ISO 9001:2015QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS

When Recognition Matters

WHITEPAPER

www.pecb.com

CONTENT____

Introduction

An overview of ISO 9001:2015

Key clauses of ISO 9001:2015 Integration with other management systems

QualityManagement–TheBusinessBenefits Implementation of a QMS with IMS2 methodology Certificationoforganizations Trainingandcertificationsofprofessionals

3

4

4

9

9

11

12

13

PRINCIPAL AUTHORSERIC LACHAPELLE, PECBFATON ALIU, PECB LORIKA BINA, PECB

CONTRIBUTORSALKESH MISHRA, MOULIK IT SERVICES LLPANDERS CARLSTEDT, CARLSTEDT INC.MICHAEL GRAY, PIRII AUSTRALIA PTY. LTD.PIERRE DEWEZ, ALTIRIAN RENÉ ST GERMAIN, ALTIRIAN

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS2

INTRODUCTION____

Quality management is the act of managing all activities and functions needed to maintain a consistent levelofexcellenceinanorganization,productorservice.Qualityisanessentialfactorthatdifferentiatesanorganizationfromitscompetitors.Undertakingqualityinitiativeswillleadtosuperiorproductsorserviceswhichmeetandexceedcustomerexpectations,increaserevenuesandproductivityfortheorganization.

Qualityhasbecomeaglobalpriorityasmanyorganizationshavebenefitedfromitspractices.Commitmentto quality is related to the intent to remain competitive and stay in business due to increased globalcompetition. Quality management is crucial for the success of every organization, which is why many organizationsengage in the process of continual improvement to secure their future. Paying attention to quality management hasproventoleadtosuccessfulandcompetitiveorganizations,which are capable of offering superior products and services.

Duetotheabovementionedfactsmanyorganizationsaresettingprograms inplace formanagingquality. Therearedifferent systems, methodologies, tools and techniquesthat help in improving the quality performance. They canbe used separately or simultaneously towards achieving theestablishedgoalsforqualitymanagement,anddesiredlevelofquality.Usually theseprogramscover themajorityofactivitiesaimingtooptimizeoperations.Thereasonwhyorganizationsundertakequality initiativesisbecausepoor qualitymanagement canhave a negative effect onorganizations, andmay even lead tobusiness failure. Businesses should strive to improve their performance by employing the techniquesthat lead to improvedorganizationaleffectivenessandefficiency, employee loyalty, increasedcustomersatisfactionandmarketshare,higherproductivity,improvedprofitabilityandorganizationalculture.

TheInternationalOrganizationforStandardization(ISO)publishedstandardsonqualitymanagementwhichareacceptedandwidelyusedworldwide.OneofthemostcommonlyusedISOstandardsisISO9001,whichisaQualityManagementSystemStandardthataddressesvariousqualitymanagementissues.TheISO9000familyofstandardsprovidesguidanceandthenecessaryqualitymanagementtoolsfororganizationswhowanttoensurethattheirproductsandservicesmeetcustomer’srequirements.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 3

The Cost of QualityThecostofqualitymeasuresthelackofquality,ortheresultofnotimprovingthequalityperformancebeforehand.Improvingqualityishighlyimportantfororganizations

thatwanttoachievetheirobjectives.Takingmeasuresbeforetheproducts

or services are produced or offered lowerstheriskofhavingahighcost

ofquality.

An overview of ISO 9001:2015 The InternationalOrganization forStandardization (ISO) isanon-governmentalorganizationwhose roleistofacilitateinternationalcoordinationandthestandardizationofindustrialstandards.Thesestandardscontributetothedevelopment,manufacturinganddeliveryofproductsandservicesthataremoreeffective,saferandclearer. ISOperformssystematic reviewsevery3-5yearstokeepthesestandardsup-to-date.The revision process adjusts them to changes in theenvironment with the aim at improving organization’sability to offer products and services that meet customer’srequirements.ISOhasrevisedworld’sleadingQualityManagement System (QMS), ISO 9001:2008 toISO 9001:2015.

ISO9001:2015specifiesrequirementstoplan,establish,implement, operate, monitor, review, maintain andcontinually improve a documented management system used to manage quality. The requirements set in ISO9001:2015 are generic, flexible and useful to all typesof organizations. Thus, this ISO Management SystemStandard can be aligned and integrated with other Management Systems such as Energy Management,Business Continuity Management and other management systems,duetotheirsimilarstructure.

Quality management standardization evolves with ISO 9001:2015 by adding:

• Greateremphasisonprocessapproach,riskmanagement,monitoringperformanceandmetrics;• Betterfocusoninterestedparties;• Morecarefulanalysisofthecontextoftheorganizationneededforensuringqualityimprovement;

ISO 9001 applies to all types and sizes of organizations that wish to:

1. establish,implement,maintainandimproveaQMS;2. assureconformitywiththeorganization’sstatedqualitypolicy;3. demonstrateconformitytoothers;4. seekcertification/registrationofitsQMSbyanaccreditedthirdpartycertificationbody;or5. makeaself-determinationandself-declarationofconformitywiththisInternationalStandard.

ISO9001:2015isthefirstqualitymanagementstandardtobefullycompliantwiththenewguidelinesfromAnnexSL(“Highlevelstructureandidenticaltextformanagementsystemstandardsandcommoncoremanagementsystemtermsanddefinitions”).Ithasbeendevelopedinresponsetostandardsusers’criticsthat,whilecurrentstandardshavemanycommoncomponents,theyarenotsufficientlyaligned,makingitdifficultfororganizationstorationalizetheirsystemsandtointerfaceandintegratethem.ThismeansthatISO9001isintegratedtothehigh-levelstructureandcommontextthatwillmakeittotallyalignedwithallother management systems once the related standards have also adopted the Annex SL guidelines.

Key clauses of ISO 9001:2015

Following the new structure of the Annex SL, ISO 9001 is organized into the following main clauses:

Clause 1: ScopeClause 2: Normative referencesClause3:TermsanddefinitionsClause4:ContextoftheorganizationClause 5: LeadershipClause6:Planningforthequalitymanagementsystem

What is Quality Management System (QMS)?

Qualitymanagementsystemisdefinedas a set of interrelated or interacting ele-mentstoestablishpolicies,objectives,andprocessestoachievethoseobjec-

tiveswithregardtoquality.

QMS is part of the overall management system,basedonabusinessriskap-

proach,toestablish,implement,operate,monitor,review,maintainandimprove

quality.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS4

Clause 7: SupportClause8:OperationClause 9: Performance evaluationClause 10: Improvement

Eachofthesekeyareasislistedanddescribedbelow.

|| CLAUSE 4: CONTEXT OF THE ORGANIZATION

Theorganizationshalldetermineexternalandinternalissuesthatarerelevanttoitspurposeanditsstrate-gicdirectionandthataffectitsabilitytoachievetheintendedresult(s)ofitsQMSsuchas:

• issuesarisingfromtechnological,competitive,market,culture,social,andeconomicenvironments;• issuesrelatedtovalues,culture,knowledgeandperformanceoftheorganization;• theidentifiedneedsandexpectationsofrelevantinterestedparties;• applicablelegal,regulatoryandotherrequirementstowhichtheorganizationsubscribes.

DefiningthescopeoftheQMS,takingintoaccounttheorganization’sstrategicobjectives,keyproductsandser-vices,risktolerance,andanyregulatory,contractualorstakeholderobligationsisalsopartofthisclause.

|| CLAUSE 5: LEADERSHIP

Topmanagementshalldemonstrateleadershipandcommitmentwithrespecttothequalitymanagementsystem by:

• Takingaccountabilityoftheeffectivenessofthequalitymanagementsystem;• Ensuringthatthequalitypolicyandqualityobjectivesarecompatiblewiththestrategicdirectionand

thecontextoftheorganization;• Ensuringthatthequalitypolicyiscommunicated,understoodandappliedwithintheorganization;• EnsuringtheintegrationoftheQMSrequirementsintotheorganization’sbusinessprocesses;• Promotingawarenessoftheprocessapproach;• EnsuringthattheresourcesneededfortheQMSareavailable;• EnsuringthattheQMSachievesitsintendedresults;• Engaging,directing,andsupportingpersonstocontributetotheeffectivenessoftheQMS;• Promotingcontinualimprovement;

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 5

Corporate Policy Quality Policy

Values

Mission

Objectives

Strategies StrategicAlignment

QualityObjectives

• Ensuringthatcustomerrequirementandapplicablestatutoryandregulatoryrequirementsaredeter-minedandmet;

• Ensuringthattherisksandopportunitiesthatcanaffectconformityofproductsandservicesandtheabilitytoenhancecustomersatisfactionaredeterminedandaddresses;

• Establishing,reviewingandmaintainingthequalitypolicy;• Ensuringthattheresponsibilitiesandauthoritiesforrelevantrolesareassigned,communicatedand

understoodwithintheorganization.

|| CLAUSE 6: PLANNING FOR THE QUALITY MANAGEMENT SYSTEM

ThisisacriticalstageasitrelatestoestablishingstrategicobjectivesandguidingprinciplesfortheQMSasawhole.Theintentoftheorganizationtotreattherisksidentifiedand/ortocomplywiththeQMSrequire-mentscanbeexpressedthroughtheQMSobjectives.Thequalityobjectivesshall:

• beconsistentwiththequalitypolicy;• bemeasurable;• takeintoaccountapplicablerequirements;• berelevanttoconformityofproductsandservicesandtheenhancementofcustomersatisfaction;• bemonitored,communicatedandupdatedasappropriate.

AnorganizationwishingtocomplywithISO9001shallatleast:

• Selectanddefineariskassessmentmethodology.• Demonstrate that the selected methodology will provide comparable and reproducible results• Definecriteriaforacceptingrisksandidentifyacceptablelevelsofrisk.

|| CLAUSE 7: SUPPORT

The day-to-daymanagement of an effective qualitymanagement system relies heavily on using the ap-propriateresourcesforeachtask.Theseincludehav-ing competent staff with relevant (and demonstra-ble)trainingandsupportingservices,awarenessandcommunication. This must be supported by properly managed documented information.

Both internal and external communications of the or-ganizationmustbeconsideredinthisarea,includingtheformat,thecontentandthepropertimingofsuchcommunications.

Therequirementsonthecreation,updateandcontrolofdocumentedinformationarealsospecifiedinthisclause.

|| CLAUSE 8: OPERATION

After planning the QMS, an organization must put it into operation. This clause includes:

>>Operational planning and control: This activity includes implementation of plans and processes that lead theorganizationtowardsmeetingthequalitymanagementsystemrequirements.Additionally,thisclausere-quiresfromorganizationsthattheyestablishcontrolswhichhelpinpreventinganydeviationfromthequalitypolicy,objectives,andlegalrequirements.

Aftertherequirementshavebeenestablished,theorganizationshouldcontroltheplannedchangesandre-viewtheunintendedchangestomitigateanyadverseeffect.Alltheprocesseswithintheorganization,includ-ing outsourced processes should be controlled.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS6

Context

ContextContext

Practitionner Performance

Competent

Know

ledge

able

Skills

Behavioralskills Knowledge

>>Determination of requirements for products and services: Theorganizationshalldeterminealltherequire-mentsrelatedtoproductsandservices,suchascustomerrequirements,organizational,statutoryandregula-tory,andISO9001:2015requirements.Theorganizationshallestablishaneffectivecustomercommunicationprocess.Afteralltherequirementshavebeendetermined,theymustbereviewedtoensurecontractororderrequirementsdifferingfromthosepreviouslydefinedareresolved.

>>Design and development of products and services: Thisactivityrequiresthatorganizationsestablish,im-plement and maintain a design and development process.

>>Control of externally provided products and services: Theorganizationshallensurethatexternallypro-videdprocesses,procedures,andservicesconformtospecifiedrequirements.Thisclauseappliestobothphysicalproductsandconsumedservicesrelatedtotheendproductoftheorganization.Anorganizationwillneedtoapplyarisk-basedapproachanddeterminethetypeandextentofcontrolsnecessary.

>>Production and service provision: Businesses should control delivery and post-delivery activities to ensure thattheproductandserviceprovisionisimplementedundercontrolledconditions.Thisrequirementexpectsfromorganizationstohavetraceabilitymechanismto identifyprocessoutputs,protectandsafeguardthepropertybelongingtocustomersorexternalproviders,andtopreservetheproductsandservices.

>>Release of products and services:Organizationshouldverifyconformancetoacceptancecriteriawhenre-leasingtheproductsandservices.Acceptancecriteriaisthecriteriasetbytheorganizationspecifyingcertainindicatorsormeasuresemployedinassessingtheabilityofacomponent,structure,orsystemtoperformitsintendedfunction.Settingthecriteriabeforeinitiatingtheprojectmakesitsdevelopmentmucheasier.Eachorganizationshoulddefineitsowncriteriainordertoensureahigherlevelofcustomersatisfaction.

>>Control of nonconforming process outputs, products and services: Thisactivity involvesidentificationofcontrolofproductsandservicestoensurethattheycomplywiththestatedrequirements.Nonconformingpro-cesses,productsandserviceshavetobecorrected,segregated,orreturned.Additionally,thestandardrequiresthatorganizationinformthecustomersforthenonconformingproductstopreventcustomerdissatisfaction.

|| CLAUSE 9: PERFORMANCE EVALUATION

OncetheQMSisimplemented,ISO9001requirespermanentmonitoringofthesystemaswellasperiodicreviews to:

• demonstrateconformityofproductsandservicestorequirements;• assessandenhancecustomersatisfaction;• ensureconformityandeffectivenessofthequalitymanagementsystem;• demonstratethatplanninghasbeensuccessfullyimplemented;• assesstheperformanceofprocesses;• assess the performance of external providers• determinetheneedoropportunitiesforimprovementswithinthequalitymanagementsystem. || CLAUSE 10: IMPROVEMENT

Continualimprovementcanbedefinedasalltheactionstakenthroughouttheorganizationtoincreaseef-fectiveness(reachingobjectives)andefficiency(anoptimalcost/benefitratio)ofprocessesandcontrolstobringincreasedbenefitstotheorganizationanditsstakeholders.Anorganizationcancontinuallyimprovetheeffectivenessofitsmanagementsystemthroughtheuseofthequalitypolicy,objectives,auditresults,analysisofmonitoredevents,indicators,riskanalysis,correctiveactionsandmanagementreview.

Risk based approach

Byundertakingrisk-basedapproach,anyorganizationcanbecomemoreproactiveratherthanonlyreactiveto changes in the context in which it evolves. It can thus better prevent or reduce undesired effects and can then better promote continual improvement. Preventive action becomes rather ‘automatic’ when a manage-mentsystemisrisk-based.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 7

In thismeaning, risk-basedapproach isoneof themajorchanges in thenewversionof ISO9001.The9001:2015hasreplacedthe‘preventiveaction’conceptwithasetofrequirementsonmanagingrisk.Someriskanalysiswasimplicitintheoldversionofthestandardthroughpreventiveactionanalysis,butthenewversionmakesriskmoreexplicitbyincorporatingitthroughoutthequalitymanagementsystem.

Therisk-basedapproachcameasaresultoftheincorporationofAnnexSLintoISO9001:2015.Itplaysanimportantpartinthenewversionofthestandard,andithasclearclausestodeterminerisksandtakeactions.Eventhoughtheconceptof‘risk’isnewinISO9001:2015,manyorganizationsalreadyhaveanap-proachinplacetomanagerisk.TheyhavetoalignitwithISO9001:2015requirementsandshowthattherequirementsaremet.

RiskcanbefoundinthefollowingclausesofISO9001:

• Clause4(Contextoftheorganization)-theorganizationisrequiredtodeterminetheriskswhichmayaffectthequalitymanagementsystem.

• Clause5(Leadership)-topmanagementisrequiredtoensurethatrequirementsfromclause4arefollowed.• Clause6(Planningforthequalitymanagementsystem)-theorganizationisrequiredtotakeactions

towardsriskandopportunityidentification.• Clause8(Operation)-theorganizationisrequiredtoimplementprocessestoaddressrisksand opportunities.• Clause 9 (Performance evaluation) - the organization is required tomonitor,measure, analyse and

evaluatetherisksandopportunities.• Clause 10 (Improvement) - the organization is required to continually improve its processes while

respondingtochangesinrisk.

Introduction1

4

2

3

ISO 31000

Definitions

Risk can be found in all clauses of ISO 9001:2015

Risk-based thinking concept is explained in clause 0.3.3 of ISO 9001:2015.

The ISO 9001:2015 references ISO 31000 wich is a standard that procides guidance to risk management.

Risk is defined in ISO 9000, as the effect of uncertainty on an expected result.

The risk-based approach is used throughout the revised quality management system standard.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS8

Where is risk addressed in ISO 9001:2015?

Link between ISO 9001:2015 and other standards

Various standards such as ISO 9004 and ISO 9000 are used to complement ISO 9001:2015. ISO 9004 providesguidancetoorganizationstosupporttheachievementofsustainedsuccessbyaqualitymanage-mentapproach.ISO9004standardprovidesadditionalguidelinesoncustomerfocus,defectprevention,costcontrol,processapproach,documentation,purchasing, informeddecision-making,trainingandem-ployeemotivation.Inaddition,ISO9000discussesdefinitionsandterminologyandisusedtoclarifytheconcepts used by the ISO 9001 and ISO 9004 standards.

OtherstandardsthatarecloselylinkedtoISO9001:2015aresectorspecificstandards.Thesestandardsaremeanttocomplementqualitymanagementsystemindefiningbestpracticewithincertainsectors,andtackletheissueswhichISO9001doesnotcover.SectorspecificqualitymanagementstandardsincludeISO16949(automotiveindustry),AS9100(aerospaceindustry),TL9000(telecommunicationsindustry),ISO13485(medicaldevices),ISO29001(oilandgasindustry),andsoon.

Integration with other management systemsGeneralrequirementspresentedinthetablebelowarecommonlystatedinanymanagementsystemandrelatetodeterminingobjectives,applyingthemaccordingtotheorganization’shabitsandneeds,keepingthemalivebasedonastrongmanagementcommitment,monitoringandreviewing,supportingtheman-agementsystembygooddocumentation,regular‘health-checks’viainternalorexternalauditsandtogainbenefitsthroughcontinualimprovementasachievedbyaregularmanagementreview.

ThetablebelowshowshowaQMScanbeconsideredjointlywithothermanagementsystems.Thiswillauthorizetheorganizationtoenvision“combinedaudits” inordertoachievetheircompliancegoalswithadequateeffortandbudget.

Requirments ISO9001:2015

ISO14001:2015

ISO27001:2013

ISO22301:2012

ISO16949:2009

Objectivesofthemanagement system

6.2 6.2 6.2 6.2 5.4.1

Policy of the management system

5.2 5.2 5.2 5.3 5.3

Leadership and commitment 5.1 5.1 5.1 5.2 5.1

Documentedinformation 7.5 7.5 7.5 7.5 4.2

Internal audit 9.2 9.2 9.2 9.2 8.2.2

Continualimprocement 10.3 10.2 10.2 10 8.5.1

Management review 9.3 9.3 9.3 9.3 5.6

QualityManagement–TheBusinessBenefitsAswithallmajorundertakingswithinanorganization,itisessentialtogainthesupportandsponsorshipofexecutivemanagement.Byfar,thebestwaytoachievethisistoillustratethepositivegainsofhavinganef-fectivequalitymanagementprocessinplace,ratherthanhighlightingthenegativeaspectsofthecontrary.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 9

Today,aneffectivequalitymanagement isnotaboutbeingforcedintotakingactiontoaddressexternalpressures,butitsimportancereliesonrecognizingthepositivevalueofqualitygoodpracticebeingembed-dedthroughoutyourorganization.

Better understanding of the organization Regulatory compliance Cost reduction

Confidenceofclient Contract compliance Competitive advantage

Increased efficiency Legal compliance Respect of the interested parties

The adoption of an effective quality management process within an organization will have benefits in a number of areas, examples of which include:

1. Improvedorganizationaleffectivenessandefficiency;2. Improvedunderstandingofthebusinessasgainedthroughriskidentificationandanalysis3. Operationalresiliencewhichresultsfromimplementingriskreduction4. Downtimereductionduetotheidentificationofalternativeprocessesandworkarounds5. Protectionofstakeholdervalue6. Increasecustomerandemployeesatisfaction;7. Increasedmarketshareandprofit;8. Improvedorganizationalculture;9. Enhancedcontinuousimprovement;10. Processimprovement;and11. Avoidance of liability actions.

Quality Management Principles

ISO9001:2015isbasedonsevenqualitymanagementprinciplesthatcanbeusedbytopmanagementtoleadtheorganizationtowardsimprovedperformance.

Customer Focus Leadership Engagement of

PeopleProcess

Approach

Evidence-based Decision Making

Involvement Relationship Management

• Customer focus: Organizationsdependontheircustomersandthereforeshouldunderstandcurrentandfuturecustomerneeds,meetcustomerrequirementsandstrivetoexceedcustomerexpectations.

• Leadership: Leaders establishtheunityofpurposeanddirectionoftheorganization.Theyshouldcre-ate and maintain the internal environment in which people can become fully involved in achieving the organization'sobjectives.

• Engagement of People: Peopleatalllevelsaretheessenceofanorganizationandtheirfullinvolvementenablestheirabilitiestobeusedfortheorganization'sbenefit.

• Process approach: A desiredresultisachievedmoreefficientlywhenactivitiesandrelatedresourcesare managed as a process.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS10

• Improvement: Improvementoftheorganization'soverallperformanceshouldbeapermanentobjectiveoftheorganization.

• Evidence-based Decision Making: Effective decisions are based on the analysis of data and information.

• Relationship Management:Anorganizationanditsinterestedpartiesareinterdependentandamutu-allybeneficialrelationshipenhancestheirabilitytocreatevalue.

Implementation of a QMS with IMS2 methodologyMakingthedecisiontoimplementaQualityManagementSystembasedonISO9001mayoftenbeasimpleone,asthebenefitsarewelldocumented.Itisimportanttofollowastructuredandeffectivemethodologytocoveralltheminimumrequirementsfortheimplementationofaqualitymanagementsystem.Mostcompa-niesnowrealizethatitisnotsufficienttoimplementageneric,“onesizefitsall”qualitymanagementprogram.Foraneffective implementationmethodology,organizationsneed to take intoaccountspecific risks thatwouldimpactthequalityperformance.Amoredifficulttaskisthecompilationofanimplementationplanthatbalancestherequirementsofthestandard,thebusinessneedsandthedeadlinetobecomecertified.

ThereisnosingleblueprintforimplementingISO9001thatwillworkforeverycompany,buttherearesomecommonstepsthatwillallowtheorganizationtobalancetheoftenconflictingrequirementsandprepareforasuccessfulcertificationaudit.Whatevermethodologyused,theorganizationmustadaptittoitsparticularcontext(requirements,sizeoftheorganization,scope,objectives,andsoon).

PECBhasdevelopedamethodologyforimplementingamanagementsystem.Itiscalled“IntegratedImplemen-tationMethodologyforManagementSystemsandStandards(IMS2)”andisbasedonapplicablebestpractices.ThismethodologyisbasedontheguidelinesofISOstandardsandalsomeetstherequirementsofISO9001.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 11

1.PLAN

2.DO

3.CHECK

4.ACT

1.1 Initiating the QMS

1.2 Understanding the organization

1.3 Analyze the Existing System

1.4 Leadership and Project Approval

1.5 QMS Scope

1.6 Quality Policy

2.1 Organizational Structure

2.2 Document Management

2.3 Operations management

2.4 Training & awareness

2.5 Communication

2.6 Product requirements, design and purchasing process

2.7 Product realization and control

3.1 Monitoring and Measurement

3.2 Internal Audit

3.3 Management Review

4.1 Treatment of Non-conformities

4.2 Continual Improvement

1.7 Risk Assessment

1.8 Planning of product relalization

IMS2isbasedonthePDCAcycledividedintofourphases:Plan,Do,CheckandAct.Eachphasehasbe-tween2and8stepsforatotalof20steps.Inturn,thesestepsaredividedinto101activitiesandtasks.This‘PracticalGuide’considersthekeyphasesintheimplementationprojectfromstarttofinishandsuggeststheappropriate‘bestpractice’foreachone,whiledirectingtheorganizationtofurtherhelpfulresourcesasitembarksonitsISO9001journey.

Byfollowingastructuredandeffectivemethodology,anorganizationcanbesure itcoversallminimumrequirementsfortheimplementationofamanagementsystem.Asmentionedabove,whatevermethodol-ogyused,theorganizationmustadaptittoitsparticularcontext,andnotapplyitlikeacookbook.Thekeytoimplementationliesinacontextualizedandadaptableapproachbytheorganization,whichwillensurearobust outcome.

Thesequenceofstepsrequiredinthisprocessmaybechanged(inversion,merge),tomeetthemostsuit-ableoutcome.Forexample,theimplementationofthemanagementprocedurefordocumentedinforma-tioncanbedonebeforetheunderstandingoftheorganization.Manyprocessesareiterativebecauseoftheneedforprogressivedevelopmentthroughouttheimplementationproject;forexample,communicationand training.

CertificationofOrganizationsTheusualpathforanorganizationthatwishestobecertifiedagainstISO9001isthefollowing:

1. Implementation of the management system: Beforebeingaudited,amanagementsystemmustbeinoperationforsometime.Usually,theminimumtimerequiredbythecertificationbodiesis3months.

2. Internal audit and review by top management: Beforeamanagementsystemcanbecertified,itmusthave had at least one internal audit report and one management review.

3. Selection of the certification body (registrar): Each organization can select the certification body (registrar)ofitschoice.

4. Pre-assessment audit (optional): Anorganizationcanchoose toperformapre-audit to identifyanypossiblegapbetweenitscurrentmanagementsystemandtherequirementsofthestandard.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS12

PLAN

4 PHASES 18 STEPS 101 ACTIVITES UNDEFINED TASKS

DO

CHECK

ACT

QMSProject

5. 5. Stage 1 audit: Aconformityreviewofthedesignofthemanagementsystem.Themainobjectiveistoverifythatthemanagementsystemisdesignedtomeettherequirementsofthestandard(s)andtheobjectivesoftheorganization.ItisrecommendedthatatleastsomeportionoftheStage1auditshouldbeperformedon-siteattheorganization’spremises.

6. Stage 2 audit (On-site visit):TheStage2auditobjectiveistoevaluatewhetherthedeclaredmanage-mentsystemconformstoallrequirementsofthestandard,isactuallybeingimplementedintheorgani-zationandcansupporttheorganizationinachievingitsobjectives.Stage2takesplaceatthesite(s)oftheorganization’ssites(s)wherethemanagementsystemisimplemented.

7. Follow-up audit (optional): Iftheauditeehasnon-conformitiesthatrequireadditionalauditbeforebe-ingcertified,theauditorwillperformafollow-upvisittovalidateonlytheactionplanslinkedtothenon-conformities(usuallyoneday).

8. Confirmation of registration: Iftheorganizationiscompliantwiththeconditionsofthestandard,theRegistrarconfirmstheregistrationandpublishesthecertificate.

9. Continual improvement and surveillance audits: Onceanorganizationisregistered,surveillanceactivi-tiesareconductedbytheCertificationBodytoensurethatthemanagementsystemstillcomplieswiththestandard.Thesurveillanceactivitiesmustincludeon-sitevisits(atleast1peryear)thatallowveri-fyingtheconformityofthecertifiedclient’smanagementsystemandcanalsoinclude:investigationsfollowingacomplaint,reviewofawebsite,awrittenrequestforfollow-up,etc.

TrainingandcertificationsofprofessionalsPECBhascreatedatrainingroadmapandpersonnelcertificationschemeswhicharestronglyrecommend-edtoimplementersandauditorsofanorganizationwishingtogetcertifiedagainstISO9001.Certificationoforganizationsisavitalcomponentofthequalitymanagementfieldasitprovidesevidencethatorganiza-tionshavedevelopedstandardizedprocessesbasedonbestpractices.Certificationofindividualsservesasdocumentedevidenceofprofessionalcompetenciesandexperience,whilealsoprovidingevidencethattheindividual has attended one of the related courses and successfully completed exams.

Personnel certifications demonstrate that the professional holds defined competencies based on bestpractices.Italsoallowsorganizationstomakeaninformedselectionofemployeesorservicesbasedonthecompetenciesthatarerepresentedbythecertificationdesignation.Finally, itprovides incentivesfortheprofessionaltoconstantlyimprovehis/herskillsandknowledgeandservesasatoolforemployerstoensure that training and awareness have been effective.

PECBtrainingcoursesareofferedgloballythroughanetworkofauthorizedtrainingprovidersandthey’reavailableinseverallanguages.Coursesincludeintroduction,foundation,implementerandauditorcourses.ThetablebelowgivesashortdescriptionaboutPECB’sofficialtrainingcoursesforQualityManagementSystems based on ISO 9001:2015.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 13

Training title Short description Who should attend

ISO 9001 Introduction

• One day training course• Introduction to concepts

management and implementation of a QMS

• Donotleadtocertification

• Professionals wanting to gain a comprehensive knowledgeofthemain processes of a QMS

• Staff involved in the implementation of ISO 9001

• Expert advisors in Quality Management

• Managers responsible for implementing a QMS

• Auditors

ISO 9001 Foundation

• Two day training course• Become familiar with best

practices for implementation and management of QMS

• One hour exam

• Membersofaqualityteam• Professionals wanting to

gain a comprehensive knowledgeofthemain processes of a QMS

• Staff involved in the implementation of ISO 9001

• Staff involved in operations related to a QMS

• Auditors

ISO 9001 Lead Implementer

• Five day training course• Manage the

implementation and a management of a QMS

• Three hours exam

• Project managers/consultants

• Auditors who wish to u nderstand the QMS implementation process

• Membersofaqualityteam• Persons responsible of the

qualityorconformityinanorganization

• Expert advisors in QMS

ISO 9001 Lead Auditor• Five day training course• Manage the audit of a QMS• Three hours exam

• Internal auditors• Auditors• Persons responsible of the

qualityorconformityinanorganization

• Projectmanagers and/or consultants

• Membersofaqualityteam• Expert advisors in QMS

Althoughaspecifiedsetofcoursesorcurriculumofstudyisnotrequiredaspartofthecertificationprocess,thecompletionofarecognizedPECBcourseorprogramofstudywillsignificantlyenhanceyourchanceofpassingaPECBcertificationexamination. ThelistofapprovedorganizationsthatofferPECBofficialtrainingsessionsisfoundonourwebsite:www.pecb.org/en/eventlist.

|| CHOOSING THE RIGHT CERTIFICATION

TheISO9001FoundationcertificationisaprofessionalcertificationforprofessionalsneedingtohaveanoverallunderstandingoftheISO9001standardanditsrequirements.

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS14

TheISO9001Implementercertificationsareprofessionalcertificationsforprofessionalsneedingtoimple-mentaQMSand,incaseoftheISO9001LeadImplementerCertification,needingtomanageanimplemen-tationproject.

TheISO9001AuditorcertificationsarecredentialsforprofessionalsneedingtoauditaQMSand,incaseoftheISO9001LeadAuditorCertification,needingtomanageateamofauditors.

TheISO9001MastercertificationisaprofessionalcertificationforprofessionalsneedingtoimplementaQMSandtomastertheaudittechniquesandmanage(orbepartof)auditteamsandauditprogram.

Basedonthecandidatesoverallprofessionalexperienceandtheiracquiredqualifications,theywillbegrant-edoneormoreofthesecertificationsbasedonprojectsorauditactivitiesperformedinthepastoronwhichtheyarecurrentlyworking.

Certification Exam Professional experience Audit experience Project

experience

Foundation Foundation Exam None None None

Provisional Implementer

Lead Implementer Exam

None None None

ImplementerLead Implementer Exam

Two years Oneyearofworkexperience in the fieldofcertification

NoneProjectactivities totaling 200 hours

Lead Implementer

Lead Implementer Exam

Five years Two years of workexperienceinthefieldofcertification

NoneProjectactivities totaling 300 hours

Provisional Auditor

Lead Auditor Exam None None None

Auditor Lead Auditor Exam

Two years Oneyearofworkexperience in the fieldofcertification

Audit activities totaling 200 hours

None

Lead Auditor Lead Auditor Exam

Five years Two years of workexperienceinthefieldofcertification

Audit activities totaling 300 hours

None

Master

Lead Auditor Exam Lead Implementer Exam

Ten years Two years of workexperienceinthefieldofcertification

Audit activities totaling 500 hours

Projectactivities totaling 500 hours

ISO 9001:2015 // QUALITY MANAGEMENT SYSTEMS - REQUIREMENTS 15

www.pecb.com

+1-844-426-7322

customer@pecb.com

Customer Service