ISO 9001:2015QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS
When Recognition Matters
WHITEPAPER
www.pecb.com
CONTENT____
Introduction
An overview of ISO 9001:2015
Key clauses of ISO 9001:2015 Integration with other management systems
QualityManagement–TheBusinessBenefits Implementation of a QMS with IMS2 methodology Certificationoforganizations Trainingandcertificationsofprofessionals
3
4
4
9
9
11
12
13
PRINCIPAL AUTHORSERIC LACHAPELLE, PECBFATON ALIU, PECB LORIKA BINA, PECB
CONTRIBUTORSALKESH MISHRA, MOULIK IT SERVICES LLPANDERS CARLSTEDT, CARLSTEDT INC.MICHAEL GRAY, PIRII AUSTRALIA PTY. LTD.PIERRE DEWEZ, ALTIRIAN RENÉ ST GERMAIN, ALTIRIAN
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS2
INTRODUCTION____
Quality management is the act of managing all activities and functions needed to maintain a consistent levelofexcellenceinanorganization,productorservice.Qualityisanessentialfactorthatdifferentiatesanorganizationfromitscompetitors.Undertakingqualityinitiativeswillleadtosuperiorproductsorserviceswhichmeetandexceedcustomerexpectations,increaserevenuesandproductivityfortheorganization.
Qualityhasbecomeaglobalpriorityasmanyorganizationshavebenefitedfromitspractices.Commitmentto quality is related to the intent to remain competitive and stay in business due to increased globalcompetition. Quality management is crucial for the success of every organization, which is why many organizationsengage in the process of continual improvement to secure their future. Paying attention to quality management hasproventoleadtosuccessfulandcompetitiveorganizations,which are capable of offering superior products and services.
Duetotheabovementionedfactsmanyorganizationsaresettingprograms inplace formanagingquality. Therearedifferent systems, methodologies, tools and techniquesthat help in improving the quality performance. They canbe used separately or simultaneously towards achieving theestablishedgoalsforqualitymanagement,anddesiredlevelofquality.Usually theseprogramscover themajorityofactivitiesaimingtooptimizeoperations.Thereasonwhyorganizationsundertakequality initiativesisbecausepoor qualitymanagement canhave a negative effect onorganizations, andmay even lead tobusiness failure. Businesses should strive to improve their performance by employing the techniquesthat lead to improvedorganizationaleffectivenessandefficiency, employee loyalty, increasedcustomersatisfactionandmarketshare,higherproductivity,improvedprofitabilityandorganizationalculture.
TheInternationalOrganizationforStandardization(ISO)publishedstandardsonqualitymanagementwhichareacceptedandwidelyusedworldwide.OneofthemostcommonlyusedISOstandardsisISO9001,whichisaQualityManagementSystemStandardthataddressesvariousqualitymanagementissues.TheISO9000familyofstandardsprovidesguidanceandthenecessaryqualitymanagementtoolsfororganizationswhowanttoensurethattheirproductsandservicesmeetcustomer’srequirements.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 3
The Cost of QualityThecostofqualitymeasuresthelackofquality,ortheresultofnotimprovingthequalityperformancebeforehand.Improvingqualityishighlyimportantfororganizations
thatwanttoachievetheirobjectives.Takingmeasuresbeforetheproducts
or services are produced or offered lowerstheriskofhavingahighcost
ofquality.
An overview of ISO 9001:2015 The InternationalOrganization forStandardization (ISO) isanon-governmentalorganizationwhose roleistofacilitateinternationalcoordinationandthestandardizationofindustrialstandards.Thesestandardscontributetothedevelopment,manufacturinganddeliveryofproductsandservicesthataremoreeffective,saferandclearer. ISOperformssystematic reviewsevery3-5yearstokeepthesestandardsup-to-date.The revision process adjusts them to changes in theenvironment with the aim at improving organization’sability to offer products and services that meet customer’srequirements.ISOhasrevisedworld’sleadingQualityManagement System (QMS), ISO 9001:2008 toISO 9001:2015.
ISO9001:2015specifiesrequirementstoplan,establish,implement, operate, monitor, review, maintain andcontinually improve a documented management system used to manage quality. The requirements set in ISO9001:2015 are generic, flexible and useful to all typesof organizations. Thus, this ISO Management SystemStandard can be aligned and integrated with other Management Systems such as Energy Management,Business Continuity Management and other management systems,duetotheirsimilarstructure.
Quality management standardization evolves with ISO 9001:2015 by adding:
• Greateremphasisonprocessapproach,riskmanagement,monitoringperformanceandmetrics;• Betterfocusoninterestedparties;• Morecarefulanalysisofthecontextoftheorganizationneededforensuringqualityimprovement;
ISO 9001 applies to all types and sizes of organizations that wish to:
1. establish,implement,maintainandimproveaQMS;2. assureconformitywiththeorganization’sstatedqualitypolicy;3. demonstrateconformitytoothers;4. seekcertification/registrationofitsQMSbyanaccreditedthirdpartycertificationbody;or5. makeaself-determinationandself-declarationofconformitywiththisInternationalStandard.
ISO9001:2015isthefirstqualitymanagementstandardtobefullycompliantwiththenewguidelinesfromAnnexSL(“Highlevelstructureandidenticaltextformanagementsystemstandardsandcommoncoremanagementsystemtermsanddefinitions”).Ithasbeendevelopedinresponsetostandardsusers’criticsthat,whilecurrentstandardshavemanycommoncomponents,theyarenotsufficientlyaligned,makingitdifficultfororganizationstorationalizetheirsystemsandtointerfaceandintegratethem.ThismeansthatISO9001isintegratedtothehigh-levelstructureandcommontextthatwillmakeittotallyalignedwithallother management systems once the related standards have also adopted the Annex SL guidelines.
Key clauses of ISO 9001:2015
Following the new structure of the Annex SL, ISO 9001 is organized into the following main clauses:
Clause 1: ScopeClause 2: Normative referencesClause3:TermsanddefinitionsClause4:ContextoftheorganizationClause 5: LeadershipClause6:Planningforthequalitymanagementsystem
What is Quality Management System (QMS)?
Qualitymanagementsystemisdefinedas a set of interrelated or interacting ele-mentstoestablishpolicies,objectives,andprocessestoachievethoseobjec-
tiveswithregardtoquality.
QMS is part of the overall management system,basedonabusinessriskap-
proach,toestablish,implement,operate,monitor,review,maintainandimprove
quality.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS4
Clause 7: SupportClause8:OperationClause 9: Performance evaluationClause 10: Improvement
Eachofthesekeyareasislistedanddescribedbelow.
|| CLAUSE 4: CONTEXT OF THE ORGANIZATION
Theorganizationshalldetermineexternalandinternalissuesthatarerelevanttoitspurposeanditsstrate-gicdirectionandthataffectitsabilitytoachievetheintendedresult(s)ofitsQMSsuchas:
• issuesarisingfromtechnological,competitive,market,culture,social,andeconomicenvironments;• issuesrelatedtovalues,culture,knowledgeandperformanceoftheorganization;• theidentifiedneedsandexpectationsofrelevantinterestedparties;• applicablelegal,regulatoryandotherrequirementstowhichtheorganizationsubscribes.
DefiningthescopeoftheQMS,takingintoaccounttheorganization’sstrategicobjectives,keyproductsandser-vices,risktolerance,andanyregulatory,contractualorstakeholderobligationsisalsopartofthisclause.
|| CLAUSE 5: LEADERSHIP
Topmanagementshalldemonstrateleadershipandcommitmentwithrespecttothequalitymanagementsystem by:
• Takingaccountabilityoftheeffectivenessofthequalitymanagementsystem;• Ensuringthatthequalitypolicyandqualityobjectivesarecompatiblewiththestrategicdirectionand
thecontextoftheorganization;• Ensuringthatthequalitypolicyiscommunicated,understoodandappliedwithintheorganization;• EnsuringtheintegrationoftheQMSrequirementsintotheorganization’sbusinessprocesses;• Promotingawarenessoftheprocessapproach;• EnsuringthattheresourcesneededfortheQMSareavailable;• EnsuringthattheQMSachievesitsintendedresults;• Engaging,directing,andsupportingpersonstocontributetotheeffectivenessoftheQMS;• Promotingcontinualimprovement;
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 5
Corporate Policy Quality Policy
Values
Mission
Objectives
Strategies StrategicAlignment
QualityObjectives
• Ensuringthatcustomerrequirementandapplicablestatutoryandregulatoryrequirementsaredeter-minedandmet;
• Ensuringthattherisksandopportunitiesthatcanaffectconformityofproductsandservicesandtheabilitytoenhancecustomersatisfactionaredeterminedandaddresses;
• Establishing,reviewingandmaintainingthequalitypolicy;• Ensuringthattheresponsibilitiesandauthoritiesforrelevantrolesareassigned,communicatedand
understoodwithintheorganization.
|| CLAUSE 6: PLANNING FOR THE QUALITY MANAGEMENT SYSTEM
ThisisacriticalstageasitrelatestoestablishingstrategicobjectivesandguidingprinciplesfortheQMSasawhole.Theintentoftheorganizationtotreattherisksidentifiedand/ortocomplywiththeQMSrequire-mentscanbeexpressedthroughtheQMSobjectives.Thequalityobjectivesshall:
• beconsistentwiththequalitypolicy;• bemeasurable;• takeintoaccountapplicablerequirements;• berelevanttoconformityofproductsandservicesandtheenhancementofcustomersatisfaction;• bemonitored,communicatedandupdatedasappropriate.
AnorganizationwishingtocomplywithISO9001shallatleast:
• Selectanddefineariskassessmentmethodology.• Demonstrate that the selected methodology will provide comparable and reproducible results• Definecriteriaforacceptingrisksandidentifyacceptablelevelsofrisk.
|| CLAUSE 7: SUPPORT
The day-to-daymanagement of an effective qualitymanagement system relies heavily on using the ap-propriateresourcesforeachtask.Theseincludehav-ing competent staff with relevant (and demonstra-ble)trainingandsupportingservices,awarenessandcommunication. This must be supported by properly managed documented information.
Both internal and external communications of the or-ganizationmustbeconsideredinthisarea,includingtheformat,thecontentandthepropertimingofsuchcommunications.
Therequirementsonthecreation,updateandcontrolofdocumentedinformationarealsospecifiedinthisclause.
|| CLAUSE 8: OPERATION
After planning the QMS, an organization must put it into operation. This clause includes:
>>Operational planning and control: This activity includes implementation of plans and processes that lead theorganizationtowardsmeetingthequalitymanagementsystemrequirements.Additionally,thisclausere-quiresfromorganizationsthattheyestablishcontrolswhichhelpinpreventinganydeviationfromthequalitypolicy,objectives,andlegalrequirements.
Aftertherequirementshavebeenestablished,theorganizationshouldcontroltheplannedchangesandre-viewtheunintendedchangestomitigateanyadverseeffect.Alltheprocesseswithintheorganization,includ-ing outsourced processes should be controlled.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS6
Context
ContextContext
Practitionner Performance
Competent
Know
ledge
able
Skills
Behavioralskills Knowledge
>>Determination of requirements for products and services: Theorganizationshalldeterminealltherequire-mentsrelatedtoproductsandservices,suchascustomerrequirements,organizational,statutoryandregula-tory,andISO9001:2015requirements.Theorganizationshallestablishaneffectivecustomercommunicationprocess.Afteralltherequirementshavebeendetermined,theymustbereviewedtoensurecontractororderrequirementsdifferingfromthosepreviouslydefinedareresolved.
>>Design and development of products and services: Thisactivityrequiresthatorganizationsestablish,im-plement and maintain a design and development process.
>>Control of externally provided products and services: Theorganizationshallensurethatexternallypro-videdprocesses,procedures,andservicesconformtospecifiedrequirements.Thisclauseappliestobothphysicalproductsandconsumedservicesrelatedtotheendproductoftheorganization.Anorganizationwillneedtoapplyarisk-basedapproachanddeterminethetypeandextentofcontrolsnecessary.
>>Production and service provision: Businesses should control delivery and post-delivery activities to ensure thattheproductandserviceprovisionisimplementedundercontrolledconditions.Thisrequirementexpectsfromorganizationstohavetraceabilitymechanismto identifyprocessoutputs,protectandsafeguardthepropertybelongingtocustomersorexternalproviders,andtopreservetheproductsandservices.
>>Release of products and services:Organizationshouldverifyconformancetoacceptancecriteriawhenre-leasingtheproductsandservices.Acceptancecriteriaisthecriteriasetbytheorganizationspecifyingcertainindicatorsormeasuresemployedinassessingtheabilityofacomponent,structure,orsystemtoperformitsintendedfunction.Settingthecriteriabeforeinitiatingtheprojectmakesitsdevelopmentmucheasier.Eachorganizationshoulddefineitsowncriteriainordertoensureahigherlevelofcustomersatisfaction.
>>Control of nonconforming process outputs, products and services: Thisactivity involvesidentificationofcontrolofproductsandservicestoensurethattheycomplywiththestatedrequirements.Nonconformingpro-cesses,productsandserviceshavetobecorrected,segregated,orreturned.Additionally,thestandardrequiresthatorganizationinformthecustomersforthenonconformingproductstopreventcustomerdissatisfaction.
|| CLAUSE 9: PERFORMANCE EVALUATION
OncetheQMSisimplemented,ISO9001requirespermanentmonitoringofthesystemaswellasperiodicreviews to:
• demonstrateconformityofproductsandservicestorequirements;• assessandenhancecustomersatisfaction;• ensureconformityandeffectivenessofthequalitymanagementsystem;• demonstratethatplanninghasbeensuccessfullyimplemented;• assesstheperformanceofprocesses;• assess the performance of external providers• determinetheneedoropportunitiesforimprovementswithinthequalitymanagementsystem. || CLAUSE 10: IMPROVEMENT
Continualimprovementcanbedefinedasalltheactionstakenthroughouttheorganizationtoincreaseef-fectiveness(reachingobjectives)andefficiency(anoptimalcost/benefitratio)ofprocessesandcontrolstobringincreasedbenefitstotheorganizationanditsstakeholders.Anorganizationcancontinuallyimprovetheeffectivenessofitsmanagementsystemthroughtheuseofthequalitypolicy,objectives,auditresults,analysisofmonitoredevents,indicators,riskanalysis,correctiveactionsandmanagementreview.
Risk based approach
Byundertakingrisk-basedapproach,anyorganizationcanbecomemoreproactiveratherthanonlyreactiveto changes in the context in which it evolves. It can thus better prevent or reduce undesired effects and can then better promote continual improvement. Preventive action becomes rather ‘automatic’ when a manage-mentsystemisrisk-based.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 7
In thismeaning, risk-basedapproach isoneof themajorchanges in thenewversionof ISO9001.The9001:2015hasreplacedthe‘preventiveaction’conceptwithasetofrequirementsonmanagingrisk.Someriskanalysiswasimplicitintheoldversionofthestandardthroughpreventiveactionanalysis,butthenewversionmakesriskmoreexplicitbyincorporatingitthroughoutthequalitymanagementsystem.
Therisk-basedapproachcameasaresultoftheincorporationofAnnexSLintoISO9001:2015.Itplaysanimportantpartinthenewversionofthestandard,andithasclearclausestodeterminerisksandtakeactions.Eventhoughtheconceptof‘risk’isnewinISO9001:2015,manyorganizationsalreadyhaveanap-proachinplacetomanagerisk.TheyhavetoalignitwithISO9001:2015requirementsandshowthattherequirementsaremet.
RiskcanbefoundinthefollowingclausesofISO9001:
• Clause4(Contextoftheorganization)-theorganizationisrequiredtodeterminetheriskswhichmayaffectthequalitymanagementsystem.
• Clause5(Leadership)-topmanagementisrequiredtoensurethatrequirementsfromclause4arefollowed.• Clause6(Planningforthequalitymanagementsystem)-theorganizationisrequiredtotakeactions
towardsriskandopportunityidentification.• Clause8(Operation)-theorganizationisrequiredtoimplementprocessestoaddressrisksand opportunities.• Clause 9 (Performance evaluation) - the organization is required tomonitor,measure, analyse and
evaluatetherisksandopportunities.• Clause 10 (Improvement) - the organization is required to continually improve its processes while
respondingtochangesinrisk.
Introduction1
4
2
3
ISO 31000
Definitions
Risk can be found in all clauses of ISO 9001:2015
Risk-based thinking concept is explained in clause 0.3.3 of ISO 9001:2015.
The ISO 9001:2015 references ISO 31000 wich is a standard that procides guidance to risk management.
Risk is defined in ISO 9000, as the effect of uncertainty on an expected result.
The risk-based approach is used throughout the revised quality management system standard.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS8
Where is risk addressed in ISO 9001:2015?
Link between ISO 9001:2015 and other standards
Various standards such as ISO 9004 and ISO 9000 are used to complement ISO 9001:2015. ISO 9004 providesguidancetoorganizationstosupporttheachievementofsustainedsuccessbyaqualitymanage-mentapproach.ISO9004standardprovidesadditionalguidelinesoncustomerfocus,defectprevention,costcontrol,processapproach,documentation,purchasing, informeddecision-making,trainingandem-ployeemotivation.Inaddition,ISO9000discussesdefinitionsandterminologyandisusedtoclarifytheconcepts used by the ISO 9001 and ISO 9004 standards.
OtherstandardsthatarecloselylinkedtoISO9001:2015aresectorspecificstandards.Thesestandardsaremeanttocomplementqualitymanagementsystemindefiningbestpracticewithincertainsectors,andtackletheissueswhichISO9001doesnotcover.SectorspecificqualitymanagementstandardsincludeISO16949(automotiveindustry),AS9100(aerospaceindustry),TL9000(telecommunicationsindustry),ISO13485(medicaldevices),ISO29001(oilandgasindustry),andsoon.
Integration with other management systemsGeneralrequirementspresentedinthetablebelowarecommonlystatedinanymanagementsystemandrelatetodeterminingobjectives,applyingthemaccordingtotheorganization’shabitsandneeds,keepingthemalivebasedonastrongmanagementcommitment,monitoringandreviewing,supportingtheman-agementsystembygooddocumentation,regular‘health-checks’viainternalorexternalauditsandtogainbenefitsthroughcontinualimprovementasachievedbyaregularmanagementreview.
ThetablebelowshowshowaQMScanbeconsideredjointlywithothermanagementsystems.Thiswillauthorizetheorganizationtoenvision“combinedaudits” inordertoachievetheircompliancegoalswithadequateeffortandbudget.
Requirments ISO9001:2015
ISO14001:2015
ISO27001:2013
ISO22301:2012
ISO16949:2009
Objectivesofthemanagement system
6.2 6.2 6.2 6.2 5.4.1
Policy of the management system
5.2 5.2 5.2 5.3 5.3
Leadership and commitment 5.1 5.1 5.1 5.2 5.1
Documentedinformation 7.5 7.5 7.5 7.5 4.2
Internal audit 9.2 9.2 9.2 9.2 8.2.2
Continualimprocement 10.3 10.2 10.2 10 8.5.1
Management review 9.3 9.3 9.3 9.3 5.6
QualityManagement–TheBusinessBenefitsAswithallmajorundertakingswithinanorganization,itisessentialtogainthesupportandsponsorshipofexecutivemanagement.Byfar,thebestwaytoachievethisistoillustratethepositivegainsofhavinganef-fectivequalitymanagementprocessinplace,ratherthanhighlightingthenegativeaspectsofthecontrary.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 9
Today,aneffectivequalitymanagement isnotaboutbeingforcedintotakingactiontoaddressexternalpressures,butitsimportancereliesonrecognizingthepositivevalueofqualitygoodpracticebeingembed-dedthroughoutyourorganization.
Better understanding of the organization Regulatory compliance Cost reduction
Confidenceofclient Contract compliance Competitive advantage
Increased efficiency Legal compliance Respect of the interested parties
The adoption of an effective quality management process within an organization will have benefits in a number of areas, examples of which include:
1. Improvedorganizationaleffectivenessandefficiency;2. Improvedunderstandingofthebusinessasgainedthroughriskidentificationandanalysis3. Operationalresiliencewhichresultsfromimplementingriskreduction4. Downtimereductionduetotheidentificationofalternativeprocessesandworkarounds5. Protectionofstakeholdervalue6. Increasecustomerandemployeesatisfaction;7. Increasedmarketshareandprofit;8. Improvedorganizationalculture;9. Enhancedcontinuousimprovement;10. Processimprovement;and11. Avoidance of liability actions.
Quality Management Principles
ISO9001:2015isbasedonsevenqualitymanagementprinciplesthatcanbeusedbytopmanagementtoleadtheorganizationtowardsimprovedperformance.
Customer Focus Leadership Engagement of
PeopleProcess
Approach
Evidence-based Decision Making
Involvement Relationship Management
• Customer focus: Organizationsdependontheircustomersandthereforeshouldunderstandcurrentandfuturecustomerneeds,meetcustomerrequirementsandstrivetoexceedcustomerexpectations.
• Leadership: Leaders establishtheunityofpurposeanddirectionoftheorganization.Theyshouldcre-ate and maintain the internal environment in which people can become fully involved in achieving the organization'sobjectives.
• Engagement of People: Peopleatalllevelsaretheessenceofanorganizationandtheirfullinvolvementenablestheirabilitiestobeusedfortheorganization'sbenefit.
• Process approach: A desiredresultisachievedmoreefficientlywhenactivitiesandrelatedresourcesare managed as a process.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS10
• Improvement: Improvementoftheorganization'soverallperformanceshouldbeapermanentobjectiveoftheorganization.
• Evidence-based Decision Making: Effective decisions are based on the analysis of data and information.
• Relationship Management:Anorganizationanditsinterestedpartiesareinterdependentandamutu-allybeneficialrelationshipenhancestheirabilitytocreatevalue.
Implementation of a QMS with IMS2 methodologyMakingthedecisiontoimplementaQualityManagementSystembasedonISO9001mayoftenbeasimpleone,asthebenefitsarewelldocumented.Itisimportanttofollowastructuredandeffectivemethodologytocoveralltheminimumrequirementsfortheimplementationofaqualitymanagementsystem.Mostcompa-niesnowrealizethatitisnotsufficienttoimplementageneric,“onesizefitsall”qualitymanagementprogram.Foraneffective implementationmethodology,organizationsneed to take intoaccountspecific risks thatwouldimpactthequalityperformance.Amoredifficulttaskisthecompilationofanimplementationplanthatbalancestherequirementsofthestandard,thebusinessneedsandthedeadlinetobecomecertified.
ThereisnosingleblueprintforimplementingISO9001thatwillworkforeverycompany,buttherearesomecommonstepsthatwillallowtheorganizationtobalancetheoftenconflictingrequirementsandprepareforasuccessfulcertificationaudit.Whatevermethodologyused,theorganizationmustadaptittoitsparticularcontext(requirements,sizeoftheorganization,scope,objectives,andsoon).
PECBhasdevelopedamethodologyforimplementingamanagementsystem.Itiscalled“IntegratedImplemen-tationMethodologyforManagementSystemsandStandards(IMS2)”andisbasedonapplicablebestpractices.ThismethodologyisbasedontheguidelinesofISOstandardsandalsomeetstherequirementsofISO9001.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 11
1.PLAN
2.DO
3.CHECK
4.ACT
1.1 Initiating the QMS
1.2 Understanding the organization
1.3 Analyze the Existing System
1.4 Leadership and Project Approval
1.5 QMS Scope
1.6 Quality Policy
2.1 Organizational Structure
2.2 Document Management
2.3 Operations management
2.4 Training & awareness
2.5 Communication
2.6 Product requirements, design and purchasing process
2.7 Product realization and control
3.1 Monitoring and Measurement
3.2 Internal Audit
3.3 Management Review
4.1 Treatment of Non-conformities
4.2 Continual Improvement
1.7 Risk Assessment
1.8 Planning of product relalization
IMS2isbasedonthePDCAcycledividedintofourphases:Plan,Do,CheckandAct.Eachphasehasbe-tween2and8stepsforatotalof20steps.Inturn,thesestepsaredividedinto101activitiesandtasks.This‘PracticalGuide’considersthekeyphasesintheimplementationprojectfromstarttofinishandsuggeststheappropriate‘bestpractice’foreachone,whiledirectingtheorganizationtofurtherhelpfulresourcesasitembarksonitsISO9001journey.
Byfollowingastructuredandeffectivemethodology,anorganizationcanbesure itcoversallminimumrequirementsfortheimplementationofamanagementsystem.Asmentionedabove,whatevermethodol-ogyused,theorganizationmustadaptittoitsparticularcontext,andnotapplyitlikeacookbook.Thekeytoimplementationliesinacontextualizedandadaptableapproachbytheorganization,whichwillensurearobust outcome.
Thesequenceofstepsrequiredinthisprocessmaybechanged(inversion,merge),tomeetthemostsuit-ableoutcome.Forexample,theimplementationofthemanagementprocedurefordocumentedinforma-tioncanbedonebeforetheunderstandingoftheorganization.Manyprocessesareiterativebecauseoftheneedforprogressivedevelopmentthroughouttheimplementationproject;forexample,communicationand training.
CertificationofOrganizationsTheusualpathforanorganizationthatwishestobecertifiedagainstISO9001isthefollowing:
1. Implementation of the management system: Beforebeingaudited,amanagementsystemmustbeinoperationforsometime.Usually,theminimumtimerequiredbythecertificationbodiesis3months.
2. Internal audit and review by top management: Beforeamanagementsystemcanbecertified,itmusthave had at least one internal audit report and one management review.
3. Selection of the certification body (registrar): Each organization can select the certification body (registrar)ofitschoice.
4. Pre-assessment audit (optional): Anorganizationcanchoose toperformapre-audit to identifyanypossiblegapbetweenitscurrentmanagementsystemandtherequirementsofthestandard.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS12
PLAN
4 PHASES 18 STEPS 101 ACTIVITES UNDEFINED TASKS
DO
CHECK
ACT
QMSProject
5. 5. Stage 1 audit: Aconformityreviewofthedesignofthemanagementsystem.Themainobjectiveistoverifythatthemanagementsystemisdesignedtomeettherequirementsofthestandard(s)andtheobjectivesoftheorganization.ItisrecommendedthatatleastsomeportionoftheStage1auditshouldbeperformedon-siteattheorganization’spremises.
6. Stage 2 audit (On-site visit):TheStage2auditobjectiveistoevaluatewhetherthedeclaredmanage-mentsystemconformstoallrequirementsofthestandard,isactuallybeingimplementedintheorgani-zationandcansupporttheorganizationinachievingitsobjectives.Stage2takesplaceatthesite(s)oftheorganization’ssites(s)wherethemanagementsystemisimplemented.
7. Follow-up audit (optional): Iftheauditeehasnon-conformitiesthatrequireadditionalauditbeforebe-ingcertified,theauditorwillperformafollow-upvisittovalidateonlytheactionplanslinkedtothenon-conformities(usuallyoneday).
8. Confirmation of registration: Iftheorganizationiscompliantwiththeconditionsofthestandard,theRegistrarconfirmstheregistrationandpublishesthecertificate.
9. Continual improvement and surveillance audits: Onceanorganizationisregistered,surveillanceactivi-tiesareconductedbytheCertificationBodytoensurethatthemanagementsystemstillcomplieswiththestandard.Thesurveillanceactivitiesmustincludeon-sitevisits(atleast1peryear)thatallowveri-fyingtheconformityofthecertifiedclient’smanagementsystemandcanalsoinclude:investigationsfollowingacomplaint,reviewofawebsite,awrittenrequestforfollow-up,etc.
TrainingandcertificationsofprofessionalsPECBhascreatedatrainingroadmapandpersonnelcertificationschemeswhicharestronglyrecommend-edtoimplementersandauditorsofanorganizationwishingtogetcertifiedagainstISO9001.Certificationoforganizationsisavitalcomponentofthequalitymanagementfieldasitprovidesevidencethatorganiza-tionshavedevelopedstandardizedprocessesbasedonbestpractices.Certificationofindividualsservesasdocumentedevidenceofprofessionalcompetenciesandexperience,whilealsoprovidingevidencethattheindividual has attended one of the related courses and successfully completed exams.
Personnel certifications demonstrate that the professional holds defined competencies based on bestpractices.Italsoallowsorganizationstomakeaninformedselectionofemployeesorservicesbasedonthecompetenciesthatarerepresentedbythecertificationdesignation.Finally, itprovides incentivesfortheprofessionaltoconstantlyimprovehis/herskillsandknowledgeandservesasatoolforemployerstoensure that training and awareness have been effective.
PECBtrainingcoursesareofferedgloballythroughanetworkofauthorizedtrainingprovidersandthey’reavailableinseverallanguages.Coursesincludeintroduction,foundation,implementerandauditorcourses.ThetablebelowgivesashortdescriptionaboutPECB’sofficialtrainingcoursesforQualityManagementSystems based on ISO 9001:2015.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 13
Training title Short description Who should attend
ISO 9001 Introduction
• One day training course• Introduction to concepts
management and implementation of a QMS
• Donotleadtocertification
• Professionals wanting to gain a comprehensive knowledgeofthemain processes of a QMS
• Staff involved in the implementation of ISO 9001
• Expert advisors in Quality Management
• Managers responsible for implementing a QMS
• Auditors
ISO 9001 Foundation
• Two day training course• Become familiar with best
practices for implementation and management of QMS
• One hour exam
• Membersofaqualityteam• Professionals wanting to
gain a comprehensive knowledgeofthemain processes of a QMS
• Staff involved in the implementation of ISO 9001
• Staff involved in operations related to a QMS
• Auditors
ISO 9001 Lead Implementer
• Five day training course• Manage the
implementation and a management of a QMS
• Three hours exam
• Project managers/consultants
• Auditors who wish to u nderstand the QMS implementation process
• Membersofaqualityteam• Persons responsible of the
qualityorconformityinanorganization
• Expert advisors in QMS
ISO 9001 Lead Auditor• Five day training course• Manage the audit of a QMS• Three hours exam
• Internal auditors• Auditors• Persons responsible of the
qualityorconformityinanorganization
• Projectmanagers and/or consultants
• Membersofaqualityteam• Expert advisors in QMS
Althoughaspecifiedsetofcoursesorcurriculumofstudyisnotrequiredaspartofthecertificationprocess,thecompletionofarecognizedPECBcourseorprogramofstudywillsignificantlyenhanceyourchanceofpassingaPECBcertificationexamination. ThelistofapprovedorganizationsthatofferPECBofficialtrainingsessionsisfoundonourwebsite:www.pecb.org/en/eventlist.
|| CHOOSING THE RIGHT CERTIFICATION
TheISO9001FoundationcertificationisaprofessionalcertificationforprofessionalsneedingtohaveanoverallunderstandingoftheISO9001standardanditsrequirements.
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS14
TheISO9001Implementercertificationsareprofessionalcertificationsforprofessionalsneedingtoimple-mentaQMSand,incaseoftheISO9001LeadImplementerCertification,needingtomanageanimplemen-tationproject.
TheISO9001AuditorcertificationsarecredentialsforprofessionalsneedingtoauditaQMSand,incaseoftheISO9001LeadAuditorCertification,needingtomanageateamofauditors.
TheISO9001MastercertificationisaprofessionalcertificationforprofessionalsneedingtoimplementaQMSandtomastertheaudittechniquesandmanage(orbepartof)auditteamsandauditprogram.
Basedonthecandidatesoverallprofessionalexperienceandtheiracquiredqualifications,theywillbegrant-edoneormoreofthesecertificationsbasedonprojectsorauditactivitiesperformedinthepastoronwhichtheyarecurrentlyworking.
Certification Exam Professional experience Audit experience Project
experience
Foundation Foundation Exam None None None
Provisional Implementer
Lead Implementer Exam
None None None
ImplementerLead Implementer Exam
Two years Oneyearofworkexperience in the fieldofcertification
NoneProjectactivities totaling 200 hours
Lead Implementer
Lead Implementer Exam
Five years Two years of workexperienceinthefieldofcertification
NoneProjectactivities totaling 300 hours
Provisional Auditor
Lead Auditor Exam None None None
Auditor Lead Auditor Exam
Two years Oneyearofworkexperience in the fieldofcertification
Audit activities totaling 200 hours
None
Lead Auditor Lead Auditor Exam
Five years Two years of workexperienceinthefieldofcertification
Audit activities totaling 300 hours
None
Master
Lead Auditor Exam Lead Implementer Exam
Ten years Two years of workexperienceinthefieldofcertification
Audit activities totaling 500 hours
Projectactivities totaling 500 hours
ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 15