate quality policy.
o
Clause 5.2.1 - Provide Leadership by Formulating Quality Policy of the Organization
The organization has to take care of the following requirements under this clause:
o Allocate QMS roles, responsibilities, and authorities.
o Make sure that every one understand his/her role, responsibilities and authorities.
Clause 6 - Planning
The first sub-clause is 6.1 which is on defining actions and measures to control risks and capitalize opportunities.
o Clause 6.1.1 - Consider risks and opportunities when you plan your QMS
o Clause 6.1.2 - Plan how you’re going to manage risks and opportunities
• Recognize the risks and opportunities that could influence the performance of organization's QMS or disrupt its operation.
• Consider how the company's context could influence how well its QMS is capable to attain planned results.
• Consider how the company's interested parties could influence how well its QMS is capable to achieve planned results.
• Identify what one needs to do to manage the risks and opportunities that could affects the performance of company's QMS or disrupt
its operation.
Clause 6.2 - Setting Quality Objectives and Establish plans to attain them
The second clause is about setting quality objectives and developing plans to achieve them.
The third sub-clause is related to planning of changes to organization's quality management system. This is what we can name it as change
management. In this clause, one has to take care of the following issues:
o Think about the purpose of the changes one plans to make.
End of Topic