Professional Documents
Culture Documents
Technology
People
QMS
Processes
4
ISO 9001 revisions since beginning
1994
2000
1987 Revisions
2008
2015
1994: 2000:Qua
1987: 2015: New
Small lity
Quality 2008: structure
revision- managem
assurance miner including
preventi ent –
-20 revision risk based
ve process
elements thinking
action approach
06/08/2023 7
KEY Aspects- 7 QM Principles
ISO 9001:2015 ISO 9001:2008
2. Leadership 2. Leadership
6. Evidence-Based Decision
6. Factual Approach to Decision Making
Making
7. Relationship
7. Continual Improvement
Management
06/08/2023
QMS PRINCIPLES
1. Customer Focus
2. Leadership
3. Engagement of People
4. Process Approach
5. Improvement
6. Evidence based Approach
7. Relationship Management
KEY TERMS & DEFINITIONS
QUALITY
Degree to which a set of inherent characteristics of an object
fulfills requirements
PROCESS
set of interrelated or interacting activities that use inputs to
deliver an intended result
RISK
Effect of uncertainty
AUDIT
Systematic, independent and documented process for obtaining
audit evidence and evaluating it objectively to determine the
extent to which the audit criteria are fulfilled.
10
Process Approach
Development of ISO 9001
Key is to engage all gears Process Approach
Risk
P-D-C-A based
Approac thinking
h
Process
Risk: Effect of Approac
Uncertainty on an h
expected results-
ISO 9001:2015
06/08/2023 12
Process Approach
Implementa Managemen
tion t
Proces Improvem
Identificat
s ent
ion
06/08/2023 13
Process Approach
06/08/2023 15
3 core
concepts…………
Identify the processes needed to achieve the
planned results
Continually monitor the risks (“Risk-based
thinking”)
Understanding “Cause and effect”
Manage the processes and the system
using
“PDCA”
06/08/2023 16
06/08/2023
Plan-Do-Check-Act cycle
Quality Management System
Organization
and its context
Support and
(4)
Operation
(7,8) Customer
satisfaction
Plan Do
Customer
requirements
Planning Performance
Leadership
(6) Evaluation (9)
(5)
interested (10)
parties
(4)
06/08/2023 20
Major differences in terminology between ISO
9001:2008 and ISO 9001:2015
ISO 9001:2008 ISO 9001:2015
Products Products and services
Exclusions Not used
(See Clause A.5 for clarification of
applicability)
Management Not used
representative (Similar responsibilities and authorities
are assigned
but no requirement for a single
management representative)
Documentation, quality Documented information
manual, documented
procedures,
records
Work environment Environment for the operation of
processes
Monitoring and Monitoring and measuring resources
measuring equipment
Purchased product Externally provided products and services
7. Support
• Resources
1. Scope • Competence
2. Normative references • Awareness
3. Terms and definitions • Communication
• Documented information
4. Context of the 8. Operation
• organization Understanding • Operational planning and control
the organization and its context
• Needs and expectations of 9. Performance
interested parties evaluation
• Determining the scope
• Management System • Monitoring, measurement,
5. Leadership
analysis & evaluation
• Leadership and commitment Internal Audit Review
•
• Policy Management
• Roles, responsibility and
authority •
6. Planning 10.Improvement
• Actions to address risks & • Non conformity and
opportunities corrective
• Objectives and plans to achieve action
them
• Continual Improvement
06/08/2023 23
Some key
changes...........
Complete reformatting to align with “Annex SL”
“Products and services” instead of “product”
More emphasis on addressing “risks &
opportunities”
Elimination of the term “preventive action”
the concept still remains, and is actually reinforced
throughout the standard (by addressing “risk”)
“External provision of products and services”
instead of “purchasing” – includes outsourced
processes Elimination of specific requirements for
Quality Manual
Management representative
06/08/2023 24
Benefits of QMS
Structure of ISO 9001:2015
PLAN DO CHECK ACT
4 Context of 9 Performance
5 Leadership 6 Planning 7 Support 8 Operation 10 Improvement
evaluation
organization
Control of
QMS and its Communication externally provided
Processes products and
services
Production &
Documented
service
information provision
Release of
products and
services
Control of
Nonconforming
process outputs,
products and
services
06/08/2023 26
4.3 Determining
4.2 Understanding the scope of the
the needs and quality
expectations of management
interested parties system
4.1
Understandi 4 Context of 4.4 Quality
ng the the management
organization system and
organization
and its its processes
context
06/08/2023 28
4. Context of the organization
As per ISO 9000, the definition of Context of the Organization
is “business environment“, “combination of internal and
external factors and conditions that can have an effect on
an organization’s approach to its products, services and
investments and interested Parties“.
Once the internal context is understood, one can conduct the macro-
environmental external analysis using “PEST” (political, economic,
social and technological) analysis.
This analysis determines which factors are can influence how the
organization operates. The organization cannot control these factors,
but it must seek to adapt to them. The PEST factors can be classified as
opportunities and threats in a SWOT (strengths, weaknesses,
opportunities, and threats) analysis.
External context
To determine external context, you should consider
issues arising from its social, technological,
environmental, ethical, political, legal, and economic
environment. Examples of external context may
include:
government regulations and changes in the law
economic shifts in the organization’s market
the organization’s competition
events that may affect corporate image
changes in technology
External context
Example external issues could include, but are not limited to:-
Determining the scope of the QMS is one of the main milestones in the
implementation.
The scope must be examined and defined considering the internal and
external issues, interested parties and their needs and expectations, as
well as legal and regulatory compliance obligations.
It is most common that the scope of the QMS covers the entire
organization. Some noted exceptions are when your QMS only
covers one physical location of a multi-location company, or when
your manufacturing or service is distinctly split between industries
(e.g., in a plant with three assembly lines where assembly lines 1
and 2 are for automotive and need to have a QMS certified to the
ISO/TS 16949 QMS standard for automotive, but you want line 3 to
be certified to ISO 9001 since many of the automotive requirements
do not apply).
So, your scope should identify the physical locations of the QMS,
products or services that are created within the QMS processes, and
the industries that are applicable if this is relevant.
4.4 Quality management system and its processes
4.4.1 The organization should establish, implement, maintain
and continually improve a quality management system,
including the processes needed and their interactions, in
accordance with the requirements of this International
Standard.
4.4 Quality management system and its processes
4.4.1The organization shall determine the processes
needed for the quality management system and their
application throughout the organization, and must :
Process
The process is a set of interrelated activities that transform activity
inputs into outputs. For example, Installation: The process of
converting a box of components into a working security system.
4.4.1 Quality management system and
its processes
Process approach
Process approach is a management strategy that requires
organizations to manage its processes and the interactions between
them. Thus you need to consider each major process of the
company and their supporting processes.
All processes have:
1. inputs;
2. outputs;
3. operational control;
4. appropriate measurement & monitoring.
Each process will have support processes that underpin(Basis) and
enable the process to become realized.
Process Approach
Process Approach
Questions to ask:
a. What are the inputs to the process?
b. Where do the inputs come from?
c. What are the outputs to the process?
d. Where do the outputs go to?
e. Is there an effective inter-relationship between processes?
f. Who plans the process?
g. Who conducts the process?
h. Are responsibilities and authorities defined?
i. Who monitors and measures the process?
j. What resources are required for the process? - Materials,
people, information,
k. environment, infrastructure, etc.?
Process Approach
Questions to ask:
a. What documented information is required for the operation and
control over the process?
b. What competences & training are required?
c. What awareness and knowledge is required?
d. What methods are used to control and run the process?
e. What are the risks and opportunities for the process?
f. What happens when the process goes wrong or does not yield the
correct output or result?
g. How can the process be improved?
h. Is the process part of the management review process?
i. Is the process subject to internal audit?
4.4 Quality management system and its
processes
Example
Understanding the customer specification/needs. Ensure you know
exactly what the customer wants and documenting this from initial
enquiry to commissioning paper work
5.2 Policy
5.2.1 Establishing the quality policy
Example
Quality policy, company induction, basic training, tool box talks.
Example CEB QUALITY POLICY
STATEMENT
CEB is committed to providing the highest quality
voice/data communications repair and refurbishment
services to our customers by:
Example
Suitable measuring tools?
Equipment that is used to test and commission systems
such as millimeters,
insulation testers, sound pressure level meters, etc.
Maintained – calibration of all the test equipment that
you use.
Example
Skills matrix
Training records
Personnel files
7.4 Communication
7.5.1 General
The organization’s quality management system shall
include:
a) documented information required by this
International Standard;
b) documented information determined by the
organization as being necessary for the effectiveness
of the quality management system.
— the complexity of processes and their interactions;
— the competence of persons.
7.5 Documented information
7.5.1 General
This refers to what is needed for the QMS. What does this
mean? It means in order to prove that you are working a
QMS that you need to evidence it.
How can you demonstrate that you understand something
unless there is evidence?
You could explain it but it is far easier to write the system
around your business and business processes so that you
are evidencing it as a part and parcel of the way you
operate.
This means that previously, when design was not relevant as you
provided a service, that this needs to be considered even if you do not
make the products. The fact you are designing a system means you
need to consider all the elements of design
8.3 Design and Development of Products and
Services
Contract
Contract Review
Submission /Design
(Output) Verification
8.3.2 - Design and development planning
Example
Supplier approval agreements to be in place before they start
work for you – essential.
Checks on insurance, vetting , screening, etc.
8.4.3 - Information for external providers
The organization must ensure the adequacy of specified
requirements prior to their communication to external
providers.
Example
Example
Install of a server - Can be carried out in house, configuring IP
cameras pre install. Need support from the IT support at the office.
8.5.2 Identification and Traceability
The organization should use suitable means to identify “process
outputs” where necessary to ensure conformity of products and
services.
Example
A unique reference number to clients’ quotes and variations to
such.
8.5.3 Property Belonging to Customers or
External Providers
Examples:
Ensuring that products delivered to site are not damaged and are
delivered when an engineer is on site to receive it.
8.5.5 Post-Delivery Activities
Note: This is a new clause.
The organization should meet requirements, as applicable, for
post-delivery activities associated with products and services.
Customer feedback;
legal requirements;
Example
A company expands and decides to separate the enquiry &
sales department from the design department. What are the
impact? How will the new interactions between departments
operate effectively?
8.6 Release of Products and Services
correction;
segregation, containment, return, or suspension of
provision of products and services;
informing the customer;
obtaining authorization for acceptance under concession.
Simply to say that ,You should record what you do when things go
wrong:-
a) About what is wrong;
b) What you did as a result;
c) What concessions you gave (e.g. did the customer accept it but
you altered the cost?);
d) Who had the authority to make the change.
Example
9.1.1 - General
The organization should determine
what needs to be monitored and measured.
It must also determine the methods for monitoring,
measurement, analysis, and evaluation needed to
ensure valid results.
When the monitoring and measuring must be
performed.
9.1.1 - General
Checklist Questions
Show how does the organization determine what
needs to be monitored and measured?
Show how does the organization determine what
methods for monitoring, measurement, analysis and
evaluation to ensure valid results?
Show how does the organization determine what to
perform monitoring and measuring?
9.1.1 - General
So decide:
Show how does the organization analyse and evaluate data and
information arising from monitoring, measurement and other sources.
Show how the output of analysis and evaluation is used to:
a) Demonstrate conformity of products and services to requirements?
b) Assess and enhance customer satisfaction?
c) Ensure conformity and effectiveness of the QMS?
d) Demonstrate that planning has been successfully implemented?
e) Assess process performance?
f) Assess performance of external providers?
g) Determine the need or opportunities for improvements within the QMS?
Show me where the results of analysis and evaluation are used to provide
inputs to management review.
9.1.3 - Analysis and evaluation
Implementation Guidelines
You must collect and analyze QMS data that relate to the
performance, effectiveness and efficiency of products, services,
QMS processes, production output, external provider (supplier)
performance, use of resources, cost of poor quality, customer
satisfaction, etc.
You must sort and summarize the data you collect into things
gone right and things gone wrong and present them separately.
Management can then focus on continual improvement of
things gone right and take corrective action on things gone
wrong.
A summary of QMS performance data must be included in your
periodic management review.
9.2 Internal Audit
9.2.1
The organization should conduct internal audits at planned
intervals to provide information on
Implementation Guidelines
Audit process must address the responsibilities for conducting
the audits, ensuring independence, recording results, and
reporting to management.
Implementation Guidelines
Audit results,
extent to which quality objectives have been met,
You must also identify what specific documents are needed for
effective planning, operation and control of this process . These
documents may include – a documented information, review on,
schedule, agenda and action forms etc., combined with unwritten
practices, procedures and methods.
Guarding organizations
Guarding organizations may identify during a site visit that
patrols have lapsed and the
newer staff have not clearly understood the requirement.
The non-conformance would highlight the root cause, e.g.
training and perhaps insufficient detail in the assignment
instructions, and then what has been done to rectify this and
monitor that it has not lapsed again after a period of time.
The risk to be client could have been theft, lack of confidence in
the service and damage to reputation.
10.2.2 Non-conformity and corrective
action
The organization must “retain” documented information as
evidence of
the nature of the nonconformities and any subsequent
actions taken and
Example
Non-conformance has been identified during an
installation / customer visit. Make notes of what went
wrong, e.g. insufficient cable provision, additional needs to
be purchased, does this impact the length of the job, the
client impact, etc. and the cost / time?
Amend assignment instructions to reflect the change.
10.3 Continual Improvement
The organization must continually improve the suitability,
adequacy, and effectiveness of the quality management
system.