annex sl and transition implications new iso 9001 standard

ANNEX SL & TRANSITION

IMPLICATIONS NEW ISO-9001

STANDARD

JOHN ROSKAM

DECEMBER 2014

PLANNING NEW ISO-9001 STANDARD

June2012

Draft design spec. and

WDO

December 2012

Approved design spec

and WD1

April2013

CD for comment and ballot

May2014

ISO/DIS 9001:2014 published

for comment (3 months)

March2015

Proposed FDIS

publication

September 2015

Proposed ISO

9001:2015 publication

Proposed Transition

Period

3 years from standard

publication

The start:

Management makeover -“ New format for future ISO management system standards

:

ANNEX SL - BACKGROUND

ANNEX SL - PLUG IN MODEL

ANNEX SL: COMMON TERMINOLOGY & STRUCTURE

Defines framework for a general management system

The incorporation of Annex SL means a new structure and layout out for ISO 9001

and one which all management system standards are adopting as they are revised or

introduced in the future.

Opportunity to integrate different management systems (ISO-9001, 14001)

Uniform definition of terms. They have been included to help the reader understand

all the terms used. An understanding of the definitions is vital in order to fully grasp

the new standard’s requirements.

One term that is used extensively throughout ISO/DIS 9001:2014 is ‘Determine.’

Determination is defined in ISO/DIS 9001:2014 as:

“activity to find out one or more characteristics and their characteristic values”

Within the management systems environment, organisations will have to consider

how they can provide evidence that a process of determination has taken place and

that an output from that process exists.

ANNEX SL – MAIN STRUCTURE (CHAPTERS)

ISO 9001: 2015, 14001, 27001, 45001 of………

0. Introduction

1. Scope

2. Normative Reference

3. Terms and Definitions

4. Context of the organization

5. Leadership

6. Planning

7. Support

8. Operation

9. Performance Evaluation

10.Improvement

4.

CONTEXT OF THE ORGANIZATION

5.

LEADERSHIP

6.

PLANNING

7.

SUPPORT

8.

OPERATION

9. PERFORMANCE EVALUATION

10. IMPROVEMENT

PLAN DO CHECK ACT

ANNEX SL – CHAPTERS IN RELATION TO PDCA

4.

CONTEXT OF THE

ORGANIZATION

Understanding of

the organization

and its context

Needs and

expectations of

interested parties

Scope of

management

system

QMS and its

processes

5.

LEADERSHIP

Leadership and

commitment

Quality policy

Roles,

responsibilities

and authorities

6.

PLANNING

Actions to

address risk

and

opportunities

Quality

objectives &

planning to

achieve them

7.

SUPPORT

Resources

Competence

Awareness

Communication

Documented

information

Planning of

changes

PLAN

8.

OPERATION

Operational planning and control

Determination of requirements for

products and services

Design and development of


Control of externally provided


Production and service provision

Release of products and services

Control of nonconforming process

outputs, products and services

9. PERFORMANCE EVALUATION

Monitoring,

measurement,

analysis and

evaluation

Internal audit

Management

review

10. IMPROVEMENT

Nonconformity

and corrective

action

Continual

improvement

DO ACTCHECK

General

ANNEX SL – CHAPTERS/PDCA IN DETAIL

ANNEX SL – WHAT DO TEXT COLOURS IN STANDARDS

(DRAFT VERSIONS) MEAN?

PAGE 9

Om succesvol te zijn, stemmen wij onze werkzaamheden af op de gekozen klantsegmenten.

In alle segmenten willen wij marktleider zijn. We zorgen dat we onze leidende positie in Large en

Strategic (meer dan 100 auto’s) behouden. En dat wij ons marktaandeel in MKB en Business (minder

dan 100 auto’s) vergroten.

Om dit te realiseren, moeten we onder meer onze kosten onder controle houden door onze directe (auto-

gerelateerde) kosten te verlagen

Black text = ISO-standard specific part

Blue text = ANNEX SL (general part)…but colours seem to be mixed up in the draft versions….

E.g.

ISO-9001: 5.2 Quality policy

6.2 Planning for the quality management system

ISO-14001: 5.2 Environmental policy

6.2 Planning

Red text = To be decided (will not be included in final

version)

Clause No: Title Item Change

1: Scope Scope Clarifications

2: Normative References Normative References No normative references

3: Terms and Definitions Terms and Definitions Some amendments and clarifications

4: Context of the organization Context of the organization New requirements

5: Leadership Leadership Greater area of focus, integral to business processes and

accountability

6: Planning Risks/Opportunities

Planning of changes

New requirement

Greater area of focus

7: Support Knowledge

Documented Information

New requirement

New requirement

8: Operation Outsourcing

Design & Development

Post Delivery Activities

New requirement

Requirements made clearer


9: Performance Evaluation Performance indicators

Management Review

Greater area of focus on risk(s) and performance


10: Improvement Continual Improvement Clarification on approach and structure, removal of preventive action

What’s new? (See annex A of ISO/DIS, page 44)

7 Quality Management Principles:

(see annex B of ISO/DIS)

• Customer Focus

• Leadership

• Engagement of People

• Process Approach

• Improvement

• Evidence-based Decision Making

• Relationship Management

THE COMPLETE PICTURE

Continual Improvement

Requirements Products &

services

Customer &

other relevant

interested

partiesPlanning Performance

evaluation

Operations

Management

Responsibility

Leadership

Input

Supporting processes

Customer

satisfaction

OutputsInputs

X

Context, relevant

interested parties

&

Scope of QMS

X

General &

Process approach

PLAN – CHAPTER 4

4.


Understanding of the

organization and its

context

Needs and expectations

of interested parties

Scope of management

system

QMS and its processes

5.

LEADERSHIP

Leadership and

commitment

Quality policy

Roles, responsibilities

and authorities

6.

PLANNING

Actions to address

risk and

opportunities

Quality objectives &

planning to achieve

them

7.

SUPPORT

Resources

Competence

Awareness

Communication

Documented information

Planning of changes

PLAN

ISO/DIS 9001:2014 REQUIREMENTS

Clause 4.1 - Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.

Implication:

Define the context of the organization (= business environment) in terms of:

Internal and external issues

Issues can be risks AND opportunities

“Note 1” defines “drivers” that could be taken into account concerning external issues:

1. Politcs, legislation

2. Technology

3. Competitors and market circumstances

4. Social/cultural circumstances

5. Economical environment

(Inter-)national, regional or local

“Note 2” defines “drivers” that could be taken into account concerning internal issues: 1. Corporate values2. Culture3. Level of knowledge4. Performance of the organization


4.2 UNDERSTANDING THE NEEDS AND EXPECTATIONS

OF INTERESTED PARTIES

The organization shall determine:

a) the interested parties that are relevant to the quality management system, and

b) the requirements of these interested parties that are relevant to the quality

management system

Implication:

Determine all the stakeholders (not only customers!) of the organization

Determine their needs and demands


4.3 DETERMINING THE SCOPE OF THE QMS

The organization shall determine the boundaries and applicability of the quality management system to establish its scope.

When determining this scope, the organization shall consider:a) the external and internal issues referred to in 4.1;

b) the requirements of relevant interested parties referred to in 4.2;

c) the products and services of the organization.

The scope shall be available and be maintained as documented information stating the justification for any instance where a requirement of this International Standard cannot be applied.

Scope and Applicability:

The way inclusion and exclusion of requirements for ISO/DIS 9001:2014 is addressed is different from previous versions. Now organisations will have to determine the scope of the management system (similar to other management system standards) and maintain this scope as documented information. The scope will need to be determined from the boundaries of the organisation, its context, its interested parties and its products and services. Where requirements can be applied, it is expected that they will be unless there is a clear reason that they are not applicable.

Process based approach

4.4 The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.

The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall determine:

For example :

h) opportunities for improvement of the processes and the quality management system.

Implication:

The requirement for a specific document called a Quality Manual has been replaced with a clause titled Quality Management System and its Processes.

Organisations are now required to determine the processes needed for the quality management system - their inputs, outputs, sequence and interaction - then maintain documented information to the extent necessary to support the understanding and operation of those processes.

retain documented information to the extent necessary to have confidence that the processes are being carried out as planned. ????

If the current quality manual fulfils these requirements then it can stay as is.


4.4 QUALITY MANAGEMENT SYSTEM AND ITS PROCESSES

4.




context



Scope of management

system


5.

LEADERSHIP

Leadership and

commitment

Quality policy


and authorities

6.

PLANNING

Actions to address

risk and

opportunities


planning to achieve

them

7.

SUPPORT

Resources

Competence

Awareness

Communication


Planning of changes

PLAN

PLAN - CHAPTER 5

More focus on the role of Top Management

Clearer definition of what is expected of the top management:

Demonstrate leadership and commitment

Responsible for the integration of the QMS with the organization business

processes

Taking accountability, engaging, supporting, promoting and communicating

Link Policy and Objectives organisational Strategy and Context

Promote awareness of the Process Approach

Ensure Risks are Managed

Be accountable for the effectiveness of the QMS

ISO 9001:2014 – REQUIREMENTS

5.1 LEADERSHIP AND COMMITMENT

The term “Management Representative” doesn’t exists anymore in this version

PLAN - CHAPTER 6

4.




context



Scope of management

system


5.

LEADERSHIP

Leadership and

commitment

Quality policy


and authorities

6.

PLANNING

Actions to address

risk and

opportunities


planning to achieve

them

7.

SUPPORT

Resources

Competence

Awareness

Communication


Planning of changes

PLAN


6.1 ACTIONS TO ADDRESS RISKS & OPPORTUNITIES

When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

a) give assurance that the quality management system can achieve its intended result(s);

b) prevent, or reduce, undesired effects;

c) achieve continual improvement

Implications:

The organization shall plan:

a) actions to address these risks and opportunities, and

b) how to:

1) integrate and implement the actions into its quality management system processes (see

4.4), and

2) evaluate the effectiveness of these actions.

Any actions taken to address risks and opportunities shall be proportionate to the potential effects on conformity of goods and services.

The incorporation of Annex SL into ISO/DIS 9001:2014 now drives a risk based approach

to thinking and acting. The requirements under a risk based approach affect quality

planning and now incorporate much of what was previously titled Preventive Action. Now

an organisation will need to determine the risks and opportunities that need to be

addressed to give assurance that the QMS can achieve its intended results.

This may appear as a new area to ISO 9001, however many organisations already have

risk based thinking and planning in many parts of their organisation which may or may not

have been connected to the QMS in the past. This greater focus on risk will mean that an

organisation will need to demonstrate how this requirement is met. The extent and

formality of the approach needed in a particular organisation will - of course - be

influenced by its context.

The concept of risk has always been implicit in ISO 9001 – this revision makes it more

explicit and builds it into the whole management system.

Risk is often thought of only in the negative sense. However, risk-based thinking can also

help to identify opportunities. This can be considered to be the positive side of risk.


6.1 ACTIONS TO ADDRESS RISKS & OPPORTUNITIES

HOW DOES RISK RELATE TO ISO 9001 –

THE MAIN OBJECTIVES

To provide confidence in the organisation’s ability to consistently

provide customers with conforming goods and services.

To enhance customer satisfaction.

The concept of ‘risk’ in the context of ISO 9001 relates to

the uncertainty in achieving these objectives

RISK IN THE CLAUSES

Clause 4: Context of the organization

The organization is required to determine the risks which can affect its ability to meet these objectives.

Clause 5: Leadership

Top management are required to commit to ensuring Clause 4 is followed.

Clause 6: Planning for the quality management system

The organization is required to take action to address risks and opportunities.

Clause 8: Operation

The organization is required to have processes which address risk in its operations.

Clause 9: Performance Evaluation

The organization is required to monitor, measure, analyse and evaluate the risks and opportunities.

Source - ISO/TC 176/SC 2/WG23 N065

RISK BASED THINKING – THINGS TO CONSIDER

Analyse and prioritise the risks and opportunities in your organisation:

what is acceptable?

what is unacceptable?

Plan actions to address the risks:

how can I manage the risk, for example reduce, eliminate?

Implement the plan – take action.

Check the effectiveness of the actions – does it work?

Learn from experience – continual improvement.

The Risk Arena provides a useful guide for considering internal (inner circle) and external (outer circle) sources of risk.

Any or all external sources of risk may have relationships or interactions with any or all internal sources of risk

SOURCES OF RISK

‘As Low as Reasonably Practical (ALARP)’ approach

Risk

Unacceptable Region

Tolerable Region

Generally Acceptable Region

Risk is justifiable only in

exceptional circumstances

Tolerable only when risk reduction

is not practicable or the cost

exceeds the benefits

Insignificant Risk

THE ALARP APPROACH TO RISK MANAGEMENT

(STANDARD FOR OHSAS 18001)


6.2 & 6.3 OBJECTIVES / PLANNING OF CHANGES

6.2 Quality objectives and planning to achieve them

6.3 Planning of changes

Implication:

Implementation of a change management process

PLAN – CHAPTER 7

4.




context



Scope of management

system


5.

LEADERSHIP

Leadership and

commitment

Quality policy


and authorities

6.

PLANNING

Actions to address

risk and

opportunities


planning to achieve

them

7.

SUPPORT

Resources

Competence

Awareness

Communication


Planning of changes

PLAN

7.1 Resources

7.2 Competences

7.3 Awareness

7.4 Communication

7.5 Documented information

7.5.1 General

7.5.2 Creating and updating

CLAUSE 7 - SUPPORT

OVERVIEW OF CONTENTS

CLAUSE 7 – SUPPORT

KNOWLEDGE & COMPETENCE

7.1.6 Organizational knowledge

Organizations shall determine knowledge necessary for the operation of the QMS and its

processes to assure conformity of goods and services and customer satisfaction.

Knowledge shall be maintained, protected and made available as necessary.

7.2 Competence

Organizations shall determine the necessary competence of person(s) doing work under its

control that affect its quality performance

Implications:

More focus on necessary skills and knowledge of employees

An organisation will now need to consider what knowledge it needs to achieve conformity of

products and services along with how it will develop, maintain and retain such knowledge.

Whilst this is a new requirement in the standard it may not mean it will be a new requirement for

any certified organisation as any well managed organisation will usually have methods to

manage the information and knowledge it needs in order to perform successfully.

E.g. development plans, role descriptions, skill matrices per process/role

7.5 The QMS shall include:

a) documented information required by ISO 9001:2015

b) documented information determined by the organization as being necessary to achieve effectiveness

Implications:

More freedom in ‘documented information’

The terms ‘documented procedure’ and ‘record’ and have been replaced with ‘document information’. In use, this means that ‘documented procedures’ are replaced by the requirement to maintain documented information and ‘records’ are replaced by the requirement to retain documented information. The nature and type of documented information that an organisation needs to maintain or retain is dependent on the context and its operating environment. The way documented information is defined in ISO/DIS 9001:2014 provides more scope for an organisation to determine what is appropriate for its unique set of circumstances, rather than just following a prescriptive format.

CLAUSE 7 – SUPPORT DOCUMENTED

INFORMATION CHANGES

DO – CHAPTER 8

8.

OPERATION

Operational planning and control

Determination of requirements for


Design and development of products and

services

Control of externally provided products

and services

Production and service provision

Release of products and services

Control of nonconforming process

outputs, products and services

DO

CHECK – CHAPTER 9

CHECK9. PERFORMANCE EVALUATION

Monitoring, measurement, analysis and

evaluation

Internal audit

Management review

CLAUSE 9 – PERFORMANCE EVALUATION

OVERVIEW OF CONTENTS

9.1 Monitoring, measurement, analysis and evaluation

9.1.1 General

9.1.2 Customer satisfaction

9.1.3 Analysis and evaluation

9.2 Internal audit

9.3 Management review


CLAUSE 9.3: MANAGEMENT REVIEW

Input for the Management Review:

the status of actions from previous management reviews;

changes in external and internal issues that are relevant to the quality

management system including its strategic direction;

information on the quality performance, including trends and indicators

the effectiveness of actions taken to address risks and opportunities

(see 6.1);

New potential opportunities for continual improvement.


CLAUSE 9.3: MANAGEMENT REVIEW

The outputs of the management review shall include decisions and actions related to:

continual improvement opportunities; and

any need for changes to the quality management system, including resource

needs.

The organization shall retain documented information as evidence of the results of

management reviews

Implications:

Because of the incorporation of Annex SL and the revision to other areas within the DIS, the

scope of information to be considered at Management Review may also need to be extended to

include these areas.

There is now an explicit requirement for Management Review to consider

1] how changes in its context affect the QMS and its strategic direction and

2] the effectiveness of actions taken to address risks and opportunities.

Stronger link between the performance of the management system and the quality of products

and services

ACT – CHAPTER 10

ACT10. IMPROVEMENT

Nonconformity and corrective

action

Continual improvement

General

annex sl and transition implications new iso 9001 standard

Leadership & Management

annex sl transition

planning new iso

isostandard specific

new standards requirements

new structure

management systems environment

development of products

process of determination