 History of ISO 9001 Revisions


 The idea behind ISO 9001 can be traced back to the British Standard 5750 in 1979, however the ISO9000s history is as follows:

o The first version of ISO 9000 was published in 1987 and was based on BS5750 standard. It was also influenced by Defense Military
standards.

o The second version of ISO 9000:1994 was published in 1994. This version stressed quality assurance through preventative action.

o The third version was published in 2000 as ISO 9001:2000. This version radically changed thinking as it held the belief that process
management should be the core of the standard.

 History of ISO 9001 Revisions




o ISO 9001:2000 made the goals of standard crystal clear i.e. that standard should be ‘a documented system’ not just a ‘system of
documents’. The idea was to create system efficiency that can be measured and validated by process performance.

o The fourth version is ISO 9001:2008 standard. This edition on made slight changes to the previous version. The goal of this revision was
to better explain 2000 edition requirements and to increase compatibility with other management systems, such as ISO 14001.

o The fifth major revision was published in 2015. This version is called ISO 9001:2015. Because the revision in 2008 was just a minor
update of the 2000 version, this revision sought to fill in gaps that have been formed over the fifteen years since 2000.
 Timeline from Committee Draft to Publication of ISO 9001:2015

 Timeline for Organization to make Transition to ISO 9001:2015



 Timeline for Organization to make Transition to ISO 9001:2015


 Global Status of ISO 9001 and Revision

 By 2014, the ISO: 9001 standard was used by more than 1.1 million people and organizations in 180 countries worldwide, which makes it easy
to believe that this number will have surely grown as of 2017.

BSI Group claims to have achieved the first global accreditation for ISO 9001:2015.

This revision will influence all certification and authorization bodies, training bodies, advisors, implementing agencies and business clients.

The standard has helped to build systems for various sectors such as the manufacturing sector, automotive sector, the medical sector,
governments and more.

 ISO 9001 version 2015 is meant for companies who want to:


o Prove that they are capable of delivering high quality products and services, which will then fulfill client requirements and regulatory
needs.

o Enhance customer satisfaction.

 Key changes in ISO 9001 version 2015 include the following key changes:


o Building a quality management system that is well matched to each organization’s particular needs.

o Top management must be involved in the management system in order to make comprehensive enterprise strategy.

o The prevalence of risk-based thinking across the standard enables the entire management system to be used as a preventive instrument,
which will continually boost improvement.

o Less enforcing requirements for records and documentation. The enterprise can now decide independently what documented information
it requires and what is the appropriate format.

o Integration with other important and widespread management system standards.

 Fundamental Concepts in ISO 9001:2015

 Nigel Croft, Chairperson of the ISO subcommittee for revising the standard, emphasizes that the revision is based on three basic concepts:


o Process approach

o PDCA Model i.e. Plan Do Check & Act

 o Risk Based Thinking

o Process Approach
o PDCA
o Risk Based Thinking

 Misconceptions about Revision

 There are two prevalent misconceptions about revision due to incorporation of risk based thinking:


o Substitution of Process Approach by Risk Based Thinking
 o Preventive Action Has Been Removed

o There are concerns that risk based thinking substitutes the process approach, which is incorrect. It is part of the process approach itself,
because before one begins the process, one must identify any hazards and opportunities so that they may decide which process best
meets the objectives in a given context.

 Action Plan for Organizations

 Currently accredited management systems can be adapted with some minor modifications. In many situations, organizations should have
sufficient documentation and protocols already in place with their presently certified management system.

As risk is incorporated in many sections of the revision of ISO 9001, companies should focus on establishing their risk management protocols if
they do not currently have a system in place for controlling risks. The companies must start thinking about how to incorporate risk in their
businesses at both a strategic level as well as an operational level.

The transitional period does not end until 2018, so organizations will have had three years to update their systems and make sure it comply with
the revision.

 Certification Process - Phases

 Starting Point: Outline the scope of the certification program.

 Pre-Audit (not mandatory): This is a gap analysis phase against standard. This helps companies to identify what they need to do to prepare for
a certification audit.

Certification Audits are actually conducted in 2 stages:


o Stage 1 Audit is a readiness review audit to prove that the organization is prepared for certification.

o Stage 2 Audit is an assessment of implementation, along with the effectiveness, and performance evaluation of the management system
of the organization. This is the stage where certification is awarded. A certificate is valid for 3 years and is awarded based on the results
of stage 2 audit.

 Surveillance Audits are conducted to prove that the management system maintains fulfillment against requirements of standard and are also
conducted to observe the continual improvement of the management system.

Re-Certification Audits are done after 3 years to endorse the effectiveness of the management system as a whole. Certificate is then reissued for
next 3 years.

 Certification Process – Implementation Benefits


o Improved customer retention, satisfaction and acquisition.
 o Exhibition of management commitment towards quality of services and products.

o Improving cost control through conserving input materials.

o Reducing defects that result in complaints, therefore reducing compensation costs.

o Increase in efficiency, productivity and profit.

o Creation of knowledge database for effective management of company knowledge.

o Consistent outcomes which are measured and monitored.

o High Level Structure (HLS) to easily integrate with more than one standard.
 Benefits of ISO 9001 Certification Program to Customers

 Some clients will only purchase or buy services or products from certified companies since it provides them the assurance that management
systems are continuously assessed, improved and monitored.

 Some of the benefits to customers are:


o Reduces repeated mistakes.

o Develops a complaint reporting system and improves performance.

 o Improved quality products and services by internal auditing.

o Consistent and robust scheduling of production and delivery.

o Performance will be maintained with the help of external certification body annual assessments program.
 What Can't Companies Do?

 Companies cannot do following with ISO 9001 certification:


o Companies cannot employ or change ISO’s logo. It is ISO’s brand and intellectual property.

o Companies cannot equate ISO 9001 certification to being ISO certified. Companies which are ISO 9001:2015 certified are not certified
by ISO or by ISO 9001 technical committee, but rather by an Accreditation Body like UKAS.

o ISO 9001:2015 cannot be branded on company products or utilized in literature to denote that product is certified by ISO 9001. It is not
a product certification but a company quality management system certification.

o Companies must be careful with their scope so to correctly describe their certified activities and geographic locations. A certification is
only awarded on the defined scope. Activities of companies outside the certification scope cannot be implied to gain benefits of ISO
9001 certification.
 History of ISO 9001 Revision


 Process Approach and PDCA Cycle

 A process is usually defined as reproducible, interacting activities that together convert an input into an output. The elements in the process
approach cycle are discussed below:


 o With What means the infrastructure i.e. process equipment, software, hardware, and supporting devices.

o With Who means the human resource i.e. personnel, training, and qualification needed to carry out the process.


o How is the procedure or work instructions that explain how the process will be carried out and describe the entities responsible entities
for the process.

o How many? These are the process monitoring parameters like action plan, trends, production reports. This also counts as evidence for
PDCA.

o Input is something that starts the process. Input can be workers, event, resources, or supplies. For example, a maintenance requisition
starts the process for maintenance.
 o Output is a consequence of the process, or its result. Output should comply with the expectation of a customer both in-house or external.
Normally outputs are goods, services, or the input into other in-house process.

 Organizational Processes Examples

 Some of the examples of organizational processes are shared below:


o Training process

o Information management process

o Maintenance process

o Information management process

 o Planning process

o Assembly process

o Marketing process

o Customer communications process

o Purchasing process

o Internal auditing process

 Organizational Processes

 Training process flow is shown as a case study:



 Determinants of a Process

 Some of process determinants are following:



 Process Characteristics

 Some of the process characteristics are:

 
o Repeatable

o Predictable

o Quantifiable

o Explainable

o Context Oriented & Dependent

 What is PDCA Cycle?

 Plan-Do-Check-Act (also known as “PDCA”) is a cyclic process that was conceptualized by Walter Shewhart and widely promoted by Edward
Deming – two founders of most of the quality philosophies that are followed today.

This concept is a cycle for bringing about a change which, when implemented and repeated, would yield repeated improvements in any process.

A case study we all can recognize will be the process we go through when selecting a wireless carrier:


o We Plan to have no issues like dropped calls, interruption in voice delivery or receiving etc.

o The Do part occurs when we start utilizing the wireless service.

 o The Check part occurs when we assess the actual performance and realize that we have had a few interruptions to calls.

o And the Act part occurs when we make our future course of action based on Check. For example, we could accept the number of
interruptions in calls, or we could complain to the vendor to have the complaint corrected, or we could change the service provider.

 Plan, Do, Check & Act is a cycle that was devised by Walter Shewhart and propagated by Edward Deming. PDCA is an iterative four-step
managing technique utilized in industry for the continual improvement of processes.

 Plan – This step includes the establishment of the objectives and processes essential to provide outcomes that are in line with needed output.

Planning of the QMS starts with the initial documentation of the Quality Manual, control of documents and records, Quality Policy and Quality
Objectives, plan to achieve policy & objectives, Additional planning on how to realize the product or service, including what resources are
required and how they will be used, is the last step in the early planning.



Check – Examine the real results of ‘Do’ step, and check it against the expected results of the plan phase.

It is mandatory to check and measure not merely the product to make sure it fulfills requirements, but moreover to check and measure the
processes as well. Analysis of data, internal audits, external audits & Management Review are mandatory in ISO 9001. All these extensive
processes are part of ‘check’ phase in PDCA cycle.


 Act – If the Check analysis reveals that the Plan that was applied in Do phase is a progressive improvement to the earlier results, then the
present ‘Do’ should become the new standard for how the organization should Act going forward.

If the Check analysis reveals that the Plan that was applied in Do phase is not an improvement, then the prior standard will remain.

In both cases, i.e. improvement or no improvement, more learning is needed and that will inform next PDCA cycle. Corrective actions and action
plans that resulted from output of management review meetings and internal audits are part of the Act phase in PDCA cycle.


 When to Use Plan–Do–Check–Act

 PDCA cycle should be used in following cases:


o When opting for continuous improvement.

o When initiating a new improvement project.

o When making a new or modified design of a process, product or service.

o When defining a repetitive work process.

o When preparing data collection and analysis so as to verify and prioritize problems or root causes.

o When applying any change.

 PDCA Cycle and ISO 9001:2015
 PDCA is an integral part of ISO 9001:2015 (Quality Management System i.e. QMS). Companies going for ISO 9001 will automatically integrate
PDCA cycle.

 Plan and Do in ISO 9001:2015


o Plan
o Do
 o Planning is one of the vital parts of the QMS and begins with realizing the context of the organization and the expectations of
interested parties (Clauses 4.1 & 4.2), which is then utilized to define the QMS scope and the processes (Clauses 4.3 & 4.4).

Then commitment of leadership in the company guides the organization to a customer focus by outlining organizational roles and
responsibilities and by instituting a quality policy to focus on QMS (Clauses 5.1, 5.2 & 5.3).

Then planning identifies and addresses the risks and opportunities of the QMS, including setting and planning for quality objectives
and changes to support continual improvement (Clauses 6.1, 6.2 & 6.3).

The final layer of planning is to recognize and define the support structure to perform plans. This comprises resources (Clause 7.1),
recognizing competence (Clause 7.2), awareness (Clause 7.3), communication (Clause 7.4) and to have the system for creation and
control of documented information (Clause 7.5).

 Check and Act in ISO 9001:2015


o Check
o Act
 o There are numerous places in the standard to check the processes of the QMS to make sure they are effective as per plan. The ISO
standard requires enterprises to monitor, measure, analyze and evaluate the products or services to make sure that the processes
employed are satisfactory and effective, and that customer satisfaction is achieved (Clause 9.1). Internal Audits (Clause 9.2) are required
as a means of measuring the effectiveness of the QMS. The Management Review procedure (Clause 9.3), analyses and evaluates all the
collected information related to QMS and helps to identify solutions to resolve any issues or problems.

 Process Approach And PDCA Cycle



 End of Topic
 Context of Organization and Risk Based Thinking


 Clause 4 of ISO 9001:2015 states that the organization to assess itself in regards to the organizations' context and how this context may affect the
QMS.

Organization need to study:


o Influences of various elements on the organization.

o How elements reflect on the QMS

 o Risks and opportunities regarding the business

Internal Context External Context

The company's culture Markets
Objectives and goals Customers
Complexity of the products Regulatory Bodies & Government Organization
Flow of processes
Organization knowledge
Size of the organization
 The standard does not mandate the method for understanding the context of the organization, however there are few logical steps &
milestones:


 What is an internal context of organization?

 An organization’s internal context is the environment in which it aims to achieve its objectives.

Internal context can include:


o Approach to governance

o Contractual relationships with customers

o Interested parties

 Things that need to be considered (while analyzing internal context) are:


o Culture, beliefs, values, or principles inside the organization.

o Complexity of processes and organizational structure.

 What is an external context of organization?

 .An organization’s external context is the environment which influences the organization. For example environmental, social, ethical, legal,
political, technological, and economic environment.

 External context can include:


o Regulations and modifications in the law.

o Economic drifts in the market where organization operates.

o Competition that the organization faces.

o Technology advancements.
 Context Of Organization And Risk Based Thinking

 End of Topic
 The main points from this module are as follows:

 The idea for ISO 9001 can be traced back to British standard 5750 in 1979, however the first publication was made in 1987.

The second revision (1994) stresses quality assurance through preventive action. The third revision (2000) was based on process approach. The
forth revision (2008) was based on alignment with other standards. The current version was published in 2015.

The current revision was presented as committee draft in June 2013, then as draft international standard in April 2014, then as final draft
international standard in July 2015. Finally, the revision was published in September 2015.

Companies have until September 2018 to upgrade to the recent revision.

 The latest revision of ISO 9001:2015 is made based on following concepts:


o Process Approach
 o Plan, Do, Check, and Act cycle

o Risk Based Thinking

 Risk based thinking does not replace the process approach. Preventive action is built into risk based decision making.

 A certification process of ISO 9001:2015:


o Defining the scope of business i.e. physical boundaries, products etc.

o A gap analysis is performed.

o Stage 1 readiness check audit.

o Stage 2 certification audit.

o After certification, surveillance audits are done annually for three years.

o Then recertification is done after 3 years of certification issuance.

 Some of benefits of ISO 9001:2015 to business owners are: customer satisfaction, improved efficiency, decreased defects, and high level
structure for easy integration with other standards.
Some benefits of ISO 9001:2015 to customers are: reduced mistakes, improved complaint handling system, consistent performance etc.

Companies cannot use ISO logo on products, or cannot change it. Companies cannot say they are ISO certified, because they are ISO 9001:2015
certified by an accredited body like UKAS.

Processes have elements like: inputs, outputs, with what, with who, how and how many.

Inputs are raw materials and human resources.

With What includes software and process equipment used to execute activities in process.

With Who refers to human resources and their qualification to run processes.

How is the method used to carry out the process.

How Many refers to the process monitoring parameters.

 Outputs are the consequence of process.

 Walter Shewhart's Plan, Do, Check and Act cycle is the basis of ISO 9001:2015 and is used to analyze the context of an organization to plan for
its optimization.

The planning of processes, the setting of quality objectives, and planning to achieve them are part of Plan phase in PDCA cycle.

Do involves support activities like human resource allocation, infrastructure, equipment. Do also involves production and operational activities.
Design activities are also included in Do.

Check is the management review, performance evaluation example inspection, internal audits etc.

Act is continual improvement based on internal audits, non-conformities and corrective actions.
 Context of Organization is the analysis of organization’s context both internal and external.

 Organizations can list their internal and external issues and identify the parties involved and their needs and expectations.

They can then document context by listing these issues and needs of interested parties.

Then, they can rate each issue and need on a priority ranking scale.

If needed, a treatment method can be provided to optimize the opportunity and to mitigate the risk.

Risk based thinking is a thinking process that we do in our everyday life. Organizations need to adopt it in their processes and activities.
 Risk driven approach from risk based thinking is based on recognizing risks and opportunities, examining and prioritizing recognized risks and
opportunities, planning actions to mitigate risk or optimize opportunities, implementing a plan, assessing the effectiveness of implemented plan,
and finally, improve continually by learning from experience.

 Foundations Of Quality Management System: Lesson Summary



 End of Topic
 Upon completion of this module, you will be able to:


o List the auditable clauses of ISO 9001:2015

o Discuss the requirements of standard for the Context of Organization.

o Explain the requirements of standard on Leadership role.

o Clarify the Planning requirements for the Quality Management System (QMS).

o Describe the support functions required for the QMS.

o Explain the requirements of Operation Controls for QMS.

o Discuss the Performance Evaluation requirements related to measurement and monitoring, internal audits, and management reviews.

o Explain the requirements of Improvement in standard's context.

 Auditable Clauses in ISO 9001:2015 - Learning Outcomes



 End of Topic
 Clause 4 - Context of Organization

 Context of Organization is the new requirement of ISO 9001:2015. New requirements related context of organization are already discussed in the
earlier module's last topic. The requirements and guidelines are expressed here in simple but meaningful terms:

o Clause 4.1 - Comprehend Organization and its Unique Context

o Clause 4.2 - Clarify the Needs and Expectations of Interested Parties related to Organization

o Clause 4.3 - Define the Scope of Organization's Quality Management System

o Under this sub-clause, organization has to take care of the following:

• Recognize and comprehend organization's context.

• Recognize and comprehend organization's context before one develops organization's quality management system (QMS).
• Consider the external issues that are appropriate to organization's purpose and strategic direction and think about the influence these
issues could have on its QMS and the outcomes it intends to attain.
• Consider the internal issues that are appropriate to organization's purpose and strategic direction and think about the influence these
issues could have on its QMS and the results it intends to achieve.
• Monitor information about your organization's context.
• Consider the impact changes in context could have on your organization's quality management system (QMS).
 Clause 4.4 - Develop a QMS and Establish Documented Information

 This sub-clause is the part of Context of Organization. Organization has to develop a quality management system and should incorporate
documented information to support that. The requirements of these clause are expressed in two different clauses:

o Clause 4.4.1 - Develop a QMS that complies with this standard

o Clause 4.4.2 - Keep QMS Documents and Keep QMS records

The organization has to take care of the following requirements under this clause:

• Keep documents required to help process operations.

• Control documents which help process operations.
• Keep records which exhibit that plans are being followed.
• Control records which show that plans are being followed.

o Clause 5 - Leadership

o The first sub-clause on Leadership is clause 5.1 which is focused on " Provide leadership by focusing on quality and customers".
Requirements are expressed in two different heads:
 o
 Clause 5.1.1 - Offer Leadership by Encouraging a Focus on Quality

 Clause 5.1.2 - Offer Leadership by Encouraging a Focus on Customers

 The organization has to take care of the following requirements under this clause:

• Accept responsibility for organization's QMS.

• Prove a commitment to organization's QMS.

• Make sure that a quality policy is established.
• Make sure that quality objectives are established.
• Make sure that requirements are built into processes.
• Make sure that your QMS achieves all intended results.
• Communicate organization's commitment to the QMS.
• Explain why quality management is important.
• Anticipate managers to be accountable for their QMS.
• Encourage organization's personnel to support their QMS.
• Promote the utilization of risk-based thinking.


 o

o Clause 5.2 - Provide leadership by establishing a suitable quality policy

o The second clause is related to offer leadership be establishing an appropriate quality policy.

o
 Clause 5.2.1 - Provide Leadership by Formulating Quality Policy of the Organization

 Clause - 5.2.2 - Provide Leadership by Implementing Quality Policy of the Organization

 The organization has to take care of the following requirements under this clause:

• Establish a relevant quality policy.

• Ensure that it supports company's purpose.

• Ensure that it deals with business context.
• Formulate organization's quality policy.
• Make a commitment to meet applicable requirements.
• Have a commitment to continual improve QMS.
• Enforce the developed organization's quality policy.

• Maintain and keep company's quality policy.

 Clause 5.3 - Offer Leadership by Defining Roles and Responsibilities

 The third clause is 5.3, which on the leadership role in defining the roles and responsibilities.


o Allocate QMS roles, responsibilities, and authorities.

o Communicate those QMS roles, responsibilities, and authorities.

o Make sure that every one understand his/her role, responsibilities and authorities.

 Clause 6 - Planning

 The first sub-clause is 6.1 which is on defining actions and measures to control risks and capitalize opportunities.


o Clause 6.1.1 - Consider risks and opportunities when you plan your QMS
o Clause 6.1.2 - Plan how you’re going to manage risks and opportunities

o Under this clause, organization has to comply with following requirements:

• Plan the development of company's QMS.

• Recognize the risks and opportunities that could influence the performance of organization's QMS or disrupt its operation.

• Consider how the company's context could influence how well its QMS is capable to attain planned results.

• Consider how the company's interested parties could influence how well its QMS is capable to achieve planned results.
 • Identify what one needs to do to manage the risks and opportunities that could affects the performance of company's QMS or disrupt
its operation.

 Clause 6.2 - Setting Quality Objectives and Establish plans to attain them

 The second clause is about setting quality objectives and developing plans to achieve them.

o Clause 6.2.1 - Develop quality objectives for all appropriate areas

o Clause 6.2.2 - Make Plans to Attain Objectives and Assess Results



o Under this sub-clause, organization has to take care of following:

 • Define the criteria for identifying quality objectives.

• Resolve quality objectives in all relevant areas.

• Communicate organization's quality objectives.
• Document organization's quality objectives.
• Monitor organization's quality objectives.
• Update organization's quality objectives.

 Clause 6.3 - Plan changes to your quality management system

 The third sub-clause is related to planning of changes to organization's quality management system. This is what we can name it as change
management. In this clause, one has to take care of the following issues:


o Think about the purpose of the changes one plans to make.

o Reflect responsibilities and authorities whenever one make changes.

o Contemplate the outcomes that changes could potentially result in.

o Consider the provision of resources whenever one make changes.

o Reflect the integrity of organization's QMS whenever any change is made.

 Clauses on Planning of the Quality Management System


 End of Topic