Quality Management System Requirements€¦ · QMS managers - to develop a more effective QMS for...

Understanding ISO 9001:2015

Quality Management System Requirements

2 © 2015 Copyright Art Lewis – askartsolutions.com

Copyright Notice

Copyright © 2015 by Arthur J. Lewis - All rights reserved

No part (information or graphics) of this publication may be reproduced,

distributed, or transmitted or commercially exploited in any form or by any

means, including photocopying, recording, copy-typing or copying and pasting

onto your website, blog or elsewhere, or other electronic or mechanical methods,

without the prior written permission of the author, except in the case of brief

quotations embodied in critical reviews and certain other noncommercial uses

permitted by copyright law. For permission requests, please contact the author at

[email protected]

Disclaimer

The information provided within this eBook is based on my personal knowledge,

thoughts and interpretation of ISO 9001:2015 requirements and from 45 years of

experience in business. This book has not been created to be specific to any

organizations‟ situation or needs. It is not intended to be the definitive word on

ISO 9001 interpretation and implementation. You may discover there are other

equally acceptable methods and information to accomplish the same end result.

While I have made every effort to ensure that the information in this eBook was

correct at the time of publication, I make no representations or warranties,

express or implied, about the completeness, accuracy, reliability, suitability or

availability with respect to the information or related graphics contained in this

eBook for any purpose.

I do not assume and hereby disclaim any liability to any party for any loss,

damage, or disruption caused by errors or omissions, whether such errors or

omissions result from accident, negligence, or any other cause.




About The Author

A. J. (Art) Lewis

Business Management Consultant

SUMMARY

Art applies over 45 years of strong business and operations management experience to

provide results-oriented ISO 9001, AS 9100 (aerospace) and TS 16949 (automotive)

consulting, using a risk management approach. His services include interpretation,

documentation, system development, training, project management and system audits

leading to successful certification to these quality management standards. He has earned

a reputation for getting his clients certified, on their first attempt, on time, and within

budget. He also provides business planning, process streamlining and other value-added

services.

EXPERIENCE / ACCOMPLISHMENTS

Consultancy: He has helped over 200 clients in a wide variety of industries achieve

ISO 9001, AS9100 and TS 16949 certification. Industries include automotive metal

stamping and screw machine, fabrication, machining, assembly, electrostatic and

chrome plating, heat-treating, coatings, glass, plastic and rubber product and services,

electrical and electronic equipment, assemblies & components, UPS and batteries,

computer hardware and software, printing, placement and temporary help,

warehousing and distribution, repair facilities, consumer credit counseling agencies,

banks, call centers, etc.

Training: He has delivered public and on-site quality management training to over

4,000 students. Courses include ISO/TS – RAB approved Lead Auditor, Internal

Auditing, Implementation, Documentation, as well as customized ISO/AS/TS courses,

PPAP, FMEA, APQP and Control Plans. He has written the accredited Lead Auditor

Course for BSI in the US as well as Understanding ISO 9001:2008 and 2015 and other

related publications.

Auditing: He has conducted over 300 third party registration and surveillance audits

and dozens of gap, internal and pre-assessment audits to ISO/AS/TS Standards, in the

manufacturing and service sectors. He has worked as a freelance Lead Auditor with

major Registrars such as BSI, BV and SAI Global.

Other services: He has provided business planning, restructuring, asset

management, systems and lean manufacturing services to a variety of manufacturing

and service clients such as printing, plastics, automotive, transportation and custom

brokerage, warehousing and distribution, electrical and electronics, trading, equipment

leasing, etc.

Education & professional certification: Art has held IRCA certified Lead Auditor for

ISO 9000 as well as QS 9000 Lead Assessor certification. He holds a Bachelor of

Commerce degree and has a Canadian CPA and CMA designation. Prior to becoming a

business consultant more than 25 years ago, he has held senior financial (Vice

President - Finance & Administration and Controllership) positions in major Canadian

and US organizations.

For more on Art‟s work, please visit askartsolutions.com




Contents - ISO 9001:2015

Page

Copyright and Disclaimer 2

Author’s biography 3

List of Contents 4

Foreword 6

Overview 7

Correlation matrices - ISO 9001:2008 to ISO 9001:2015 and vice versa 9

Key themes 14

Introduction 15

Quality management principles 23

Process approach 30

Risk based thinking 51

1 Scope

Normative references

Terms and definitions

Context of the organization

56

2 59

3 59

4 60

4.1

4.2

4.3

4.4

Understanding the organization and its context

Understanding the needs and expectations of interested parties

Determining the scope of the quality management system

Quality management system and its processes

60

69

81

86

5 Leadership 103

5.1 Leadership and commitment 104

5.1.1

5.1.2

General

Customer focus

104

114

5.2 Policy 118

5.2.1 Developing the quality policy

Communication the quality policy

118

5.2.2 121

5.3 Organizational roles, responsibilities and authorities 124

6 Planning 128

6.1

6.2

6.3

Actions to address risks and opportunities

Quality objectives and planning to achieve them

Planning of changes

129

144

157

7 Support

7.1 Resources 163

7.1.1

7.1.2

7.1.3

7.1.4

7.1.5

7.1.6

General

People

Infrastructure

Environment for the operation of processes

Monitoring and measuring resources

Organizational knowledge

163

171

175

179

183

193

7.2

7.3

7.4

7.5

Competence

Awareness

Communication

Documented information

198

203

205

208

7.5.1

7.5.2

7.5.3

General

Creating and updating

Control of documented information

209

216

218




Contents - ISO 9001:2015

Page

8 Operation 222

8.1 Operational planning and control

Requirements for products and services

223

8.2 226

8.2.1

8.2.2

8.2.3

8.2.4

Customer communication

Determining the requirements related to products and services

Review of requirements related to products and services

Changes to requirements for products and services

226

228

230

232

8.3 Design and development of products and services 234

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6

General

Design and development planning

Design and development inputs

Design and development controls

Design and development outputs

Design and development changes

235

235

241

246

250

253

8.4 Control of externally provided processes, product and services 254

8.4.1

8.4.2

8.4.3

General

Type and extent of control

Information for external providers

254

260

268

8.5 Production and service provision 271

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

Control of production and service provision

Identification and traceability

Property belonging to customers or external providers

Preservation

Post-delivery activities

Control of changes

271

278

281

283

284

288

8.6

8.7

Release of products and services

Control of nonconforming outputs

289

291

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation 296

9.1.1

9.1.2

9.1.3

General

Customer satisfaction

Analysis and evaluation

296

300

305

9.2

9.3

Internal audit

Management review

308

314

9.3.1

9.3.2

9.3.3

General

Management review inputs

Management review outputs

314

315

318

10 Improvement 320

10.1

10.2

10.3

General

Nonconformity and corrective action

Continual improvement

320

326

329

Thank You! 333




Foreword

The purpose of this eBook is to provide:

A clear and in-depth understanding of the intent and implication of each

clause and sub-clause of the ISO 9001:2015 standard.

Ideas, direction and sufficient insight for a quality practitioner to develop

and implement an effective quality management system (QMS) based on

this latest Standard.

Though not meant as an audit guide, there is plenty of audit evidence

provided especially for the new requirements to make this eBook very useful

to internal and external auditors.

This eBook can help:

Beginners - to understand and apply ISO 9001 requirements.

QMS managers - to develop a more effective QMS for their organization.

QMS auditors - to conduct more effective QMS audits.

Top management - to gain an understanding of ISO 9001 as a business tool.

Consultants - to provide value-added service to their clients.

Organizations – looking to smoothly transition from ISO 9001:2008 to ISO

9001:2015

Presentation of this eBook

The requirements of the ISO 9001:2015 standard are shown in the light

beige box by clause and sub-clause.

Below the requirements, I explain the specific concepts, principles and

requirements. You will find important points being repeated or further

elaborated in different parts of the standard. Whenever I make reference to

„you‟ or „your‟ QMS, I refer to your organization‟s or facility‟s QMS.

At the end of each section I provide test questions to strengthen your

understanding of that section. The answers will generally be found within that

section.

How to get the maximum benefit out of this eBook

In going through this eBook, I suggest:

1. You read each section more than once.

2. Answer all test questions before moving on to the next section. Review the

section if your answer is not correct or incomplete.

3. As you go through each section, pick a business process or activity within

your organization and practice applying the information to it.

4. Take your time. Don‟t try and rush through the material. There are a lot of

golden nuggets of information you may overlook.




By diligently following this approach you will learn a lot faster; connect the dots

on the various requirements; and be able to effectively apply this knowledge to

implement or audit a QMS or provide value-added consulting services.

Overview

The ISO 9001 standard is organized under the major headings listed above (0 -

10). The first four headings (clauses 0-3) do not provide any requirements for a

QMS. They provide background information on key concepts and elements

that form the foundation or backbone of the standard.

The remaining seven headings (clauses 4 through 10) provide the mandatory

requirements for your QMS. Each major clause heading has several sub-clauses.

Collectively, these seven clauses set out the requirements for developing

and implementing your QMS.

The following is a summary explanation of these 11 headings of the ISO

9001:2015 standard.

Clause 0 – Introduction

0.1 General

This subsection introduces a range of topics such as - the benefits of

implementing a QMS; concepts such as the process approach, PDCA (plan-do-

check-act), risk-based thinking, the need to adopt improvement, clarification of

terminology, and provision of flexibility in applying the requirements of the

standard to an organization‟s QMS, and that QMS requirements supplement

product and service requirements

0.2 Quality Management Principles

This subsection introduces the seven quality management principles that underlie

and form the basis for this standard.

0.3 Process approach

This subsection explains the process approach and the related PDCA (plan-do-

check-act) cycle, as well as the concept of risk-based thinking.

Overview 0. Introduction

1. Scope 2. Normative Reference

3. Terms and Definitions 4. Context of the organization 5. Leadership

6. Planning 7. Support

8. Operations 9. Performance Evaluation 10. Improvement




0.4 Relationship with other management systems

This subsection explains how this standard is related to ISO 9000 and ISO 9004.

Clause 1 Scope

This clause explains the scope of this standard

Clause 2 – Normative references

This clause references the ISO 9000:2015 standard – QMS fundamentals and

vocabulary, as being indispensable for applying ISO 9001:2015

Clause 3 Terms and definitions

This clause references ISO 9000:2015 for all terms and definitions used in ISO

9001:2015

Clause 4 – Context of the organization – sets requirements to understand the

organization and its context; understand the needs and expectations of

interested parties; determine the scope of the QMS; and establish and implement

the QMS and its processes.

Clause 5 - Leadership - sets requirements for top management to provide

leadership and commitment; promote customer focus; establish and

communicate the quality policy; and ensure that organizational roles,

responsibilities and authorities are assigned, communicated and understood

throughout the organization.

Clause 6 - Planning - sets requirements to determine and take actions to

address the risks and opportunities with reference to the context of the

organization and relevant interested parties; establish quality objectives and

plans to achieve them; and plan for changes to the QMS.

Clause 7 - Support - sets requirements to provide resources (people,

infrastructure, environment, monitoring and measuring; organizational

knowledge); ensure competence, awareness and communications; and control of

documented information needed for implementing, maintaining and improving

the QMS.

Clause 8 - Operations - sets requirements to plan and control the various

operational processes needed to provide products and services that meet

customer requirements. These processes cover customer requirements; design

and development; external providers of resources, processes, products and

services; production; and control of nonconforming product and services. There

are many sub-clauses within each of these main requirements.

Clause 9 – Performance Evaluation - sets requirements to monitor, measure,

analyze and evaluate QMS and process performance. This clause covers customer

satisfaction feedback; internal audit and management review.




Clause 10 - Improvement - sets requirements to pursue opportunities to

improve product and services; manage risk and take corrective actions to

improve QMS performance, meet customer requirements and enhance customer

satisfaction.

Correlation Matrix - ISO 9001:2008 to ISO 9001:2015

ISO 9001:2008 Clauses ISO 9001:2015 Clauses Contents Contents Foreword Foreword Introduction Introduction 0.1 General 0.1 General 0.2 Process approach 0.3 Process approach;

0.4 Plan-Do-Check-Act cycle 0.3 Relationship with ISO 9004 0.4 Relationship with other management systems 0.4 Compatibility with other management systems

0.4 Relationship with other management systems

1. Scope 1. Scope 1.1 General 1. Scope 1.2 Application 4.3 Determining the scope of the QMS 2. Normative references 2. Normative references 3. Terms and definitions 3. Terms and definitions 4. Quality management system Removed. 4.1 General requirements 4.4 Quality management system and its processes 4.2 Documentation requirements 7.5 Documented information 4.2.1 General 7.5.1 General 4.2.2 Quality manual Removed.

4.2.3 Control of documents 7.5.2 Creating and updating; 7.5.3 Control of documented information

4.2.4 Control of records 7.5.2 Creating and updating 7.5.3 Control of documented information

5. Management responsibility 5. Leadership 5.1 Management commitment 5.1 Leadership and commitment

5.1.1 General

5.2 Customer focus 5.1.2 Customer focus 5.3 Quality policy 5.2 Quality policy 5.4 Planning 6. Planning 5.4.1 Quality objectives 6.2 Quality objectives and planning to achieve them 5.4.2 Quality management planning 6.1 Actions to address risks and opportunities

6.3 Planning of changes

5.5 Responsibility, authority, and communication

5.3 Organizational roles, responsibilities, and authorities 7.4 Communication

5.5.1 Responsibility and authority 5.3 Organizational roles, responsibilities, and authorities 5.5.2 Management representative Removed. 5.5.3 Internal communication 7.4 Communication 5.6 Management review 9.3 Management review 5.6.1 General 9.3.1 General 5.6.2 Review input 9.3.2 Management review inputs 5.6.3 Review output 9.3.3 Management review outputs 6. Resource management 7.1 Resources 6.1 Provision of resources 7.1.1 General

7.1.2 People

6.2 Human resources 6.2.1 General 6.2.2 Competence, training, and awareness

Removed 7.2 Competence; 7.2 Competence 7.3 Awareness

6.3 Infrastructure 7.1.3 Infrastructure 6.4 Work environment 7.1.4 Environment for the operation of processes




Correlation Matrix - ISO 9001:2008 to ISO 9001:2015

ISO 9001:2008 Clauses ISO/DIS 9001:2015 Clauses 7. Product realization 8. Operation 7.1 Planning of product realization 8.1 Operational planning and control 7.2 Customer-related processes 8.2 Determination of requirements for products and

services 7.2.1 Determination of requirements related to the product

8.2.2 Determination of requirements related to products and services; 8.5.5 Post-delivery activities

7.2.2 Review of requirements related to the product

8.2.3 Review of requirements related to products and services

7.2.3 Customer communication 8.2.1 Customer communication; 7.4 Communication

7.3 Design and development 8.3 Design and development of products and services 7.3.1 Design and development planning 8.3.1 General;

8.3.2 Design and development planning 7.3.2 Design and development inputs 8.3.3 Design and development inputs 7.3.3 Design and development outputs 8.3.5 Design and development outputs 7.3.4 Design and development review 8.3.4 Design and development controls 7.3.5 Design and development verification 8.3.4 Design and development controls 7.3.6 Design and development validation 8.3.4 Design and development controls 7.3.7 Control of design and development changes

8.3.6 Design and development changes

7.4 Purchasing 8.4 Control of externally provided products and services 7.4.1 Purchasing process 8.4.1 General

8.4.2 Type and extent of control of external provision 7.4.2 Purchasing information 8.4.3 Information for external providers 7.4.3 Verification of purchased product 8.4.2 Type and extent of control of external provision

8.4.3.f Information for external providers 7.5 Production and service provision 8.5 Production and service provision (title only) 7.5.1 Control of production and service provision

8.5.1 Control of production and service provision 8.5.5 Post-delivery activities

7.5.2 Validation of processes for production and service provision

8.5.1 Control of production and service provision

7.5.3 Identification and traceability 8.5.2 Identification and traceability 7.5.4 Customer property 8.5.3 Property belonging to customers or external

providers 7.5.5 Preservation of product 8.5.4 Preservation 7.6 Control of monitoring and measuring equipment

7.1.5 Monitoring and measuring resources

8. Measurement, analysis, and improvement 9. Performance evaluation 9.1 Monitoring, measurement, analysis, and evaluation

8.1 General 9.1.1 General 8.2 Monitoring and measurement 9.1 Monitoring, measurement, analysis, and evaluation 8.2.1 Customer satisfaction 9.1.2 Customer satisfaction 8.2.2 Internal audit 9.2 Internal audit 8.2.3 Monitoring and measurement of processes

9.1.1 General 9.1.3 Analysis and evaluation

8.2.4 Monitoring and measurement of product 8.6 Release of products and services 8.3 Control of nonconforming product 8.7 Control of nonconforming outputs 8.4 Analysis of data 9.1.3 Analysis and evaluation 8.5 Improvement 10. Improvement 8.5.1 Continual improvement 10.1 General

10.3 Continual improvement 8.5.2 Corrective action 10.2 Nonconformity and corrective action 8.5.3 Preventive action 6.1 Actions to address risks and opportunities




Correlation Matrix – ISO 9001:2015 to ISO 9001:2008

ISO 9001:2015 Clauses ISO 9001:2008 Clauses Introduction Introduction 0.1 General 0.1 General 0.2 Quality Management Principles New 0.3 Process approach 0.2 Process approach 0.3.1 General 0.2 Process approach 0.3.2 Plan-Do-Check-Act Cycle 0.2 Process approach 0.3.3 Risk-based thinking New 0.4 Relationship with other management systems

0.3 Relationship with ISO 9004 0.4 Compatibility with other management systems

4. Quality management system - Requirements 1. Quality management system - Requirements 1. Scope 1. Scope – general and application

2. Normative references 2. Normative references 3. Terms and definitions 3. Terms and definitions 4. Context of the organization 4. Quality management system 4.1 Understanding the organization and its context

0.1 General

4.2 Understanding the needs and expectations of interested parties

New.

4.3 Determining the scope of the quality management system

1.2 Application 4.2.2 Quality manual

4.4 Quality management system and its processes

4.1 General requirements

5. Leadership 5. Management responsibility 5.1 Leadership and commitment 5. Management responsibility 5.1.1 General 5.1 Management commitment 5.1.2 Customer focus 5.2 Customer focus 5.2 Quality policy 5.3 Quality policy 5.3 Organizational roles, responsibilities and authorities

5.5.1 Responsibility and authority 5.5.2 Management representative 5.4.2b Quality management system planning

6. Planning 5.4 Planning 6.1 Actions to address risks and opportunities 5.4.2 Quality management system planning

8.5.3 Preventive action 6.2 Quality objectives and planning to achieve them

5.4.1 Quality objectives

6.3 Planning of changes 5.4.1 Quality objectives 5.4.2b Quality management system planning

7. Support New; Merged from old 6, 7.6, Control of measuring and monitoring equipment

7.1 Resources 6. Resource management 7.1.1 General 6.1 Provision of resources 7.1.2 People 6.1 Provision of resources 7.1.3 Infrastructure 6.3 Infrastructure

7.1.4 Environment for the operation of processes

6.4 Work environment

7.1.5 Monitoring and measuring resources 7.6 Control of monitoring and measurement equipment

7.1.6 Organizational knowledge New.

7.2 Competence 6.2 Human Resources

7.3 Awareness 6.2.2.d Competence, training, and awareness

7.4 Communication 5.5.3 Internal communication 7.2.3 Customer communication




Correlation Matrix – ISO 9001:2015 to ISO 9001:2008 ISO 9001:2015 Clauses ISO 9001:2008 Clauses 7.5 Documented information 4.2 Documentation requirements 7.5.1 General 4.2.1 General 7.5.2 Creating and updating

4.2.3 Control of documents 4.2.4 Control of records

7.5.3 Control of documented information 4.2.3 Control of documents 4.2.4 Control of records

8. Operation 7. Product realization 8.1 Operational planning and control 7.1 Planning of product realization 8.2 Requirements for products and services 7.2 Customer-related processes 8.2.1 Customer communication 7.2.3 Customer communication 8.2.2 Determining requirements related to products and services

7.2.1 Determination of requirements related to the product

8.2.3 Review of requirements related to products and services

7.2.2 Review of requirements related to the product

8.3 Design and development of products and services

7.3 Design and development (title only)

8.3.1 General New. 8.3.2 Design and development planning 7.3.1 Design and development planning 8.3.3 Design and development inputs 7.3.2 Design and development inputs 8.3.4 Design and development controls 7.3.4 Design and development review

7.3.5 Design and development verification 7.3.6 Design and development validation

8.3.5 Design and development outputs 7.3.3 Design and development outputs 8.3.6 Design and development changes 7.3.7 Control of design and development changes 8.4 Control of externally provided products and services

7.4 Purchasing

8.4.1 General 7.4.1 Purchasing process 8.4.2 Type and extent of control of external provision

7.4.1 Purchasing process 7.4.3 Verification of purchased product

8.4.3 Information for external providers 7.4.2 Purchasing information 7.4.3 Verification of purchased product

8.5 Production and service provision 7.5 Production and service provision 8.5.1 Control of production and service provision 7.5.1 Control of production and service provision

7.5.2 Validation of processes for production and service provision

8.5.2 Identification and traceability 7.5.3 Identification and traceability 8.5.3 Property belonging to customers or external providers

7.5.4 Customer property

8.5.4 Preservation 7.5.5 Preservation of product

8.5.5 Post-delivery activities 7.2.1 Determination of requirements related to the product (7.2.1.a) 7.5.1 Control of production and service provision (7.5.1.f)

8.5.6 Control of changes New 8.6 Release of products and services 7.4.3 Verification of purchased product

8.2.4 Monitoring and measurement of product 8.7 Control of nonconforming outputs 8.3 Control of nonconforming product




Correlation Matrix – ISO 9001:2015 to ISO 9001:2008 ISO 9001:2015 Clauses ISO 9001:2008 Clauses 9. Performance evaluation New. 9.1 Monitoring, measurement, analysis, and evaluation

8. Measurement, analysis, and improvement

9.1.1 General 8.1 General 8.2.3 Monitoring and measurement of processes

9.1.2 Customer satisfaction 8.2.1 Customer satisfaction 9.1.3 Analysis and evaluation 8.4 Analysis of data 9.2 Internal audit 8.2.2 Internal audit 9.3 Management review 5.6 Management review 9.3.1 General 5.6.1 General 9.3.2 Management review inputs 5.6.2 Review input 9.3.3 Management review outputs 5.6.3 Review output 10. Improvement 8.5 Improvement (title only) 10.1 General 8.5.1 Continual improvement 10.2 Nonconformity and corrective action 8.3 Control of nonconforming product

8.5.2 Corrective action 10.3 Continual improvement 8.5.1 Continual improvement

Annex A – Clarification of new structure,

terminology, and concepts

New.

Annex B – Other international standards on

quality management and quality management systems developed by ISO/TC 176

New.

Bibliography Bibliography




Key themes:

To help you get the most out this eBook, you might find it useful to follow key

themes that the ISO 9001 standard has emphasized. These include:

Your must use two tools - the process approach and the PDCA (plan-do-

check-act to improve) cycle as a consistent framework to manage QMS

processes and activities in an organized and disciplined way.

Your QMS processes and activities must be operated under controlled

conditions which are the requirements specified by the standard.

The controlled conditions must focus on the prevention of undesirable

outcomes by planning and implementing actions (risk-based thinking) to

reduce or eliminate risk and exploit opportunities for improvement (desirable

outcomes).

Internal and external contextual factors must be considered in applying

risk-based preventive controls to your QMS.

Your QMS must add value to your organization and customers by

improving its performance and the quality of products and services.

QMS processes and activities must be customer-focused. All personnel must

be aware of and strive to meet internal, regulatory and customer and

requirements.

Your QMS must always strive to enhance customer satisfaction.

The themes outlined above are all part of the seven management principles

(described in detail later) which form the backbone of the ISO 9001 standard

As you go about developing and implementing your QMS, ask yourself „Have I

addressed these key themes in each of my QMS processes?‟

Test your understanding of this section before you proceed to the

next section:

1. Which clause headings set out requirements to develop and implement your

QMS?

2. What information do the first four clause headings provide?

3. What is the common thread underlying the key themes listed in this section?




0.1 Introduction

0.1 General:

The adoption of a QMS is a strategic decision for an organization

that can help improve its overall performance and provide a sound

basis for sustained development initiatives.

The potential benefits to an organization of implementing a quality

management system based on this International standard are:

a) The ability to consistently provide product and services that

meet customer and applicable statutory and regulatory

requirements;

b) Facilitation opportunities to enhance customer satisfaction;

c) Addressing risks and opportunities associated with its context

and objectives;

d) The ability to demonstrate conformity to specified quality

management requirements

This International Standard can be used by internal and external

parties.

It is not the intention of this International Standard to imply the

need for:

Uniformity in the structure of different quality management

systems;

Alignment of documentation to the clause structure of this

international standard;

The use of the specific terminology of this international standard

within the organization.

The quality management system requirements specified in this

International Standard are complementary to requirements for

product and services.

This International Standard employs the process approach, which

incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based

thinking.

The process approach enables an organization to plan its processes

and their interactions.

The PDCA cycle enables an organization to ensure that its processes

are adequately resourced and managed and that opportunities for

improvement are determined and acted upon.




0.1 Introduction

The purpose of an organization is to identify and meet the needs and

expectations of its customers and other stakeholders and gain competitive

advantage. One of the strategies it might use to achieve this goal is to employ

universally recognized business tools to improve the effectiveness and efficiency

of its capabilities.

ISO 9001:2015 is a powerful business tool that organizations may use to

achieve this. Organizations use ISO 9001 to achieve goals and objectives related

to meeting customer and regulatory requirements and enhancing customer

satisfaction.

While the focus is on quality management, the ISO 9001 business model may be

applied just as well to manage the entire organization. The standard

embodies business concepts and principles universally recognized and applied for

sound business management. As such, ISO 9001 is a strategic management tool

that can be used as a starting point towards achieving sustained business

success.

As a strategic tool, it can be used as the framework to integrate other

strategic activities related to sales and marketing; technology; and product,

service and process design and development; corporate environment, structure,

culture and governance; product and service realization, delivery and support;

Risk–based thinking enables an organization to determine the factors

that could cause its processes and is quality management system to

deviate from the planned results, to put in place preventive controls

to minimize negative effects and to make maximum use of

opportunities as they arise (see Appendix A4).

Consistently meeting requirements and addressing future needs and

expectations poses a challenge for organizations in an increasingly

dynamic and complex environment. To achieve this objective, the

organization might find it necessary to adopt various forms of

improvement in addition to correction and continual improvement,

such as breakthrough change, innovation and re-organization.

In this International Standard, the following verbal forms are used:

“Must” indicates a requirement;

“Should” indicates a recommendation;

“May” indicates a permission;

“Can” indicates a possibility or a capability.

Information marked as “NOTE” is for guidance in understanding or

clarifying the associated requirement.




facility and asset management, etc. it can also be integrated with other

business management systems such as environmental management system

(EMS) and occupational health and safety (OHS).

The various parts of an organization‟s management system, including its QMS,

can be integrated as a single management system. The objectives,

processes and resources related to quality, growth, funding, profitability,

environment, occupational health and safety, energy, security and other aspects

of the organization can be more effectively and efficiently achieved and used

when the QMS is integrated with other management systems.

Sustained business success can be achieved by developing growth and

improvement programs and initiatives that add value by addressing the present

and longer term needs of its interested parties that include customers, end-

users, investors/ shareholders (owners), people employed by the organization,

external providers, regulatory bodies, lending institutions, unions, partners,

interest groups and communities.

What this means is that the organization must take a long-term outlook to

attaining business success as well as addressing a broader scope of

stakeholder requirements, needs and expectations, not just its immediate

customers. In pursuing ISO 9001 certification and undertaking longer term

improvement initiatives, it must seek to achieve a balance between its economic-

financial interests and those of the social and ecological environment that it

operates in. The goals and objectives that it seeks to achieve must also strike a

balance between incremental improvement and breakthrough accomplishments.

The QMS that you develop for your organization (based on meeting the

applicable requirements of this ISO 9001 standard) must comprise of

interacting processes and activities which to some extent can be

predetermined, but at the same time must be flexible and adaptable to the

complexities of your environmental context. The ability to change may

sometimes require innovation to achieve breakthrough improvements.

Your organization must understand its internal and external context and

identify the needs and expectations of relevant interested parties. This

information must be used to develop your QMS to achieve organizational

sustainability. Although often appearing to be comprised of similar processes,

each organization and its QMS are unique.

The processes of your QMS can be defined, measured and improved. These

processes interact to deliver results consistent with your organization‟s objectives

and cross functional boundaries. Some processes can be critical while others are

not.

People collaborate within a process to carry out their daily activities. Some

activities are prescribed and depend on an understanding of the objectives of the

organization, while others are not and react to external stimuli to determine their

nature and execution.




Every organization has quality management activities, whether they have been

formally planned or not. ISO 9001 provides requirements on how to develop a

formal system to manage these activities. It is necessary to determine activities

which already exist in the organization and their suitability regarding the context

of the organization. ISO 9001 along with guidance from ISO 9000 and ISO 9004

can be used to assist the organization to develop a cohesive QMS. I will make

many references to information from these standards to give you a solid

understanding of ISO 9001.

A formal QMS provides a framework for planning, executing, monitoring and

improving the performance of quality management activities. The QMS does not

need to be complicated; rather it needs to accurately reflect the needs of the

organization.

A QMS is a dynamic system that evolves over time through periods of

improvement. QMS planning is not a static activity, but an ongoing process. Plans

evolve as the organization learns and adapts to its changing environment. Your

QMS planning must take into account all quality activities of your organization

and ensure that all applicable requirements of ISO 9001 are addressed. The plan

is implemented upon approval.

It is important for your organization to regularly monitor and evaluate both

the implementation of QMS planning and the performance of the QMS. Carefully

considered indicators facilitate these monitoring and evaluation activities.

Auditing is a means of evaluating the effectiveness of the QMS, in order to

identify risks and to determine the fulfillment of requirements. In order for audits

to be effective, tangible and intangible evidence needs to be collected. Actions

are taken for correction and improvement based upon analysis of the evidence

gathered. The knowledge gained could lead to innovation, taking QMS

performance to higher levels.

Your QMS must be able to identify risks and pursue opportunities to improve its

processes, products and services in order to achieve and enhance customer

satisfaction. ISO guidance documents suggest that many issues such as

innovation, ethics, trust and reputation could be regarded as parameters within

the QMS.

It is important to state here that ISO 9001 certification must not be the ultimate

goal of QMS implementation. Your primary long-term focus must be to

improve the effectiveness and efficiency of the organization for the benefit of all

its stakeholders. Obtaining certification must be considered as just a stepping

stone in this journey. Organizations that understand and follow this approach will

get the most benefit from QMS development and implementation.

The potential benefits from implementing a QMS based on ISO 9001 include:

a. The ability to consistently provide product and services that meet customer

and applicable statutory and regulatory requirements;

b. Facilitation opportunities to enhance customer satisfaction;




c. Addressing risks and opportunities associated with its context and objectives;

d. The ability to demonstrate conformity to specified quality management

requirements.

These benefits will be discussed in ample detail as we cover the various clauses

of the standard

So we can see from the above that ISO 9001 is just a good starting block for

sound business management. There are other standards, guidance documents

(e.g. ISO 9004) and business tools that go well beyond ISO 9001 and your

organization is encouraged to pursue these, once certification is obtained as it

charts its course towards achieving sustained business success.

Structure and terminology

The clause structure (i.e. clause sequence) and some of the terminology of this

edition of this International Standard, in comparison with the previous edition

(ISO 9001:2008) have been changed to improve alignment with other

management standards.

There is no requirement in this International Standard for its structure and

terminology to be applied to the documented information of an organization‟s

quality management system.

The structure of clauses is intended to provide a coherent presentation of

requirements, rather than a model for documenting an organization‟s policies,

objectives and processes. The structure and content of documented information

related to a QMS can often be more relevant to its users if it relates to both, the

processes operated by the organization and information maintained for other

purposes.

There is no requirement for the terms used by an organization to be replaced by

the terms used in this International Standard to specify quality management

system requirements. Organizations can choose to use terms which suit their

operations (e.g. using “records”, “documentation” or “protocols” rather than

“documented information”; or “supplier”, “partner” or “vendor” rather than

“external provider”).

Table A.1 show the major differences in terminology between this edition of this

International Standard and the previous edition.

Major differences in terminology between ISO 9001:2008 and ISO 9001:2015

Product and services Product and services

Exclusions Not used

(See clause A.5 for clarification of

applicability)

Management Representative Not used

(Similar responsibilities and authorities




are assigned but no requirement for a single management representative)

Documentation, quality manual, documented procedures, records

Documented information

Work environment Environment for the operation of processes.

Monitoring and measuring equipment Monitoring and measuring resources

Purchased product and services Externally provided product and

services.

Supplier External provider

It is important to remember that each organization must use the requirements of

ISO 9001 to design and develop a QMS that fits the specific needs of its

business for it to be effective. Using a boilerplate approach that forces the

business to adapt to ISO 9001 will result in a superficial QMS and will not

generate buy-in from the workforce and will rarely be effective.

The ISO 9001 standard defines a generic set of requirements for all

organizations, regardless of the nature of product or service, for profit or not for

profit, size, complexity or industry sector. The standard define control

requirements for your quality management system (QMS) that focus on

improving the effectiveness of your QMS in meeting customer requirements and

thus enhancing customer satisfaction.

It is important to note that the ISO 9001 standard does not specify

requirements for product and services or service quality. Requirements for

products and services come from customers, end-users, regulatory bodies and

other interested parties. The standard sets generic control requirements for QMS

processes and activities to ensure that they consistently and effectively meet

these (customer product and service) requirements, needs and expectations to

drive sustained improvement, business growth and enhance customer

satisfaction.

The focus of all ISO 9001 generic control requirements is on your QMS and its

processes. By effectively controlling and continually improving your QMS

processes, there will obviously be a positive impact on product and service

quality and conformity to customer requirements.

Organizations implementing an ISO 9001 based QMS must conform to all

applicable requirements that the standard specifies. This provides internal and

external parties (customers, registrars and regulatory bodies), the basis (i.e. a

benchmark) against which to assess the organizations ability to meet customer,

regulatory and internal requirements. It is now a common practice to use ISO

9001 certification as a requirement for making contractual decisions.

QMS design and implementation will vary from organization to another. ISO

9001 allows this flexibility because organizations may have differing - goals and




objectives; business risks; range and complexity of product and services;

processes and resources; organizational size and structure; workforce

competence and stability; etc. This flexibility may also relate to QMS scope

You must ensure that the scope of your QMS addresses all customer

requirements. Customer requirements may show up in contracts, blueprints,

their supplier quality manuals, commercial terms and conditions, or referenced to

applicable industry and regulatory standards and codes, etc. QMS scope will be

covered in more detail under clause 1.0 and 4.3.

Under this clause, the standard introduces the PDCA (plan-do-check-act)

cycle. The PDCA is a structured approach that enables an organization to plan its

QMS processes and their interactions; ensure the processes are adequately

resourced and managed; and allows opportunities for improvement to be

determined and acted upon.

This section also introduces the concept of risk-based thinking, which enables

an organization to:

Determine the factors that cause the QMS and its processes to deviate

(positively or negatively) from planned results as defined by your PDCA;

To put in place preventive controls to remove or mitigate negative effects or

outcomes;

And to capitalize on opportunities as they arise.

I will provide more coverage on PDCA and risk-based thinking in later clauses.

This section also makes the point that in order to achieve sustained success in

an increasingly dynamic and complex business, social and political environment,

the organization must do more than just make incremental improvements

and correction as advocated in previous versions of the ISO 9001 standard. It

must undertake more significant actions such as breakthrough change,

innovation and reorganizatiion.

The standard clarifies the use of various terms used throughout the standard:

“Shall‟ - indicates a requirement that is contractually binding where the

requirement is included in the QMS scope; its implementation is mandatory

and must be verifiable for certification purposes. In my explanation of the

standard, I will use the word “must” instead of “shall” as it lends more

emphasis and urgency to implementing a requirement.

There are around 275 “shalls” requirements in the ISO 9001 standard.

“Should” indicates a recommendation. It is a requirement that is non-

mandatory but desirable and worth implementing and the outcome while

deemed more likely to be positive, may not always be fully verifiable for

certification purposes.

“May” indicates a permission. It is not mandatory, rather provides a choice of

whether to or not implement something depending upon the circumstances of

the situation. However if the choice is taken with deliberation to include an




activity in the QMS scope, then it attracts all the attention of a “must”. For

example in clause 4.3 Determining QMS scope (last paragraph)-“Conformity

to this International Standard may only be claimed if the requirements

determined as not being applicable do not affect the organization‟s ability”.

“Can” indicates a possibility or capability; be able to; there is a possibility of;

it is possible to; and relates to having the ability, power or the means to do

something. The word “can” is mostly found in the notes to various clauses for

example in clause 4.1 understanding the organization and its context – all 3

notes use the word “can”.

Test your understanding of this section before you proceed to the

next section:

1. Why is implementing a QMS based on ISO 9001 a strategic decision?

2. Why would you apply the requirements of ISO 9001 to manage your whole

organization?

3. What is meant by sustained business success?

4. Who are interested parties?

5. What should your QMS comprise of?

6. Why should your QMS be dynamic?

7. Why should your QMS be regularly monitored and evaluated?

8. What should your long-term quality management focus be?

9. Should you model your QMS aligned with the structure and terminology of

the ISO 9001 standard?

10. Why should you use the requirements of ISO 9001 to develop your QMS?

11. Why does the ISO 9001 standard not specify requirements for products and services?

12. What is the focus of ISO 9001 requirements?

13. Why do QMS‟s differ from one organization to another?

14. What is the PDCA cycle?

15. What is the concept of risk-based thinking?

16. What is the difference between “shall” and “should” in the context of the ISO

9001 standard?

17. What is the difference between “May” and “Can” ” in the context of the ISO

9001 standard?

Date post:	08-May-2020
Category:	Documents
Upload:	others
View:	77 times
Download:	0 times

Quality Management System Requirements€¦ · QMS managers - to develop a more effective QMS for...

Documents