addressing iso 9001 risk management requirements · addressing iso 9001 risk management...
TRANSCRIPT
![Page 1: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/1.jpg)
Addressing ISO 9001 Risk
Management Requirements
Roger Crist – Quality Director, Moxtek, Inc.;
and Strategic Partner, MasterControl Inc.St. Louis Section Annual Quality Conference - Nov 6, 2017
![Page 2: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/2.jpg)
In this session you will:
• Become more familiar with the ISO
9001:2015 risk management
requirements
• Be shown examples of how risk
management requirements can be
addressed using various tools
• Learn from our management system
examples and experience!
Learning Objectives
![Page 3: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/3.jpg)
• Determining the risks and opportunities
that need to be addressed in order to:a) Assure objectives will be achieved
b) Enhance desirable effects (opportunities)
c) Prevent, or reduce, undesired effects (risks)
d) Achieve improvement
• Planning the actions to address risks
and opportunities (mitigation)
See ISO 9001:2015, section 6.1.1
ISO “Risk-based thinking”
IS…
![Page 4: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/4.jpg)
• “Addressing risks and opportunities
associated with the organization’s
context and objectives”*
• “Determining factors that could cause
management system processes to
deviate from planned results,
implementing preventive controls to
minimize negative effects, and making
maximum use of opportunities as they
arise”**See ISO 9001:2015, section 0.1
ISO “Risk-based thinking”
IS…
![Page 5: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/5.jpg)
ISO “Risk-based thinking”
IS NOT…
• Is not a prescriptive requirement to
establish “formal methods for risk
management or a documented risk
management process”*
• Is not a prescriptive requirement to
“retain documented information as
evidence of its determination of risks”*
*See ISO 9001:2015, A.4
![Page 6: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/6.jpg)
However…
• The organization IS required “to plan and
implement actions to address risks and
opportunities” *
• Doesn’t it make sense to plan what types
of risks you will assess, when you will
assess these risks, how you will assess
these risks (tools), your risk prioritization,
and maintain a history of risk
assessments and mitigating actions
taken?*See ISO 9001:2015, 0.3.3, and 6.1.2
![Page 7: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/7.jpg)
1. “Proportionate to the potential impact”*
on conformance (quality)
2. “Integrated and implemented”* into the
management system
3. Evaluated for “effectiveness”*
*See ISO 9001:2015, section 6.1.2, 9.1.3, 9.3.2
And don’t forget to include how
mitigating actions will be…
![Page 8: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/8.jpg)
12 Risk Requirements # Risk Requirement Reference
1 Context Risks - External and Internal Issues ISO 9001, 4.1
2 Context Risks - Interested Parties Requirements ISO 9001, 4.2
3 Process Design and Change Risks ISO 9001, 4.4.1
4 Customer Satisfaction Risks ISO 9001, 5.1.2
5 System Change Risks ISO 9001, 6.3
6 Resource Requirements Risks ISO 9001, 7.1.1
7 Unintended Change Risks ISO 9001, 8.1
8 Product Design and Change Risks ISO 9001, 8.3.3, 8.3.6
9 Supplier Risks ISO 9001, 8.4.2
10 Reliability Risks ISO 9001, 8.5.5
11 Nonconforming Product Risks ISO 9001, 8.7.1
12 Nonconformity and Corrective Action Risks ISO 9001, 10.1, 10.2.1
![Page 9: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/9.jpg)
*See ISO 9001:2015, 4.1, 4.2, 6.1
1-2) Context Risks (Issues & Rqmts)
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Strategic / Business Planning Context - Internal Issues
(4.1)
Strategic / Business Planning Context - External Issues
(4.1)
Strategic / Business Planning Context - Stakeholder Rqmts
(4.2)
![Page 10: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/10.jpg)
3) Process Design & Change Risks
*See ISO 9001:2015, 4.4.1, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Management System Process Planning and
Change Planning
(4.4.1 f, g, and 6.3)
Manufacturing Process Planning and
Change Planning
(4.4.1 and 8.1)
![Page 11: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/11.jpg)
4) Customer Satisfaction Risks
*See ISO 9001:2015, 5.1.2, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Product Quality Planning and Change Planning
(5.1.2)
![Page 12: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/12.jpg)
5) System Change Risks
*See ISO 9001:2015, 6.3, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Management System Process Change Planning
(6.3 a)
![Page 13: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/13.jpg)
6) Resource Requirements Risks
*See ISO 9001:2015, 7.1.1, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need
to be addressed
Strategic / Business Planning - Resource Requirements
(~7.1.1)
Project Planning - Resource Requirements
(~7.1.1)
Management System Planning - Resource Requirements
(~7.1.1)
![Page 14: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/14.jpg)
7) Unintended Change Risks
*See ISO 9001:2015, 8.1, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Planning for risks resulting from changes that have unintended
consequences (8.1)
Potential Risks• Identified in Risk
Assessments prior to occurrence (preventive actions)
Adverse Events• Identified in Risk
Assessments as soon as possible after occurrence (corrections and corrective actions)
![Page 15: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/15.jpg)
8) Design and Design Change Risks
Risk Assessment (6.1)
Determine risks and opportunities that need
to be addressed
Design Planning (8.3.3)
Design Change Planning
(8.3.6)
*See ISO 9001:2015, 8.3.3, 8.3.6, 6.1
Control Methods
Inspection
Training
Procedures
SPC
Mistake-Proofing
![Page 16: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/16.jpg)
9) External Provider (Supplier) Risks
*See ISO 9001:2015, 8.4.1, 8.4.2, A.8, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need
to be addressed
Type and Extent of Controls applied to
Supplier and Output Verification
(Incoming Insp) Planning (8.4.2 c1)
Supplier Evaluation, Selection, Monitoring,
and Re-Evaluation Planning (~8.4.1)Make, Buy, or
Outsource Process Planning
(~8.4.1)
![Page 17: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/17.jpg)
10) Reliability Risks
*See ISO 9001:2015, 8.5.5, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Product Lifetime and Warranty (Reliability)
Risk Planning (8.5.5 b)
![Page 18: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/18.jpg)
11) Nonconforming Product Risks
*See ISO 9001:2015, 8.7.1, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Nonconformance Action Planning (8.7.1 p2)
![Page 19: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/19.jpg)
12) Nonconformity and Corrective Action Risks
*See ISO 9001:2015, 10.1, 10.2.1, 6.1
Risk Assessment (6.1)
Determine risks and opportunities that need to
be addressed
Correction and Corrective Action
Planning (10.1 b, 10.2.1 b3, e)
![Page 20: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/20.jpg)
Through this session, you should have:
• Become more familiar with the ISO
9001:2015 risk management
requirements
• Reviewed some examples of how risk
management requirements can be
addressed using various tools
• Learned from Moxtek Management
System (MoxSys) examples!
Take-aways
![Page 21: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/21.jpg)
Questions?
Roger Crist
Desk Phone: (801) 717-4260
Cell Phone: (801) 709-4049
Email: [email protected], [email protected]
![Page 22: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/22.jpg)
Appendix: ISO 31000:2009
![Page 23: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/23.jpg)
Appendix: MoxSys Processes
External and Internal IssuesMarket | Legal / Regulatory | Technology | Competition | Culture | Competencies | Capabilities
Other Interested Parties (Stakeholders)Employees and Families | Communities | Stockholders
Cus
tom
ers
Sup
plie
rs
PLAN ACT CHECK
DO
Moxtek Products / Services
2- Support Processes3- Operations Processes - Customers4- Operations Processes - Design5- Operations Processes - Suppliers6- Operations Processes - Production
1- Leadership / Planning Processes
8- Improvement Processes7- Performance Evaluation Processes
Corrective Action (CAPA) Process
Non-Conformance Review (NCR) Process
Continuous Improvement Process (CI Suggestions,
PDCA Projects/Activities)
Customer Satisfaction Process
Management Review Process
Internal Audit Process
Vision / Mission / Values / Charter / Strategic Plan
Business Planning (P1 Projects) Process
Quality Policy andQuality Objectives
Design and Development (Phase Review Process)
Reliability Process
Regulatory Compliance and Legal Process
Production Processes (Procedures, Travelers, etc.)
Purch / Receiving / Inventory / Production Control / Shipping
QC Process (Incoming / In Process / Final Inspection)
Customer Purchase Order Review Process
Customer Communication Process
Customer Returns (RMA) Process
HR / EHS / IT / Facilities / Maint / Finance
Support Processes
Calibration Process
Training Process
Document and Records Control Process
Document Change Notice (DCN) Process
Supplier Management Process
Supply Chain Process
Incoming Inspection (IQA) Process
Customer Satisfaction
Requirements
![Page 24: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/24.jpg)
Appendix: MoxSys SIPOC and 7M Control Plan
“Improve your processes with a SIPOC Map and 7M Control Plan” ASQ World Conference –Session W20 – May 3, 2017
![Page 25: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/25.jpg)
Appendix: MoxSys Quality Planning Guide
DFMEA PFMEA*Procedures,
Travelers, etc.
Control Plan
*Training
*Mistake Proofing
*SPC *Inspection
Key Product Characteristics
Key Process Characteristics
*Control Methods
Phase Review Project
Quality Planning Guide
Reliability Planning, Testing, and FMEA Support
Customer Change Requests (CR’s), Product Returns (RMA’s), Customer CAPA’s,
Customer Surveys, Customer Scorecards, Product Lifetime/Warranty Analysis, etc.
Product
External Customer
RequirementsFEEDBACK LOOP
Project Team-Design and
Process Engineering,
Product Management /
Marketing, Production
Management, and Quality /
Reliability
Internal Customer
Requirements
FEEDBACK LOOP
Internal Metrics (Revenue, Profitability, Yield / Scrap, Inventory Loss, etc.)
PRD, Specs, Drawings
Flowchart
Design Verification (Internal Qualification)
Design Validation (External Qualification)
![Page 26: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/26.jpg)
Appendix: MasterControl Risk Module (1 of 2)
![Page 27: Addressing ISO 9001 Risk Management Requirements · Addressing ISO 9001 Risk Management Requirements Roger Crist –Quality Director, Moxtek, Inc.; and Strategic Partner, MasterControl](https://reader030.vdocuments.us/reader030/viewer/2022041011/5ebce6794efac9490d7b40d2/html5/thumbnails/27.jpg)
Appendix: MasterControl Risk Module (2 of 2)
1-Risk Assessment
2-Risk Mitigation
3-Mitigation Approval
4-Risk Reassessment
5-Approval