Why Is ISO 9001:2015 the Best

Blueprint for Building the Most

Powerful QMS

Presenter: Michael Prior, CQA

www.qi-a.com; www.qisssoftware.com

• Understanding ISO 9001:2015

• Methods for Implementation

• Central Nervous System (CNS) &

Risk Based Thinking

• ISO 9001:2015 for a more powerful

QMS

Agenda

Annex SL

• ‘High Level Structure’ (aka Annex SL) for various

ISO management system standards.

• The new structure is set up with 10 clauses (vs. the 8

clauses in ISO 9001:2008.)

• Discipline-specific requirements will be focused on

clause 8 – Operation.

• The other 9 clauses address common elements for all

management system standards: Quality, Environment,

Safety, IT security….

v. 2015 in relation to v. 2008

• All requirements of 2008 secure in 2015

• Difference in presentation to suit Annex SL

– Requirements split into different sections

• Net additions in v.2015

– Context of Organization

– Risk based thinking,(not just risk management)

– Management of Change

– Knowledge Management

4. Context of Organization

• Determine issues impacting purpose

• Determine and monitor stakeholder needs

• Determine scope of QMS, processes

• Address risks

• Documented information on operation of

processes

• Retained Documented information:

confidence re effective processes

5. Leadership

• Demonstrate Leadership and commitment

to QMS

• Customer focus: Meet requirements,

monitor and address risks, satisfaction

• Establish and communicate quality policy

• Organizational roles, responsibilities,

authorities

6. Planning

• Determine, address risks and opportunities

• Quality Objectives, plans for achievement

• Potential consequences (risks) of changes

• Changes carried out in a planned manner

7. Support

• Resources:

– People, Infrastructure, Environment

– Monitoring & Measuring Resources: identified,

suitable, maintained, calibrated, traceable,

safeguarded…

– Organizational Knowledge

• Competence: ensure, with evidence

• Ensure awareness of persons

• Internal & External communications

7. Support

• Documented Information

– Required by Standard

– Required by Organization for effective QMS

– Appropriate ID, format, review and approval

– Available where and when, protected

– Controlled distribution, preservation, legibility,

access, retrieval, use, changes, retention,

disposal

8. Operation

• 8.1 Operational Planning & Control

• 8.2 Requirements for products & services:

– Communications with customers

– Determine customer, legal, organizational

needs

– Review all requirements, ensure ability to meet

– Address changes

– Confirm customer requirements

8. Operation

• 8.3 Design & Development:

– Planning

– Inputs

– Design & development Controls

– Design & development Outputs

– Design & development changes

8. Operation

• 8.4 Externally provided processes,

products, services:

– Used in products, dropped shipped,

outsourced processes

– Within Control of Org QMS, Verify compliance

– Adequate info to ext providers, approval of

processes, release of product

– Monitor performance of providers

8. Operation

• 8.5 Production & service provision:

– Controlled conditions: documented info,

monitoring & measurement, validation &

revalidation, prevent human error, release-

delivery-post delivery activities

– ID and Traceability, inspection status

– Property of customers, external providers

– Preservation

V8. Operationision

8.5 Production & service provision: – Post Delivery: risk, product life, customer

feedback

– Review and control changes, keep records

• 8.6 Release of products and services

• 8.7 Control of nonconforming Outputs:

– Appropriate action(s): correction, containment,

suspension, inform customer, concession---

– Retained documentation

9. Performance Evaluation

• 9.1 Monitor-Measure, analysis, evaluation

– Determine what, how, when, done & evaluated

– Customer satisfaction

– Evaluate: conformity, satisfaction, QMS,

external providers

• 9.2 Internal Audit:

– QMS conforms- own and 9001—effectively

– ---Frequency, reporting, importance, criteria,

scope, correction & corrective action---

9. Performance Evaluation

• 9.3 Management Review:

– Inputs: outstanding actions, changes to issues,

info on performance—customer satisfaction,

objectives, processes, audits, external

providers, risks and opportunities,

improvement opportunities

– Outputs: improvement improvements,

changes, resource needs

10. Improvement

• Improve products; performance of QMS;

correcting, preventing, reducing

undesirables…

• 10.2 NC and Corrective Actions:

– Control and correct NC, deal w/ consequences

– Check if need to eliminate cause, and prevent

– Review effectiveness, update risks, records

• 10.3 Continual Improvement

Implementing the new standard

• New standard has not eliminated any of

the old requirements

• Added several new requirements—chief of

which:

– Context of Organization

– Risk Based Thinking

– Knowledge Management

– Management of Change

Implementing the new standard

• Also added, expanded, clarified many

detailed requirements. Many not so visible:

• Examples:

– Need to identify documents,

– to review and control changes for production,

– to implement actions to prevent human error

Implementing the new standard

• Compliance Alert:

• It is organization’s job to demonstrate

compliance to all the old and the new. Not

Auditor’s, to find it.

• Auditor will fully know all the requirements,

including many smaller new ones.

• All auditor has to do is to ask how do you

comply, and “show me evidence”

Implementing the new standard

• Study all requirements to understand, so

can address all the changes.

• Allow enough time. Make a plan–

– Plan by end of 2015

– Start implementing early 2016. Finish end

2016

– Plan to fit Surveillance/ Recert dates

– Official switch with Change of Registration

Scope

Implementing the new standard

• v. 2015 not changing any time soon

• …so embrace it…

• Align section numbers

• Gives flexibility to make your own plans

• Huge opportunity: Build a great QMS/

business operating system.

How to build a really powerful QMS

• “Risk based thinking” not just risk

management.

• Combine with knowledge management,

management of change.

• Use concept of Central Nervous System:

– Sensors for risk (opportunities) spread all over

– Signals processed, outputs trigger responses

– Build a “digital nervous system” (Bill Gates

1999)

Central Nervous System (CNS)

Application of CNS to QMS

• Eyes and Ears= Risk Analysis:

– Get signals, build knowledge base

• Response mechanisms:

– Root Cause Analysis (RCA)

– Local Solution Generation

– Effective Solution Implementation

– Need Global application of solution?

– Effective global solution generation,

application

Risk Assessment

RCA

Local Prevention

Global Prevention

Management of Change MOC

MoC (Cont..)

…

• The standard is all “growed up”. Users are

allowed to think!

• Don’t have to explain the difference

between corrective and preventive actions

for 5 years to the same person

• Don’t have to argue that you need more

than 5 documented procedures to run a

plant with 100 people

• What else will this standard do for you??

CONCLUSION

RISK BASED THINKING and: PLANNING, DOING,

CHECKING, ACTING

THANK YOU!!

Michael Prior, CQA

Director of Business Development Quality Institute of America, (QIA)

8951 Ruthby, Houston, TX 77061, Suite 12

(W) 281-335-7979, (F) 832-582-8504, (C) 832-512-3266

Visit us at www.qi-a.com or www.qisssoftware.com