ISO 9001:2015 Requirements to not Overlook
Auditors, Consultants and Trainers etc., always give production plenty of due attention and time. Rightly so, because of the company’s core product and service activities and the ISO 9001 requirements for those QMS related functions. This will not change with ISO 9001:2015 and Clause 8 regarding Operations. Every company needs to sharpen up their knowledge in this area of the new standard. An ISO 9001:2015 Internal Auditor or Management Overview Course provides the right forum to understand how the new 9001:2015 requirements affect your Operations. We also don’t want organizations to underestimate or overlook these new ISO 9001:2015 requirements:
Context of the Organization ISO 9001:2015 Section 4.1
We have received many questions on this section of ISO 9001:2015 as the rollout continues to move forward. One of those reoccurring questions is the interpretation and focal point of Context of the Organization within ISO 9001:2015 Clause 4.1 of the new ISO 9001:2015. This Clause drives home a few key requirements: The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result (s) of its quality management system. The organization shall monitor and review information about these external and internal issues. The focal point of Context of the Organization within ISO 9001:2015 as we also see it becomes:
- Every organization needs to examine their responsibilities for their products and services that are being provided. In addition, the customer’s needs and impact on the organization’s products and services with regard to the organization’s quality management system must also be considered.
- The organization has to consider who is affected by their products and services and how the various internal and external input and output effects are realized both before and after the product or service is provided to the customer.
- The results of the organization’s examination of Context of the Organization becomes an input to the organization’s risk management process depending upon the internal and external input and output effects determined by the organization.
- The organization must understand very-well their own Plan-Do-Check-Act (PDCA) system process workflows ensuring adequate resources, documentation, and process monitoring and measurements are in place to support the context of the organization requirements defined within their quality management system.
Getting Context of the Organization adequately defined provides the proper “Planning” bridge to ISO 9001:2015 clauses 6.1.1 to 6.1.2. Who has the authority to deal with risks or problems from changes in the organization needs to be made clear and defined dovetailing with Context of the Organization within ISO 9001:2015 Clause 4.1.
We believe in our interpretation of Context of the Organization within ISO 9001:2015 Clause 4.1., that the following documentation is used to properly evaluate and demonstrate the implementation of Context of the Organization Clause 4.1:
A) Statutory and Regulatory requirements for new and existing products or services (Also reviewed and discussed within the organization’s Management Review)
B) Competitive Analysis Results
C) Completed Strengths Weakness and Opportunities Analysis (SWOT)
D) Economic Reports from various Business and Industry Sectors
E) Documented Expert Feedback from Pertinent Industry Associations
F) Updated Management Review Minutes on Clause 4.1 regarding coverage as appropriate for Legal, Technical, Competitive, Cultural and Geographic – International, National, Regional or Local Risks, or issues confronting the organization.
At ISO 9000 Group, we want clients to be capable of running their own quality management system as a direct result of the process leading to ISO 9000 certification and thereafter. Our goal is to work our organization out of a job, leading to a successful ISO 9000 certification for our client, and a quality management system that can be managed in-house by your company. Our core services include:
- Expanding the scope of an existing ISO 9000 certification
- Improving the functional performance of the current quality management system by providing the needed resources, education and training
- Facilitating a successful new ISO 9000 implementation and certification project for organizations that do not have sufficient in-house resources
Hear are some important short summaries of ISO 9001:2015 that we would like to highlight for our readers:
ISO 9001:2008 touched on the need for management dedication and responsibility regarding quality management system implementation, ISO 9001:2015 asks more of the organization’s leadership such as:
- Senior management must manage, delegate and take on a more active and participatory role within the Quality Management System (QMS).
- Leadership responsibilities are broadened and further extended with regard to the QMS deployment, encompassing strategic planning, resource commitment, QMS monitoring and process measurement and advocating the QMS internally within the organization. Senior Management should now snuggle-up, abit more with their QMS, understand their quality objectives and trend data, and using a more in-depth manner, communicate the current and future direction of their QMS. Senior Management should also be fully able to explain the various risks (internal and external) in proceeding toward their desired QMS road-map.
- ISO 9001:2015 slightly sharpens customer focus to further include both regulatory and customer related risks encountered while running the product and process activities and while implementing the QMS and monitoring of Customer Satisfaction activities.
- Lastly, under management’s responsibility, some of the actual quality management system real-time implementation activities, would now align them with the company’s Quality Director or Manager by incorporating a more interactive teamwork approach to some of the quality management system tasks and their deployment e.g., creating Quality Plans, Training and/or moving QMS conversational topics of importance downstream into various departments to drive continual improvement and promotion of organization-wide responsibility and authority to use QMS.
Section 6: Planning
When the ISO Committee discussed planning they saw the need to extend this area of the standard making it more fitting for many types of organizations and the respective industries which the ISO 9001:2015 standard would serve. By also considering the requirements of Context of the Organization this clause of the standard drives:
- Risk-Based Thinking as a tool in the QMS arsenal for the management of planning
- Objectives not just timelines can be used within the organization’s planning activities to measure planning results and drive ongoing planning updates. Progress-to-plan activities and their implemented effectiveness can further expressed within the certification audit
- Planning must be predicated on fulfilling arranged customer requirements with adequate resources and effectively implemented processes within the organization
- Updating the QMS planning process based on measurable objectives of the plan and any recently uncovered risks or opportunities. QMS changes now take on a more systematic and focused direction based upon evaluating the impact of the change including risks internally and externally. Resources may be affected by QMS changes as needed
Section 7: Support
Understanding the importance of the proper degree of resources to effectively implement a QMS, ISO 9001:2015 distinctively establishes resources and process requirements for the compliant operation and maintenance of human and physical factors Some of which are:
- Necessary financial and physical property resources are provided e.g., Personnel, Plant or Office needs
- Monitoring and Measuring these resources assuring continued fitness for their purpose
- Ensuring that internal and external documented information is reviewed and approved, available and suitable for use, maintained, protected and controlled
- Resources are determined and provided for personnel leading to the effective implementation of the QMS
- Employee competency and specific credentials are maintained
- Ensuring that the organizational knowledge needed for the organization is defined, maintained and adequately made available from internal and external sources
Section 8: Operation
Every organization must plan, implement and control their processes which ties to clause 4.4 of ISO 9001:2015 including:
- Quality planning becomes more apparent within the QMS and quality plans now impact both functional and strategic directions within the organization e.g. future plans for the integration of existing product or services into new channels such as AS9000 or TS16949 driven by a new customer’s request
- Customer or feedback and product or service nonconformities result in tightened controls in inspection, test or logistic operations requiring the organization to create specific product level quality plans
- Planning risks and opportunities need to be factored into the implementation of product and support requirements in order to define or update criteria for processes and verification activities
- Verification activities must ensure that product and service requirements are fulfilled and nonconformities are detected and corrected for out of specification events
- Design and Development is expanded to further include the level of control expected by the customer or relevant interested parties within the design and development process
- Changes to requirements for products and services are formally reviewed, amended, disseminated and that relevant personnel are informed of those changes resulting in change implementation
- Outsourced products and processes are adequately controlled including supplier selection, evaluation, monitoring and performance and re-evaluation
Section 9: Performance Evaluation
Process and Product measurements are not new to quality management systems however the 9001:2015 requirements in section 8 help to shape and define clause 6.2.1 into a system level set of measurement requirements maintained by the organization. Important performance aspects include:
- What, when, by whom and how, various measurement outcomes are measured, monitored, analyzed and evaluated within the QMS
- Process and product measurements must be adequately implemented with regard to a methodology that ensures the results are relevant and valid
- Customer satisfaction must be measured, and as with all performance evaluations clause 9.1.3 must be implemented toward any of the organization’s chosen process and product measurements
- A formal methodology for managing performance needs to be implemented by the organization e.g., management review coverage of the product and process measurements
- Performance evaluation necessitates that the process output results are utilized to improve customer satisfaction, quality objectives, process and product conformity, performance with external providers, and mitigate risks while creating QMS opportunities for formally tracked improvements
Section 10: Improvement
Reading into section 10 of 9001:2015 brings to the forefront that continual improvement promotion is strengthened. Rightly so, as this is a founding tenet of all quality management system standards used today. We don’t see this requirement being removed from the ANNEX SL structure in the near future as well. Having said that, here are a few important points:
- Improving the performance and effectiveness of the QMS is still required to further emphasize improvement, the output results of analysis and evaluation activities and the management review are used to determine needs and opportunities for continual improvement review clause 10.3
- Opportunities for improvement include product and service and allow the organization to improve while assessing future needs and expectations
- Re-organization may be considered as a factor within an improvement activity
- In considering improvements regarding future needs and expectations break-through change, and innovation may result
- Evaluate improvements, with the focus of correcting, preventing or reducing undesired effects
Nonconformity and corrective action includes determining reasons, implications and solutions for process or product noncompliance not only just correction as still encountered today
- Nonconformity and corrective action includes determining if the corrective action activities as undertaken are effective and reduce or mitigate risks associated with those events
- Early on planning-related risks and opportunities are updated as necessary after a nonconformity event
- Documented information must be retained as evidence of nonconformity and corrective action taken
Understanding some of the value of ISO 9000 certification ensures that your expectations are aligned with the new standard’s requirements and intent.