Presentation Quality Management System.ppsx

Welcome
NSAI Workshop
ISO 9001:2015 / ISO 14001:2015

Fergal O’Byrne
Head of Business Excellence
NSAI Certification

Welcome & aims of the Workshop
1. Completing the
Questionnaire 9K
and/or 14k
2. Continue and test back
at your organisation
3. Options to:
(i) Maintain manuals and
update
(ii) Maintain manuals and
address additional
requirements elsewhere
(iii) Integrate totally within
your business management
system but address
documented information
4. Deadline for old
certification:
15.09.2018
5. Upgrade at your next
audit

ISO 9001:2015 High Level Structure
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the
organization
• Understanding the
organization and its
context
• Understanding the needs
and expectations of
interested parties
• Determining the scope Of
QMS/EMS
• Quality/Env management
system and its processes
5. Leadership
• Leadership and commitment
• Quality/Env Policy
• Organizational roles,
responsibilities and
authorities
6. Planning
• Actions to address risks and
opportunities
• Quality/Env. objectives and
planning to achieve them
• Planning of changes
• Compliance obligations
(Env)

ISO 9001:2015 High Level Structure
9. Performance evaluation
• Monitoring,
measurement, analysis
and evaluation
• Internal audit
• Management review
10. Improvement
• General
• Nonconformity and
corrective action
• Continual improvement
7. Support
• Resources
• Competence
• Awareness
• Communication
• Documented information
8. Operation
• Operational planning and control
• Requirements for products and
services (Quality)
• Design and development of
products and services (Quality)
• Control of externally provided
processes, products and services
Production and service provision
• Release of products and services
• Control of nonconforming
outputs (Quality)
• Emergency preparedness (Env)

Presentation Quality Management System.ppsx

Clause 4 - Context of the
Organisation
• Context
• Interested Parties
• Scope of the Management system
• Process Approach
Clause 5 – Leadership
• The emphasis on Leadership
CONTENT
Clause 6 – Planning
• The focus on risk-based
thinking
• Management system
objectives
• How change is addressed
Clause 7, 8, 9 and 10
• QMS / EMS Questionnaires
• Process Clause Matrix

ISO 9001:2015 Contents
1. Scope
4. Context of the organization
• Understanding the organization and
its context
• Understanding the needs and
expectations of interested parties
• Determining the scope Of QMS
• Quality management system and its
processes
5. Leadership
• Quality Policy
• Organizational roles, responsibilities
and authorities
6. Planning
• Actions to address risks and
opportunities
• Quality objectives and planning to
achieve them
• Planning of changes
7. Support
• Resources
- Organizational knowledge
• Competence
• Awareness
• Communication
8. Operation
• Requirements for products and
services
• Design and development of
products and services
• Control of externally provided
processes, products and services
• Production and service provision
- Post Delivery, Control of change
• Release of products and services
• Control of nonconforming outputs
• Monitoring, measurement, analysis
and evaluation
• Internal audit
10. Improvement
• General
• Nonconformity and corrective action
Black: core MS requirements Red: new MS requirements
Green: ISO 9001 specific

ISO 14001:2015 Contents
1. Scope
4. Context of the organization
• Understanding the organization and its
context
• Understanding the needs and
expectations of interested parties
• Determining the scope of the
environmental management system
• Environmental management system
5. Leadership
• Environmental policy
• Organizational roles, responsibilities and
authorities
6. Planning
• Actions to address risks and opportunities
- General
- Environmental aspects
- Compliance obligations
- Planning action
• Environmental objectives and planning to
achieve them
- Environmental objectives
- Planning actions to achieve
7. Support
• Resources
• Competence
• Awareness
• Communication
- General
- Internal communication
- External communication
8. Operation
- Lifecycle perspective
• Emergency preparedness and response
• Monitoring, measurement, analysis and
evaluation
- General
- Evaluation of compliance
• Internal audit
10. Improvement
• General
• Nonconformity and corrective action
Black: core MS requirements Red: new MS requirements
Green: ISO 14001 specific

Clause 4.1 - Context of the organisation
• This is a new requirement and a very important one, because it is
necessary to obtain an overview of the organisation to understand the
quality challenges of the organisation, and the risk inherent in their
sector.
• An organisations context is influenced by its business environment that
characterises each sector or industry; the customers and their needs, the
required knowledge and technologies, the materials, services and systems
that are required for producing the product or service, legal, regulatory,
cultural constraints and the application and interfaces between them.
• To determine context means to identify the internal and external factors
that can impact the organisations strategic objectives and the planning of
the quality management system.
• Focus on factors that can affect customer satisfaction and delivery of
quality products and/or service.
• The context will influence the type and complexity of the quality
management system needed.

Context of the Organisation
Internal context:
• Performance factors: products and service offerings, financial
results, regulatory requirements
• Resource factors: including infrastructure, environment for the
operation of the processes, organizational knowledge, assets,
capabilities, information systems
• Human factors: such as competence of personnel, organizational
behaviour & culture, relationships with unions, suppliers & partners
• Operational factors: such as process or production and service
provision capabilities, performance of the quality management
system, monitoring customer satisfaction
• Factors in the governance of the organization, such as its rules
and procedures for decision making or organization’s structure

External context:
• Economic factors: such as money exchange rate, the general
economic situation, inflation forecasts, credit availability
• Social factors: such as local unemployment rates, safety perceptions,
educational levels, public holidays and working days
• Political factors: such as political stability, public investments, local
infrastructure, international trade agreements
• Technological factors: such as new sector technology, materials and
equipment, patent expirations, professional codes of ethics
• Market factors: such as competition, including the organization’s
market share, similar or substitute products or services, market leader
trends, customer growth trends, market stability, supply chain
relationships
• Statutory and regulatory factors: which affect the work environment
such as trade union regulations, legal and statutory requirements (e.g.
environmental legislation and codes)

• ISO 9001:2015 provides no suggested methods to analyse
the context of an organisation, but there are many models that
can help an organisation to understand the strategic nature of
their industry and how they fit into that environment
• Such as PEST / PESTLE analysis (political, economic, social
technological, legal and environmental) this analysis
determines which factors can influence how the organisation
operates.
• The PESTLE factors can be classified as opportunities and
threats in a SWOT analysis (strengths, weaknesses,
opportunities and threats)
• another method is Porter’s five force model

Context Analysis Process
• Analyse and Evaluate Internal and External Issues. Use model of
choice to identify compliance obligations, interested parties, environmental
and market factors, (create a matrix of identification, evaluation and
prioritization based on positive and negative impact (risk and opportunity)).
• SWOT analysis. Classify external factors into Strengths, Weaknesses,
Opportunities and Threats (Risks and Opportunities).
• Key Issues: From the SWOT, identify the key issues facing the
organisation, i.e. the high priority issues that must be addressed in
strategy, policy and objectives.
• Create Policy. Document, communicate and make available a policy that
addresses the key issues and commits the organization to continual
improvement.
• Set Objectives. Set objectives consistent with policy that are measurable,
monitored and communicated. SMART objectives, quality objectives,
environmental objectives etc.

PEST Analysis Template
Political Factors Economic Factors
Ecological/Environmental Issues National economic policies and
trends
National & international: current
& anticipated future Legislation
Taxation issues
Regulatory bodies Seasonal / weather issues
Government policy’s Trade & monetary conditions
Funding, grants, initiatives Specific sector conditions
Market & political lobbying
groups
Interest & exchange rates
Wars / conflicts International trade & monetary
issues

Social Factors Technology Factors
Demographics & Lifestyle trends Competing technology
development
Attitudes & opinions Associated / dependent
technologies
Consumer attitudes, opinions, &
buying patterns
Replacement technology /
solutions
Media views, advertising,
publicity
Maturity of technology /
organisations products/ services
Law changes affecting social
behaviour
Information & communications,
Social media use
Image of the organisation Technology legislation
Major events & influences Innovation potential
Buying access & trends Technology access, licensing,
patents
Ethnic / religious issues Intellectual property issues

Legal Factors Environmental Factors
Anti-trust law Weather
Discrimination law Climate change
Copyright, patents,
intellectual property law
Laws regarding environmental
pollution
Employment law Air and water pollution
Consumer protection and
e-commerce
Attitudes towards and support for
renewable energy
Health and safety law Waste management
Data Protection Attitudes towards green or
ecological products
Regional legislation Recycling
Foreign trade Energy consumption

Marketing Factors
Total market size & market penetration
Barriers to entry
Trends & indicators
State of maturity
Knowledge of customers
Competitors
Channels of distribution
Branding & packaging

• SWOT analysis is a
useful technique for
understanding your
strengths and
weaknesses, and for
identifying both the
opportunities open
to you and the
threats you face

SWOT Analysis Strategy
Opportunities
(external, positive)
Threats
(external, negative)
Strengths
(internal, positive)
Strength-Opportunity strategies
Which of the company’s
strengths can be used to
maximise the opportunities you
identifies?
Strength-Threats strategies
How can you use the
company’s strengths to
minimise the threats you
identified?
Weaknesses
(internal, negative)
Weakness-Opportunity strategies
What actions can you take to
minimise the company’s
weaknesses using the
opportunities you identified?
Weakness-Threats strategies
How can you minimise the
company’s weaknesses to
avoid the threats you
identified?

SWOT Analysis Questions
Strengths Weaknesses
What advantage does your
organisation have?
What could you improve?
What do you do better than
anyone else?
What should you avoid?
What unique or lowest cost
resources can you draw upon
that others cant?
What are people in your market
likely to see as weaknesses?
What do people in your market
see as your strengths?
What factors loose you sales?
What factors mean that you get
the sale?
What do your competitors
provide that you don't?

SWOT Analysis Questions
Opportunities Threats
What good opportunities can
you spot?
What obstacles do you face?
What interesting trends are you
aware of?
What are your competitors
doing?
Are there changes in
government policy related to
your field?
Are quality standards or
specifications for your products
or services changing?
Are there changes in technology
or markets?
Is changing technology
threatening your position?
Are there changes in social
patterns, population profiles,
lifestyle changes?
Could any of your weaknesses
seriously threaten your
business?
Local events? Do you have bad debt or cash
flow problems?

Identify the issues
that can affect your
organization, and
which of those
issues the QMS
needs to
control

EMS Organisational Context
Clause 4.1
New requirement to understand the
organisation’s context to identify
opportunities for the benefit of both
the organisation and the environment
.

4.1 Context – External issues
Cultural Economic
Social Natural
Political Technological
Legal Supply chain
Financial Competition
.

4.1 Context – Internal issues
Organisational structure
Legal compliance
Policy, objectives and strategies
Capability and capacity
Information systems
Internal relationships
Management standards
Organisation style and culture
Contractual relationship
.

Examples of internal and external which can
be relevant to the organisation include
environmental conditions related to air and
water quality, land use, existing
contamination, natural resources availability
and biodiversity that can affect the
organisation or be affected by the
organisations aspects.
.

For example:
• A small distribution business of imported goods could find out
what external issues could affect the achievement of its
quality management system’s intended results: its government
policy for import-export activities, the type and quantity of its
competitors, the culture of local consumers, or its credit
availability.
• internal issues that could affect its intended results include:
its infrastructure, organizational knowledge, delivery
capabilities and the competence of people working on its
behalf.
• Internal and external issues can change, and therefore its
context should be monitored and reviewed on a regular basis.

Context Of the Organisation
Complete Questionnaire
• QMS Question A1 & A2
• EMS Question 4.1
Later
• Develop PESTEL / SWOT analysis
.

Clause 4.2 - Interested Parties
• The definition of “interested party” states that it is a “person
or organization that can affect, be affected by, or perceive itself
to be affected by, a decision or activity”.
• The intent of this requirement is to ensure that you consider
the requirements of relevant interested parties, beyond just
those of the customer and end user. However, you only need to
focus on those relevant interested parties which can have an
impact on your ability to provide products and services that
meet requirements.
• There will be those external interested parties that impose
specific legal, regulatory or contractual requirements.
• There may be also requirements specified by internal
interested parties, such as : management, staff, shareholders,
trade unions, etc.

Identifying Interested Parties
The list of relevant interested parties can be unique to your
organisation. You can develop criteria for determining relevant
interested parties by considering their:
• possible influence or impact on the organisations performance or
decisions
• ability to create risks and opportunities
• possible influences or impact on the market
• ability to affect the organisation through their decisions or
activities
Need to understand the needs, expectations, and requirements of
your interested parties / stakeholders.
Determine which of these needs and expectations become the
organization’s ‘requirements
These are critical to ensuring that your products or services meet
requirements which is the reason for having QMS.

Classifying Interested Parties
Group interested parties based on their relationship
with the organisation by their:
• Responsibility – investors, etc.
• Influence – pressure groups, etc.
• Proximity – neighbours, etc.
• Dependency – employees, etc.
• Representation – trade unions, etc.
• Authority – regulators, etc.
Different groups may require a different management
approach, relevance, needs and expectations

Power and Interest Matrix
Useful tool for helping you decide
how to manage a particular
Interested party
How much interest do they have in
your decisions and activities –
interpreted as the strength of their
relevance
How much power or influence do
they have over your decisions and
activities – interpreted as their
significance or risk
Plotting helps to prioritise the effort
required to meet their needs and
expectations

Interested Parties
Interested Parties List
Interested Party Int. / Ext Reason for Inclusion
Certification Body External Audit for ISO compliance, issue certifications
Customers External Purchase our products and services
People in the organisation Internal
Directly responsible for manufacture of products, delivery of
service
End User External End user of our products and services
Investors Internal Have direct concern over the financial health of the company
Labour Union Representatives Internal Concerned with compliance to labor contract, represent workers
Local Community External Impacted by our activities in the region
Partners Internal
Assist in financial support and management guidance of the
company
Public External Concerned with compliance to labour contract, represent workers
Regulatory Body External Mandate regulatory requirements
Supplier External Provides our raw materials and critical support services
Top Management Internal Has direct responsibility for management of the company

Interested
party
QMS requires
from Interested
Parties
Needs and expectations of
Interested Parties
Customers,
Retailers,
Distributors
Specifications for
design, manufacture,
delivery, support
Design, quality, price, quick
response & on-time delivery of
Owners
Share Holders
Board
Financial investment,
Decisions & support
Improvements
Sustained profitability,
Return on investment,
Transparency, Legal compliance
People in the
organization
Leadership,
Motivation, Direction
Involvement. Products
& Services. Follow
QMS requirements.
Good work environment, Health &
safety, Job security, Professional
development, Recognition and
reward, Training, Working
relationships
External
Providers
Partners
Products, Services or
Raw Materials.
On-time delivery.
Reliability.
Mutual benefit and continuity,
Prompt payment, Good working
relationship
Society
Regulatory
Authorities
Legal & regulatory
requirements.
Certainty of law
Environmental protection
Ethical behaviour
Compliance with statutory and
regulatory requirements
Conformity to industry codes &
standards

Interested
party
QMS requires from
Interested Parties
Needs and expectations of
Interested Parties
Local
residents
Workforce,
Good relations
Safe working conditions,
environmentally friendly
operations
Bank /
Finance
Good Governance,
Stability, Credit
Financial performance
Cash flow
Trade
Unions
Realistic expectations
Co-operation
Employment law compliance,
Good working relationship with
management
Insurers Guidance on risk,
identification,
treatment, avoidance
No claims
Risk management
Prompt payment
End Users Details of their
needs, expectations
and requirements
Performance, ease of use, safety,
reliability, maintainability,
disposability

Interested Parties
Interested
Parties (IP)
QMS
requires
from IP
IP Needs &
Expectations
Issues
/ Risks
Objectives Risk Analysis
Treatment Plan
Priority
Board
Customers
Competitors
Regulators
Neighbours /
Society
Staff
Financial
Institutions
Shareholders /
Owners
Suppliers

Issues
Issues List
Ln Interested Party Issue of Concern Bias
Processes
Affected
Priority Treatment Method Record Reference / Notes
1 Certification Body Level of compliance to ISO 9001. Mixed Process 1 Low Internal Auditing See audit records
2
3 Employee / Staff Expect to be compensated Risk QMS Management Medium
Manage company finances
appropriately
Financials (confidential)
4 Employee / Staff Expect satisfactory equipment, facilities Risk QMS Management Medium Internal Auditing See audit records
5 Employee / Staff Require appropriate training Risk QMS Management Low
Training provided, assessed
through audits
See training records
6
7 Management Company must remain financially healthy Risk QMS Management Medium
appropriately
8 Management QMS processes must be efficient Risk QMS Management Medium Internal Auditing See audit records
9 Management Concerned with growth of company Opportunity QMS Management Medium Management Review Activity See Opportunity Register
10
11 Direct Customer Expect high quality products Risk Manufacturing Medium Risk Register / FMEA See Risk Register Line 4, 7, 15
12 Direct Customer Expect on time delivery Risk Manufacturing Medium Risk Register / FMEA See Risk Register
13 Direct Customer
Could be source of referrals to new
customers
Opportunity Quoting and Orders Medium Marketing Enhancement See Mgmt Review records
14 Direct Customer Flows down QMS requirements Risk Quoting and Orders Medium Internal Auditing Internal audit records
15
16 Local Community Expect us not to pollute environment Risk QMS Management Low Other
17 Local Community Expect us to be a "good citizen" locally Risk QMS Management Medium Other Good management practices
18 Local Community Hope us will hire and retain local workers Mixed QMS Management Low
No Action: Accept Risk per Mgmt
Decision
We do this naturally
19 Local Community Can provide positive press Opportunity QMS Management Low
No action, proceed normally for
now
Maintain good relations locally
20
21 Regulatory Body
Must comply with all regulations and
statutes
Risk QMS Management High
No Action: Accept Risk per Mgmt
Decision
Do this as normal part of business
22
23 Supplier Expect to be paid promptly Risk Purchasing Medium
appropriately
24 Supplier Require clearly defined requirements Risk Purchasing Medium Risk Register / FMEA See Risk Register
25 Supplier Require adequate notice of rush jobs Risk Purchasing Medium Risk Register / FMEA See Risk Register
26 Supplier
Vendor performance impacts on our
reputation
Mixed Purchasing Medium Vendor Auditing
Flow down of requirements on POs;
auditing if needed

EMS Internal interested parties
• Employees
• Unions
• Worker representatives
• Managers
• Parent organisation
• Investors or donors
• Board of directors
• Shareholders
41.

EMS External interested parties.
• Customers & clients
• Neighbouring community members
• Suppliers & subcontractors
• Government agencies
• Local, national authorities
• Trade associations
.

EMS External Interested parties
• Legal advisors
• Competitors
• Insurers
• Regulatory bodies
• 1. EPA
• 2. HAS
• 3. SEAI
.

EMS External interested parties
• Sub-consultants
• External suppliers
• Members of the public
• Accreditation bodies
• Professional institutions
• Financial institutions
.

Interested Parties
For example:
• A small distribution business of imported goods could find
out that regulations requires it to obtain permits, licences
or other forms of authorizations; the local community
expects it to provide safe working conditions and have
environmentally friendly operations; its shareholders
demand a reasonable profit.
• The intent of this requirement is to ensure that you
consider the requirements of relevant interested parties,
beyond just those of the customer and end user. However,
you only need to focus on those interested parties which
are relevant to your quality management system.

Interested Parties
• QMS Question A3
Later
• Develop an interested parties matrix
. .

Clause 4.3 - Scope of the QMS
• The scope is a vital part of the QMS as it defines how
far the QMS extends within the company’s operations
(boundaries),
• The scope shall state the types of products and
services covered, and provide justification for any
requirement of ISO 9001:2015 that the organization
determines is not applicable to the scope of its QMS.
• The organization’s scope shall be maintained as
documented information, e.g.:- quality manual;
marketing materials; website; etc. must be clear on
the scope of its QMS certification to avoid confusing
or misleading customers.

Scope of the QMS
The scope of the QMS, should be established based on the:
• context-related external and internal issues
• relevant requirements from relevant interested parties
• products and services of the organization
In determining the scope, you should also establish the
boundaries of your QMS by considering such issues as:
• infrastructure of the organisation
• organisations different sites and activities
• commercial policies and strategies
• centralised or external provided activities, processes,
• organizational knowledge

Scope of the EMS
Scope to be maintained as documented information
giving consideration to:-
• external and internal issues
• compliance obligations
• organisational set up
• activities, products and services
• authority and ability to exercise control and
influence.
.

Scope of the QMS
For example, in determining the scope for a small distribution business of
imported goods, after analysing the collected information, it can find
that:
• the requirements in clauses 8.3 and 8.5.3 are not applicable because
it does not carry out design and development, and does not have any
property belonging to their customers or external providers
• there is only one site for its operations that it needs to consider in the
context-related issues, and sterilisation process is outsourced
• The scope may be: Import and commercialization of glass
bottles for cosmetics in the Technology Park facility for the
European market, with the sterilisation process outsourced.
• The outputs of the activities listed above should be available in a
documented scope, including the justification of the non-applicable
requirements, and any outsourced processes
• NOTE: Be aware that the “scope of the quality management system”
may differ from “the scope of certification to ISO 9001:2015”.

Scope of the QMS
• QMS Questions A4, A5
Later
• Discuss and document scope with
management
. .

Clause 4.4 - QMS Process
All organisations use processes to achieve their objectives
• is a set of interrelated or interacting activities that uses inputs to deliver
an intended result
• has built-in controls and checks of performance and promotes
improvement.
• The inputs and outputs may be tangible (e.g. materials, components or
equipment) or intangible (e.g. data, information or knowledge)
The process approach includes establishing the organisations processes
needed to operate as an integrated and complete system
• The management system integrates processes and measures to meet
objectives
• Processes define interrelated activities and checks, to deliver intended
outputs
• Details planning and controls can be defined and documented as needed,
depending on the organisations context

Risk-based thinking, PDCA & the process approach
• The process approach enables an organisation to plan its
processes and their interactions.
• The PDCA cycle enables an organisation to ensure that its
processes are adequately resourced and managed, and that
opportunities for improvement are determined and acted upon.
• Risk-based thinking enables an organisation to determine the
factors that could cause its processes and its quality
management system to deviate from the planned results, to
put in place preventive controls to minimise negative effects
and to make maximum use of opportunities as they arise.

Risk-based thinking, PDCA & the process approach
These three concepts together form an integral part of ISO
9001:2015 standard. Risks that may impact on objectives and
results must be addressed by the management system. Risk-
based thinking is used throughout the process approach to:
• Decide how risk is addressed in establishing the processes to
improve process outputs and prevent undesirable results.
• Define the extent of process planning and controls needed
(based on risk).
• Improve the effectiveness of the quality management system
• Maintain and manage a system that inherently addresses risk
and meets objectives.

PDCA Tool
PDCA is a tool that can be used to manage processes and
systems:-
• P Plan: set the objectives of the system and processes to
deliver results (“What to do” and “How to do it”)
• D Do: implement and control what was planned
• C Check: monitor and measure processes and results
against policies, objectives and requirement ,and report
results
• A Act: take action to improve the performance of
processes
PDCA operates as a cycle of continual improvement, with
risk-based thinking at each stage

Process approach
For example:
The processes needed for a small distribution business of import
goods may be:
• Strategic planning process
• Commercial process
• Procurement and import process
• Distribution process
• Administration process
• IT support process
• QMS process

Assembly Process Model
QMS Procedures / Documents
QP08 Control of Non-Conformance
OP09 In process Inspection of Product
OP11 Packaging of Product
OP12 Scheduling
OP15 Assembly Work Instruction
CM01 Competency Matrix
ETC.
.
A different example is shown below for an assembly
process; this would be repeated for all the other processes
in the organisation.
Assembly Process Owners
Position
Production Manager
Production Supervisors
Process Engineer

From Process Inputs
Assembly
Process
Outputs To Process
QA Test Quality Plan Records Assembled Products QA Test
Material Control Materials Quality Plan Records QA Test
Product Engineering Drawings Completed Control Charts Data Analysis
Product Engineering Machine Programs Non-conforming products Rework & Repair
Order Review &
Scheduling
Production Schedule
Product Engineering Control Charts
Resource
Management
Manpower

Measurement Target
First Pass Yield ≥ 98%
RMA ≤ 500 DPPM
Machine Utilisation 86%
On time delivery to customer ≤ 3 days
Absenteeism 3.5%

.
Application and Quotation
Process
Application and Quotation Process
Process
Suppliers Inputs Outputs Customers
Application Quotation
Phone Call / Email 1. Client Inquiry
Client
3. Review RFQ (not offered)
Marketing
Marketing Client Request
Send RFQ
Decision - No Client /Marketing
Completed RFQ Decision - Yes Marketing
4 Log Data
5. RFQ Complete (no)
Update Goldmine
Return RFQ to
Client
Marketing
Completed RFQ
Client
Client Completed RFQ  Client
3.2 Review RFQ (offered)
2. Send out RFQ
Client Completed RFQ
Email Client
Completed RFQ 6. RFQ Complete (yes)
Client Operation
Manager
Operation
Manager
Complete RFQ
RFQ to Manager
7. Complete Quote
+ Manday Sheet
Quote / Manday
Sheet
Marketing
Send RFQ
Decision - No
Decision - Yes
Email
Client

Process Interaction
CUSTOMER
Finished Goods
Delivery Notes
& Invoices
Communication
Channel
12. Internal Audits, CAR’s
Document/Record Control
10. Management
Responsibility
11. Resource
Management
13. Analysis of Data,
Continuous improvement
Feedback
Realisation Processes
CUSTOMER
Communication
Channel
1. New Product
Introduction
2. Purchasing
1. Product
Engineering
3. Order Review &
Scheduling
Customer Service
4. Warehouse/
Material control
5. Assembly
6. QA Test &
Verification
8.
Material
Control
9 Shipping
7. Rework and
Repair
Production Schedules & Previsions Lists
Non
Conforming
Products
Non Conforming
Products
Manufacturing
Processes
Material Control
Processes
Customer Related
Processes
Material Control
Process
RMA Products
15. RMA
Material
Control

QMS Processes
• QMS Question A6
Later
• Develop your processes, identify the
inputs and outputs, identify the risks in
each process, and define your
measurements and targets
. .

Clause 5 - Leadership and commitment
• Top management is defined in ISO 9001:2015 as the “person or group
of people who directs and controls an organization at the highest level”.
In a small organization this may include the owner or partners and a few
key people who report directly to them.
• The intent of this requirement is to ensure that top management,
demonstrate leadership and commitment by taking an active role in
engaging, promoting, and ensuring, communicating and monitoring the
performance and effectiveness of the quality management system.
• If you want your quality management systems to be successful you need
management support. Without this support the QMS will be overtaken by
other priorities and the benefits from using continual improvement to
focus on customer needs will be lost.
• The role of top management is to inspire by leading by example.
• Top management is expected to be “hands on” and to ensure that the
quality policy and quality objectives are consistent with the overall
strategy and context.

Leadership
• Quality policy basically unchanged, emphasis on communication.
• No requirement for a management representative, yet the
responsibilities and authorities still remain.
• including:
- that processes are delivering their intended outputs,
- promotion of customer focus,
- reporting on the performance of the QMS
- ensuring the integrity of the QMS is maintained during changes.
Clause 5.2 – Quality Policy
Clause 5.3 – Organisational roles, responsibilities and authorities

How to show commitment
• QMS effectiveness is measured, & management is involved in
assessing this, (Management Reviews).
• The Quality Policy and objectives are in place per management
direction, communicated in the organization, and tracked for
progress.
• Ensuring the integration of the quality management system
requirements into the business processes (not a side project).
• Resource needs are reviewed and addressed by management.
• Continual improvement is promoted and supported by
management.
• Ensuring that recommendations from audits, corrective actions,
management reviews, etc. are implemented.

How to show commitment
• There is a way to ensure customer, statutory and regulatory
requirements are understood and met, and people understand
why this is important.
• Management focus on customer satisfaction.
• Organizational roles, responsibilities, and authorities are
assigned, understood by the person who is assigned, and
known to all employees.
• Top management will be expected to not only ensure that its
commitment is well known throughout your organization, but
also to keep appropriate records to show how this was
achieved, reports of management meetings can be used to
provide such evidence.

Leadership
• QMS Question B1 to B9
• EMS Question 5.1 to 5.3
Later
• Organisation Chart
• Ensure that all management attend the
management review, ensure that they are
aware of the management system
requirements and their responsibility for
implementing the management system
15/05/2023 .

Clause 6.1 - Risk-based thinking
• One of the key changes in the 2015 revision of ISO 9001 is to
establish a systematic approach to considering risk, by using risk-
based thinking the QMS becomes proactive rather than reactive
in preventing or reducing undesired effects through early
identification and action. Preventive action is built-in when a
management system is risk-based
• In establishing and operating the QMS, your organization should
identify what it wants to achieve, i.e. objectives and intended
results. Risk is the effect of uncertainty on these objectives and
intended results
• You should consider the external and internal issues and relevant
interested parties that can have an impact on achieving these
objectives and its intended results. In identifying the needs of
these interested parties, the risks and opportunities for the QMS
that need to be addressed should be determined.

Risk-based thinking
• Having identified the risks and opportunities that can impact the
QMS, you should plan actions to address these. The determined
actions need to be incorporated into the processes of both the
quality management system and the wider business systems, and
the effectiveness of these actions evaluated.
Actions to address risk include developing appropriate process
controls, for example:
• the inspection, monitoring and measuring of processes, products
and services;
• calibration;
• product and process design;
• corrective actions, and in particular making sure that these are
extended to other relevant areas of the organization;
• specified methods and work instructions;
• the training and use of competent persons.

Risk-based thinking
• is not new
• is something you probably do already
• is ongoing
• ensures greater knowledge of risks and improves
preparedness
• increases the probability of reaching objectives
• reduces the probability of negative results
• makes prevention a habit
• is a systematic approach to risk management

Risk identification
Identify what your risks are –
• Determining the factors that could cause a process or the entire
QMS to deviate from the planned results
• it depends on context, interested parties
• prioritize the way you manage your processes
• balance risks and opportunities
Example:
• If I cross a busy road with numerous fast-moving cars the risks
are not the same as if the road is small with only a few slow-
moving cars. It is also necessary to consider such things as
weather, visibility, personal mobility and specific personal
objectives (context).

Risk analysis
Prioritise the risk in order based on frequency, likelihood, severity, impact on
objectives, monetary consequences, loss of customers, legal exposure, impact
on interested parties. Identify what is acceptable and what is unacceptable.
Example: Objective: I need to safely cross a road to reach a meeting at a
given time.
• It is UNACCEPTABLE to be injured. It is UNACCEPTABLE to be late.
• Reaching my goal more quickly must be balanced against the likelihood of
injury. It is more important that I reach my meeting uninjured than it is for
me to reach my meeting on time.
• It may be ACCEPTABLE to delay arriving at the other side of the road by
using a footbridge if the likelihood of being injured by crossing the road
directly is high.
• I analyse the situation. The footbridge is 200 metres away and will add time
to my journey. The weather is good, the visibility is good and I can see that
the road does not have many cars at this time.
• I decide that walking directly across the road carries an acceptably low level
of risk of injury and will help me reach my meeting on time.

Risk evaluation
Plan actions to address the risks
how can I avoid, eliminate or mitigate risks?
Example:
• I could eliminate risk of injury caused by being hit by a vehicle
if I use the footbridge but I have already decided that the risk
involved in crossing the road is acceptable.
• Now I plan how to reduce either the likelihood or the impact of
injury. I cannot reasonably expect to control the impact of a car
hitting me. I can reduce the probability of being hit by a car.
• I plan to cross at a time when there are no cars moving near me
and so reduce the likelihood of an accident. I also plan to cross
the road at a place where I have good visibility.

Risk treatment
Implement the plan – take action
• Avoidance: Eliminate causes, changing plans, discontinuing
activities, etc.
• Mitigation: Reduce event probability, limiting exposure, reducing
impacts, etc.
• Acceptance: Taking no action and accepting consequences
• Transference: Removing impact / consequences by reassigning
responsibility
• Exploitation: Increasing probability while maximising possible
effects
Example:
• I move to the side of the road, check there are no barriers to
crossing. I check there are no cars coming. I continue to look for
cars whilst crossing the road.

Risk monitoring & review
Check the effectiveness of the action – does it work?
Periodically reviewing identified risks, identifying new risks
(internal/external), ensuring proper execution of planned risk treatments
• Example: I arrive at the other side of the road unharmed and on time:
this plan worked and undesired effects have been avoided.
Learn from experience – improve
• Example: I repeat the plan over several days, at different times and in
different weather conditions.
• This gives me data to understand that changing context (time, weather,
quantity of cars) directly affects the effectiveness of the plan and
increases the probability that I will not achieve my objectives (being on
time and avoiding injury).
• Experience teaches me that crossing the road at certain times of day is
very difficult because there are too many cars. To limit the risk I revise
and improve my process by using the footbridge at these times.
• I continue to analyse the effectiveness of the processes and revise them
when the context changes.

Risk monitoring & review
Also continue to consider innovative opportunities:
• can I move the meeting place so that the road does not have to
be crossed?
• can I change the time of the meeting so that I cross the road
when it is quiet?
• can we meet electronically?

Risk Assessment Techniques
• There is no requirement in ISO 9001:2015 to use
formal risk management in the identification of risks and
opportunities. You can choose the methods that suit your
needs.
• ISO 31000 Risk Management – more formal
approach, not obligatory
• The standard IEC 31010 Risk management – Risk
assessment techniques provides a long list of risk
assessment methodologies, some of which may be
appropriate, depending on what your organization does
and its context.

Risk Assessment Techniques
• Tools such as Strengths, Weaknesses, Opportunities and
Threats analysis (SWOT); Political, Economic, Social,
Technological, Legal, Environmental analysis (PESTLE); and
Porter’s 5 Forces industrial analysis, can be used. A simple
approach can include asking "what if" questions. Application
of Brainstorming techniques can be used as one of the
effective tools for application of risk based thinking.
• Some techniques can be more popular in certain sectors, e.g.
Failure, Mode and Effects Analysis (FMEA) in the automotive
sector; Failure, Mode, Effects and Criticality Analysis (FMECA)
in for the medical devices sector; Hazard, Analysis and Critical
Control Points (HACCP) for the food sector. It is for you to
decide which methods or tools to use.

SWOT Analysis for computer store
Strengths Weaknesses
Knowledge: our competitors are pushing
boxes, but we know systems, networks,
programming, and data management
Price & Volume: The major stores are pushing
boxes and can afford to sell for less.
Relationship selling: we get to know our
customers, one by one
Brand power: We cant match the competitors
full-page advertising in the Sunday papers. We
don’t have the national brand name.
History: we've been in our town forever. We
have the loyalty of customers and vendors
Service: We are not open the same hours as the
major stores.
Opportunities Threats
Training: The major stores don’t provide
training, but as systems become more
complex, training is in greater demand
The larger price-oriented store: When they
advertise low prices in the newspaper, our
customers think we are not giving them good
value.
Service: As our target market needs more
service, our competitors are less likely than
ever to provide it.
The computer as appliance: Volume buying of
computers as products in boxes. People think they
need our services less.

Risk Register
No.
Category
Risks
Objectives
Owner
Risk
Treatment
in
place
Likelihood
Consequences
Level
Actions
Due
Date
1 Technology Confidential
information being
disclosed to
unauthorised
parties
AB - Clear policy on access control in place
- Data in transit is always encrypted
- Audit logs record access to sensitive
information
4 5 20
2 Supply Supplier failing to
deliver service as
per the SAL -
Telecom Co.
CD - Formal contract in place
- Clear communications channels established
- contract subject to Formal regular review
4 4 16
3 Environme
nt
Loss of a key
facility through
fire
IL - Smoking is not allowed in the building
- Work on electrical installation is subject to
a Work permit
- Flammable liquids and combustible
materials are strictly controlled
- Fire protection is installed throughout the
building
- building and contents are insured
3 4 12
4 People Lack of expertise
of employees
EF - All employees receive induction training
- Structured training program in place
3 3 9

Risk Register
Risk Register
# Process Risk
Probability
(of risk occurring)
Prob.
Rating
Consequence (if risk is encountered)
Cons.
Rating
Risk Factor
(Probability x
Consequence
Mitigation Plan
(required for risk
factors >8)
May reference
external plan
document
Risk Factor
after
Mitigation
Likelihood
Previous
Occurrences
Potential
Loss of
Contracts
Potential
Harm to
User
Inability to
Meet Contract
Terms /
Requirements
Potential
Violation of
Regulations
Impact on
Company
Reputation
Estimated
Cost of
Correction
1
2
3
4

Opportunity Register
Opportunity Register
Number of active improvement
activities
# Process Opportunity
Probability (of achieving the
opportunity)
Prob.
Rating
Benefit (if opportunity is encountered)
Ben.
Rating
Opp.
Factor
(Prob. x
Benefit)
Opportunity Pursuit
Plan
(suggested for Opp.
Factors >8)
Post-
Implementation
Success?
Status
Likelihood
Previous
Occurrences
Potential for
New
Business
Potential
Expansion of
Current
Business
Potential
improvement in
satisfying
regulations
Potential
improvement to
internal QMS
processes
Improvement
to Company
Reputation
Potential
Cost of
Implementat
ion
1
2
3
4
5
6

Lists
OPP
RATING:
RISK
RATING
LIMIT:
Type Priority Treatment Bias Processes Likelihood Occurrences Potential Violation correction reputation cost
reputati
on
score Success
8.0 8.0 External Emergency
No Action: Accept
Risk per Mgmt
Decision
Opportunity
All
Processes
Cannot occur /
not applicable
Has never
occurred.
None / NA None / NA € 0 None > €1,000,000
No impact
/ NA
1
Opportunity
Failed
Internal High
Risk Register /
FMEA Style
Risk Process 1
Unlikely to
Occur
Has not
occurred in
past 10 years.
Minor Possible < €100,000 Minimal > €500,000
Minimal
impact
2
Opportunity
Abandoned
Medium
Root Cause
Analysis
Neutral Process 2
Somewhat
likely to occur
Has occurred
in past
10 years.
Moderate Definite < €500,000 Moderate < €500,000
Moderate
impact
3
Met some
expectations
Low Internal Auditing Mixed Process 3 Likely to occur
Has occurred in
past 5 years.
High High > €500,000 Severe < €100,000
Good
impact
4
Met all
expectations
Root Cause
Analysis
Process 4
Very likely
to occur
Has occurred in
past year.
Very High Legal Risk > €1,000,000 Very severe €0 or N/A
Great
impact
5
Exceeded
expectations
Corrective Action
(CA)
Process 5
Vendor Auditing Process 6
Other Auditing Process 7
Management
Review Activity
Process 8
Marketing
Enhancement
Process 9
Other Process 10
Other

EMS Risks & Opportunities
Areas of focus
• Other risks and opportunities
• Significant environmental impacts
• Compliance obligations
• Planning action
• Environmental objectives
Significant aspects can result in risks and opportunities
associated with adverse impacts (threats) or beneficial impacts
(opportunities)
.

Risk & Opportunity
• QMS Questions C1, C2, C3
Later
• Develop a risk register and treatment
plan
. .

Clause 6.2 - Quality Objectives
• Establishing objectives and planning how to achieve them can
help your organization to accomplish its business goals.
• The quality objectives take the goal(s) stated in the quality policy
and turn these into statements for improvement against which
plans can be made
• Quality objectives may be established to measure the
performance of products, processes, customer satisfaction,
suppliers, use of resources, and the overall performance and
effectiveness of the quality management system
• Quality objectives can be technical, strategic or operational.
• If you state in your policy that you will “meet customer
requirements”, then you might set customer focused objectives
for: product defects, customer complaints and returns, on-time
delivery, etc.

Quality Objectives
Examples of quality objectives:
• Product: reduction in defect rates, PPM, scrap rates, on-
time delivery
• Process: improving productivity, reduction of waste, set-
up times or rework, improved cycle times
• Customer: product returns, reduction in complaints,
improvement in customer satisfaction scores, improved on-
time delivery.
• Suppliers: reduction of complaints or defects, improved
on-time delivery
• Resources: availability, capability, personnel, competency,
efficiency, absenteeism

Quality Objectives
• The objectives should be designed to be SMART (setting
objectives that are Specific, Measurable, Achievable,
Realistic and Time-based).
• Specific: Clear and concise
• Measurable: If you cant measure, how do you know it has
been achieved.
• Achievable: personnel need to agree that the objective is
achievable
• Realistic: do not set unrealistic goals
• Time-based: Need to set a due by date to focus attention
and to monitor achievement to your goals

Quality Objectives
Quality objectives shall:-
• Consistent with quality policy
• Relevant to products & services and enhance customer
satisfaction
• Measurable
• Monitored
• Updated
Organisation shall determine:-
• What will be done
• Resources required
• Responsibility
• Timeframe
• How results will be evaluated

Quality Objectives
• QMS Question C5
Later
• Discuss quality / environmental
objectives with management , and
develop a plan for each objective
. .

Clause 6.3 – Planning of Changes
• One of the goals of the ISO 9001:2015 is to enhance the requirements for
addressing changes at system and operational levels. Once an organisation
has identified its context and interested parties and then identified the
processes that support this linkage, addressing changes becomes an
increasing important component of continued success.
• Once processes are determined, an organisation will need to identify the
risks and opportunities associated with these processes. To achieve the
benefits associated with the determination of risks and opportunities,
changes may be needed.
• Changes are intended to be beneficial to the organisation and need to be
carried out as determined by the organisation (change control) to prevent
undesirable effects during and after a change.
• In day-to-day business, many changes can impact on the QMS. In some
cases, a change can lead to a reactive action such as re-work, segregation
of nonconforming products, or cancellation or postponement of a service.
• Triggers that can cause a change to QMS:- Customer feedback, innovation,
product nonconformity, determining risk, employee feedback, etc.

Examples of Change
1. Extensive repairs are planned on a major route. A bus company
recognises that this will affect the companies ability to meet customer
requirements and reliably deliver its usual service. To plan changes
they consider:
a revised route to avoid the road works and excessive delays, revising
its timetable to take into account the extra time needed, if extra buses
need to be put onto the route during this period, appointing a named
person to deal with enquiries and complaints about the changes.
2. As part of its annual planning a business can identify specific times in
the year where a high peak of demand will occur due to regular events.
The management can make provisions to be prepared and get more
business due this opportunity. On the other hand, there may be an
irregular events. The management could not be expected to be aware
that this would happen and will need to react to this unexpected
demand. This is where a process for dealing with unplanned changes is
valuable. The management can pre-arrange to have some local vendors
ready to react to requests for additional supplies, and also to have
additional staff on standby.

Steps to implement changes
• Define the specifics of what is to be changed
• Have a plan (tasks, timeline, responsibilities, authorities, budget,
resources, needed information, others)
• Engage other people as appropriate in the change process
• Develop a communication plan (appropriate people within the
organization, customers, suppliers, interested parties, etc. may need to
be informed)
• Use a cross functional team review the plan to provide feedback related
to the plan and associated risks
• Train people
• In implementing changes, you should also consider the impact on the
current scope of the QMS.
• Measure the effectiveness and identify any additional problems, update
QMS if necessary
• The organization shall retain documented information describing the
results of the review of the changes, the person authorizing the change,
and any necessary action arising from the review.

Types of changes
• Process changes (inputs, activities, outputs, controls, etc.)
• Communication with customers
• Communication with supply chain
• Inspection, Equipment
• Employee training / competence
• Introducing a new process
• Provide / change documented information
• Outsource a process
• Many others
NOTE
Prior to making a change, consider unintended consequences
After making a change, monitor the change for effectiveness

Planning of Changes
.
• QMS Question C4
Later
• Implement a change control method
within your organisation, and educate
management /employees
.

Clause 7 – Support
Clause 7.1 Resources
Clause 7.1.1 General
• Organisation to consider capabilities and constraints of existing internal
resources and what needs to be obtained from external resources.
Clause 7.1.2 People
• The term people replaces human resources.
Clause 7.1.3 Infrastructure
• No changes.
Clause 7.1.4 Environment for the operation of processes
• Used to be “Work environment”.
• Need to identify and maintain the environment that your organisation needs
in order to support process operations and to achieve conformity of
products and services.

• “Equipment” has been replaced by “resources”,
• Resources include work tools, human resources, test methods,
software, etc. This may have a big impact for service
organisations, which may have previously excluded Clause 7.6
Control of monitoring and measuring equipment.
• Organisations need to determine the suitability of the resources
and retain documentary evidence of fitness for their purpose.
• Acknowledgement that professional judgement ,software, etc.
may also be a measuring resource
• Less descriptive on calibration.
Clause 7.1.5 – Monitoring and measuring resources

• Organisations have to determine the knowledge it needs for the
operation of its processes and to achieve conformity of products and
services.
• Has to obtain and maintain that knowledge, and make available as
necessary (internal or external).
• When addressing changing needs or trends, the organisation shall
consider current knowledge and determine how to obtain necessary
additional knowledge.
• Knowledge is gained by experience, its information that is used and
shared, intellectual, lessons learnt from past experience.
• External sources: obtained from customers, external providers,
conferences, academia.
Clause 7.1.6 – Organisational knowledge (new sub-clause)

• “Competence” replaces “Competence, training and awareness”.
• Extension of competence from those whose “work affecting conformity to
product requirements” to “affects its quality performance”. Includes
external resources.
• A note is included to explain applicable actions can include:- provision of
training, mentoring, hiring or contracting of competent persons.
Clause 7.2 – Competence
Clause 7.3 – Awareness
• Awareness now includes the quality policy, quality objectives, contribution
to effectiveness of QMS, benefits of improved quality performance and
implications of non-conforming with the QMS requirements.
• There is an increased emphasis on awareness to ensure that everyone
knows the implications of not conforming to the QMS.
• An employee who is not aware or untrained represents a potential risk.

• “Communication” replaces “Internal communication”, and includes
internal and external communications relevant to the QMS.
• Develop a communications plan, which can include a variety of
mediums including: briefings, seminars, newsletters, noticeboards,
conferences.
• Requires the organisation to determine the what, when, with whom,
how, and who communicates.
• Customer communication is addressed in Clause 8.2.1, as it determines
the requirements for products and services.
Clause 7.4 – Communication

• The term “documented information” replaces “documentation”,
“documented procedure” and “records”.
• Fewer prescriptive requirements, no requirement for quality manual or
documented procedures.
• But documented procedures could be seen as one form of risk control.
• The QMS shall include documented information determined by the
organisation as being necessary for the effectiveness of the QMS.
• It does require “documented information to be either maintained
(procedure) or retained (record), documented information is mandatory
on clauses 4.3, 4.4, 5.2.2, 6.2.1, 7.1.6, 7.2, 7.5.1, 8.1, 8.2.3, 8.3.2,
8.3.3, 8.3.4, 8.3.5, 8.3.6, 8.4.1, 8.5.1, 8.5.2, 8.5.6, 8.6, 8.7, 9.1.1, 9.2,
9.3, 10.2.
• More flexibility on the type of documents, format must be appropriate,
can be in any format and on any medium and can come from any source.
Documented information must be controlled, as before.
Clause 7.5 – Documented information

Support
• QMS Question D1 to D10
Later
• Identify key resources
• Required knowledge
• Key competencies
• Communications plan
• Documented Information
. .

Clause 8 – Operation
• “Products and services” replaces “product”.
• The term “products and services” includes all output categories,
hardware, services, software and processed materials.
• Deals with the execution of the plans and processes.
Clause 8.1 – Operation planning and control
• “Product realisation” has been replaced with “operation”.
• There are a number of new requirements:-
- inclusion of action to address risk and opportunity,
- addressing control of planned changes,
- reviewing consequences of unintended changes,
- taking action to diminish adverse effects.

Clause 8.2 Requirements for products and services
Clause 8.2.1 - Customer communication
• Includes the handling and treatment of customer property, if applicable.
Clause 8.2.2
Determination the requirements for products and services
• Rewording.
• Organisation has the ability to meet the claims for the product and services it offers.
Clause 8.2.3 - Review of the requirements for products an services
• Rewording.
• New note: Requirements can also include those arising from relevant interested
parties.
Clause 8.2.4 - Changes to requirements for products and services
• Organisation shall ensure that relevant documented information is amended, and that
relevant persons are made aware of the changed requirements, when the
requirements for products and services are changed.

• “Design and development” changed to “Design and development of
products and services”.
Clause 8.3 – Design and development of products and services
Clause 8.3.1 – General (New sub clause)
• The organisation shall establish, implement and maintain a design and
development process that is appropriate to ensure the subsequent
provision of products and services.

• There are a number of new items to be determined:-
- standards or codes of practice that the organisation has committed to implement,
- Information derived from previous similar design and development activities,
- Internal and external resources needed,
- Potential consequences of failure due to the nature of the product or service,
Clause 8.3.2 – Design and development planning
• There are a number of new items to be considered:-
- the nature, duration and complexity of the activities,
- Internal and external resources needed,
- The requirements for subsequent provision of products and services
- the need for involvement of customer and user groups,
- the necessary documented information to confirm that requirements have been met.
Clause 8.3.3 – Design and development inputs

Clause 8.3.4 – Design and development controls
- Combines three clauses of ISO 9001:2008, “Design and development review”,
“Design and development verification” and “Design and development validation”.
Clause 8.3.5 – Design and development outputs
- Includes or reference monitoring and measurement requirement.
- Shall retain documented information resulting from the design and
development process.
Clause 8.3.6 – Design and development changes
- “Control of design and development changes” replaced by “Design and
development changes”.
- Shall review and control changes made to design inputs and outputs, to the
extent that there is no adverse impact on conformity to requirements.

Clause 8.4
Control of externally provided processes, products and services
Clause 8.4.1 – General
• Externally provided / provider replaces purchasing, purchased and
suppliers.
• Acknowledges the trend towards greater use of subcontractors and
outsourcing
• Controls are to be provided for the following:-
- products and services that are provided by external providers for
incorporation into the organisation’s own products and services,
- products and services that are provided directly to the customer by the
external provider on behalf of the organisation,
- outsourcing a process or function or part of a process or function to an
external provider.
• External provision, includes associated companies

• Replaces “Purchasing information”.
• Includes :- Communicating the control and monitoring of the external
provider’s performance to be applied by the organisation.
• Organisations shall:-
- Ensure that externally provided processes remain within the control of its QMS
- Define both the controls that it intends to apply to an external provider and
those it intends to apply to the resulting output,
- Consider the potential impact of the externally provided processes, products
and services on its ability to consistently meet customer and statutory and
regulatory requirements,
- Consider the effectiveness of the controls applied by the external provider,
- Determine the verification, or other activities, necessary to ensure that the
externally provided processes, products and services meet requirements.
8.4.2 – Type and extent of control
8.4.3 – Information for external providers

Clause 8.4 –
Externally provided processes, products and services
An important requirement in this clause is that when you outsource any
process that affects conformity to product and service requirements,
you need to decide how you are going to control that process.
There are two situations that frequently need to be considered when
deciding the appropriate level of control of an outsourced process:
When you have the competence and ability to carry out a process, but
choose to outsource that process (for commercial or other reasons). In
this situation the process control criteria should already have been
defined, and can be transposed into requirements for the external
provider of the outsourced process, if necessary.
When you do not have the competence to carry out the process
yourself, and choose to outsource it. In this situation you have to ensure
that the controls proposed by the external provider of the outsourced
process are adequate. In some cases it may be necessary to involve
external specialists in making this evaluation.

Externally provided processes, products & services
An outsourced process is any value-adding or conversion activity related
to your product or service, that is performed by an external organisation
(subcontractor, sister facility, etc.). The external organisation may
perform the outsourced activity at their facility or yours.
Outsourced products and services may be:
1. intended for incorporation into the organisation’s products or
services,
2. external provider provides products and services directly to
your customer,
3. external provider provides a process or part of a process to
your organisation,
4. external provider provides its property for use or incorporation
into your product or service

Externally provided processes, products & services
You must be able to demonstrate sufficient controls over outsourced
processes to ensure that such processes are performed according to
the relevant requirements of ISO 9001:2015.
The nature and scope of such control will depend on the nature of
the outsourced or subcontracted process and the risk involved.
Outsourced processes may be controlled in any number of ways,
e.g., providing the vendor with product specifications; your supplier
quality manual that they must meet; asking for inspection and test
results or certificates of compliance; validation of outsourced
process; conducting product and QMS audits of your vendor; etc.
The expectation here is that you flow down to your vendor, the
relevant ISO 9001:2015 requirements that you would have to
implement, had you performed the process at your own facility.

• No new requirements.
8.5 Production and service provision
8.5.1 – Control of production and service provision
• Includes the requirements of ISO 9001:2008 Clauses “7.5.1 Control of
production and service provision” and “7.5.2 Validation of processes for
production and service provision”.
• The requirement for work instructions has been replaced by Documented
information.
8.5.2 – Identification and traceability
8.5.3 – Property belonging to customers or external providers
• Replaces “Customer property”.
• Requires organisations to take care of property from external providers as
well as customers.

• Identify the activities that must be carried out after product or service
delivery, such as: warranty, maintenance services, recycling, final disposal.
8.5.4 – Preservation
• Replaces Preservation of product.
• Now includes transmission (information, software).
8.5.5 – Post-delivery activities (New sub clause)
8.5.6 – Control of changes (New sub clause)
• The organisation shall review and control unplanned changes essential for
production or service provision.
• Document: results review, actions taken, and who authorised the change.

• Replaces “Monitoring and measurement of product”.
• No new requirements.
Clause 8.6 – Release of products and services
• Replaces “Control of nonconforming product”.
• No requirement for a documented procedure. But there is a requirement to
maintain documented information.
• When dealing with nonconforming product or service, the organisation needs
to consider:-
- segregation, containment, return or suspension,
- informing the customer,
- authorise re-provision of the products and services.
Clause 8.7 - Control of nonconforming outputs

EMS Operations
8.1 Operation planning and control
• Lifecycle perspective requirement added
8.2 Emergency preparedness and response
• Requirement to periodically review after test

EMS Life Cycle definition
Consecutive and interlinked stages of a
product (or service) system, from raw
material acquisition or generation from
natural resources to final disposal.
(ISO 14001:2015)
.

EMS Life Cycle definition
The life cycle stages include:
• acquisition of raw materials
• design
• production
• transportation & delivery use
• end-of-life treatment
• final disposal.
.

EMS Life Cycle Perspective
• When determining environmental aspects, the
organization considers a life cycle perspective.
• This does not require a detailed life cycle
assessment; thinking carefully about the life
cycle stages that can be controlled or influenced
by the organization is sufficient.
(ISO 14001:2015)
.

EMS Life Cycle Perspective
Life Cycle
Stage
Considerations
Pre-
Manufacture
Land-use in production of raw materials and vulnerability;
logistics – package, transport, etc - of delivery to factory;
supply route vulnerability
Product
Manufacture
Energy & water consumption; waste; litter, vibration, noise,
odours, lighting
Product
delivery
Packaging; routes to market; interim warehousing
Product Use Energy consumption; components & servicing
Refurbishment,
Recycling,
Disposal
Ease of recovery of product; dismantlability/separation of
components and recovery of valuable materials; safe disposal
.

Life cycle perspective
Life cycle perspective requirements
appear in two requirements of
I.S. EN ISO 14001:2015
• 6.1.2 - Environmental aspects
• 8.1 - Operational planning and control
.

Life cycle perspective
Annex A states that a detailed life cycle analysis is not
required… thinking carefully about life cycle stages
that can be controlled or influenced by the
organisation is sufficient
Current guidance in ISO 14004:2015 does mention
life cycle perspective with respect to the requirement
relating to context as outlined in section 4.1.
.

EMS Life cycle perspective
When determining environmental
aspects and associated impacts
consideration to be given to a life
cycle perspective where relevant
.

EMS Life cycle perspective
Consistent with a life cycle perspective
environmental requirements will be
considered in:
- Design and development processes
- Procurement of products and services
- Communication with external provider including
contractors
- With respect to transportation, delivery, end of life
and disposal of its products & services
.

Operations
• QMS Question E1 to E11
• EMS Question 8.1 & 8.2
Later
• Change control process / procedure
• External Providers controls
• Identify Process Risk
• Update design process / procedure
• service industry to address design &
development if applicable.
• Address post-delivery activities
. .

Clause 9 – Performance Evaluation
Clause 9.1 – Monitoring, measurement, analysis and evaluation
• More emphasis on monitoring and measurement.
• Requirement for performance indicators for the QMS.
• Organisations need to plan, how and when they’re going to
monitor, measure, analyse, and evaluate their QMS.
• And then implement their monitoring and measurement activities.
• Organisations must show how the analysis and evaluation of data is
used, with regards to the need for improvements to QMS.
• A key tool in driving the QMS is to enhance customer satisfaction.
Clause 9.2 – Internal audit
• No requirement for documented procedure.
• Some slight modifications to the requirements.
• Take into consideration changes to the organisation.

Clause 9 – Performance Evaluation
Looks at whether the management system is suitable, adequate and
effective, items to be reviewed under management review include:-
• Take into consideration strategic direction of the organisation,
• Changes in external and internal issues relevant to QMS,
• Trends and indicators for: customer satisfaction, issues concerning
external providers and other relevant interested parties, adequacy
of resources, process performance and conformity of products and
services,
• Effectiveness of action taken to address risk and opportunities,
• New potential opportunities for continual improvement.
Clause 9.3 – Management Review

EMS Performance Evaluation
9.1.2 Evaluation of compliance
• Frequency
• Evaluation
• Maintain knowledge

Performance Evaluation
• QMS Question F1 to F7
Later
• Set performance indicators for QMS
• Monitor, measure, analyse & evaluate QMS
• Update management review requirements
. .

Clause 10 – Improvement
• Does not include a clause on Preventive action as an emphasis on risk-
based thinking throughout the standard supersedes a single clause on
preventive action.
• Additional requirements include, taking action to control and correct
nonconformity and address the consequences, determining if similar
nonconformities exist or could happen, making changes to QMS if
necessary.
• Need a proactive corrective action process.
Clause 10.1 – General (New sub clause)
• Contains requirements from clause 8 of 9001:2008, pays more
attention to improvement, includes improvement to processes, product
or service and QMS.
• Select opportunities for improvement – meet customer requirements
and enhance customer satisfaction.
Clause 10.2 – Nonconformity and corrective action

Clause 10 – Improvement
• The organisation shall continually improve the suitability, adequacy and
effectiveness of the QMS.
• Determine opportunities for improvement and implement actions to
achieve intended outcomes
• Areas of underperformance or opportunities shall be addressed as part
of continual improvement.
• The organisation shall select and utilise applicable tools and
methodologies for investigation of the causes of underperformance and
for supporting continual improvement.
• Need to be able to demonstrate that outputs from analysis & evaluation
processes are used to make changes to the QMS if necessary
Clause 10.3 – Continual improvement

Improvement
• QMS Question G1 to G4
Later
• Select opportunities for improvement
• Address areas of underperformance
• Make changes to management system if
necessary
. .

Section H QMS Questionnaire
Section 11 EMS Questionnaire
• Complete only if you are already registered
to ISO 9001:2008 / ISO 14001:2004, and
you are upgrading to ISO 9001:2015 / ISO
14001:2015
• If for any reason you are not approved for
upgrade at a reassessment audit then you
need to maintain registration to ISO
9001:2008 / ISO 14001:2004
. .

Guidance
• ISO 9000:2015 Quality management systems -Fundamentals
and vocabulary
• ISO 9001:2015 Quality management systems –Requirements
• ISO/TS 9002:2016 Quality management systems –
Guidelines for the application of ISO 9001:2015
• ISO 9001:2015 for Small Enterprises (What to do?)
• Correlation matrices between ISO 9001:2008 and ISO
9001:2015
(This is available along with other information from the link below)
www.iso.org/tc176/sc02/public.

Guidance
I.S. EN ISO 14001:2015
-Annex A – Guidance on use
-Annex B – X-reference 2004 /2015
I.S. EN ISO 14004:2016
Practical guide
ISO 14001:2015 - A Practical Guide
.

Guidance
Here is a link to the ISO/TC 207 site which will give you information on ISO 14001:2015 and
related issues.
• https://committee.iso.org/sites/tc207sc1/home/projects/published/iso-14001---
environmental-manage/iso-14001-interpretation.html
Standard related to ISO 14001 which is being revised:
• ISO/14005 Environmental management systems -- Guidelines for the phased implementation
of an environmental management system, including the use of environmental performance
evaluation
In relation to EMS, the following new standards are being developed:
• ISO/14006 Environmental management systems -- Guidelines for incorporating eco-design
• ISO/14007 Environmental management -- Determining environmental costs and benefits –
Guidance
• ISO/CD 14008 Monetary valuation of environmental impacts from specific emissions and use
of natural resources -- Principles, requirements and guidelines
EMS standard published in 2016
• ISO 14004:2016 Environmental management systems -- General guidelines on
implementation
.

Presentation Quality Management System.ppsx

More Related Content

What's hot (20)

Similar to Presentation Quality Management System.ppsx (20)

Recently uploaded (20)

Presentation Quality Management System.ppsx