why is iso 9001:2015 the best blueprint for building the ... · iso management system standards....
TRANSCRIPT
Why Is ISO 9001:2015 the Best
Blueprint for Building the Most
Powerful QMS
Presenter: Michael Prior, CQA
www.qi-a.com; www.qisssoftware.com
• Understanding ISO 9001:2015
• Methods for Implementation
• Central Nervous System (CNS) &
Risk Based Thinking
• ISO 9001:2015 for a more powerful
QMS
Agenda
Annex SL
• ‘High Level Structure’ (aka Annex SL) for various
ISO management system standards.
• The new structure is set up with 10 clauses (vs. the 8
clauses in ISO 9001:2008.)
• Discipline-specific requirements will be focused on
clause 8 – Operation.
• The other 9 clauses address common elements for all
management system standards: Quality, Environment,
Safety, IT security….
v. 2015 in relation to v. 2008
• All requirements of 2008 secure in 2015
• Difference in presentation to suit Annex SL
– Requirements split into different sections
• Net additions in v.2015
– Context of Organization
– Risk based thinking,(not just risk management)
– Management of Change
– Knowledge Management
4. Context of Organization
• Determine issues impacting purpose
• Determine and monitor stakeholder needs
• Determine scope of QMS, processes
• Address risks
• Documented information on operation of
processes
• Retained Documented information:
confidence re effective processes
5. Leadership
• Demonstrate Leadership and commitment
to QMS
• Customer focus: Meet requirements,
monitor and address risks, satisfaction
• Establish and communicate quality policy
• Organizational roles, responsibilities,
authorities
6. Planning
• Determine, address risks and opportunities
• Quality Objectives, plans for achievement
• Potential consequences (risks) of changes
• Changes carried out in a planned manner
7. Support
• Resources:
– People, Infrastructure, Environment
– Monitoring & Measuring Resources: identified,
suitable, maintained, calibrated, traceable,
safeguarded…
– Organizational Knowledge
• Competence: ensure, with evidence
• Ensure awareness of persons
• Internal & External communications
7. Support
• Documented Information
– Required by Standard
– Required by Organization for effective QMS
– Appropriate ID, format, review and approval
– Available where and when, protected
– Controlled distribution, preservation, legibility,
access, retrieval, use, changes, retention,
disposal
8. Operation
• 8.1 Operational Planning & Control
• 8.2 Requirements for products & services:
– Communications with customers
– Determine customer, legal, organizational
needs
– Review all requirements, ensure ability to meet
– Address changes
– Confirm customer requirements
8. Operation
• 8.3 Design & Development:
– Planning
– Inputs
– Design & development Controls
– Design & development Outputs
– Design & development changes
8. Operation
• 8.4 Externally provided processes,
products, services:
– Used in products, dropped shipped,
outsourced processes
– Within Control of Org QMS, Verify compliance
– Adequate info to ext providers, approval of
processes, release of product
– Monitor performance of providers
8. Operation
• 8.5 Production & service provision:
– Controlled conditions: documented info,
monitoring & measurement, validation &
revalidation, prevent human error, release-
delivery-post delivery activities
– ID and Traceability, inspection status
– Property of customers, external providers
– Preservation
V8. Operationision
8.5 Production & service provision: – Post Delivery: risk, product life, customer
feedback
– Review and control changes, keep records
• 8.6 Release of products and services
• 8.7 Control of nonconforming Outputs:
– Appropriate action(s): correction, containment,
suspension, inform customer, concession---
– Retained documentation
9. Performance Evaluation
• 9.1 Monitor-Measure, analysis, evaluation
– Determine what, how, when, done & evaluated
– Customer satisfaction
– Evaluate: conformity, satisfaction, QMS,
external providers
• 9.2 Internal Audit:
– QMS conforms- own and 9001—effectively
– ---Frequency, reporting, importance, criteria,
scope, correction & corrective action---
9. Performance Evaluation
• 9.3 Management Review:
– Inputs: outstanding actions, changes to issues,
info on performance—customer satisfaction,
objectives, processes, audits, external
providers, risks and opportunities,
improvement opportunities
– Outputs: improvement improvements,
changes, resource needs
10. Improvement
• Improve products; performance of QMS;
correcting, preventing, reducing
undesirables…
• 10.2 NC and Corrective Actions:
– Control and correct NC, deal w/ consequences
– Check if need to eliminate cause, and prevent
– Review effectiveness, update risks, records
• 10.3 Continual Improvement
Implementing the new standard
• New standard has not eliminated any of
the old requirements
• Added several new requirements—chief of
which:
– Context of Organization
– Risk Based Thinking
– Knowledge Management
– Management of Change
Implementing the new standard
• Also added, expanded, clarified many
detailed requirements. Many not so visible:
• Examples:
– Need to identify documents,
– to review and control changes for production,
– to implement actions to prevent human error
Implementing the new standard
• Compliance Alert:
• It is organization’s job to demonstrate
compliance to all the old and the new. Not
Auditor’s, to find it.
• Auditor will fully know all the requirements,
including many smaller new ones.
• All auditor has to do is to ask how do you
comply, and “show me evidence”
Implementing the new standard
• Study all requirements to understand, so
can address all the changes.
• Allow enough time. Make a plan–
– Plan by end of 2015
– Start implementing early 2016. Finish end
2016
– Plan to fit Surveillance/ Recert dates
– Official switch with Change of Registration
Scope
Implementing the new standard
• v. 2015 not changing any time soon
• …so embrace it…
• Align section numbers
• Gives flexibility to make your own plans
• Huge opportunity: Build a great QMS/
business operating system.
How to build a really powerful QMS
• “Risk based thinking” not just risk
management.
• Combine with knowledge management,
management of change.
• Use concept of Central Nervous System:
– Sensors for risk (opportunities) spread all over
– Signals processed, outputs trigger responses
– Build a “digital nervous system” (Bill Gates
1999)
Central Nervous System (CNS)
Application of CNS to QMS
• Eyes and Ears= Risk Analysis:
– Get signals, build knowledge base
• Response mechanisms:
– Root Cause Analysis (RCA)
– Local Solution Generation
– Effective Solution Implementation
– Need Global application of solution?
– Effective global solution generation,
application
Risk Assessment
RCA
Local Prevention
Global Prevention
Management of Change MOC
MoC (Cont..)
…
• The standard is all “growed up”. Users are
allowed to think!
• Don’t have to explain the difference
between corrective and preventive actions
for 5 years to the same person
• Don’t have to argue that you need more
than 5 documented procedures to run a
plant with 100 people
• What else will this standard do for you??
CONCLUSION
RISK BASED THINKING and: PLANNING, DOING,
CHECKING, ACTING
THANK YOU!!
Michael Prior, CQA
Director of Business Development Quality Institute of America, (QIA)
8951 Ruthby, Houston, TX 77061, Suite 12
(W) 281-335-7979, (F) 832-582-8504, (C) 832-512-3266
Visit us at www.qi-a.com or www.qisssoftware.com