You are on page 1of 60

Implementing ISO9001:2015

John DiMaria; CSSBB, HISP, MHISP, AMBCI


Sr. Product Manager, Systems Certification - Americas

Copyright 2015 BSI. All rights reserved.

Understanding the New Direction of Standards


Navigating the ten clauses Annex SL/Directive 1
Key changes that are expected for ISO 9001
Breakout sessions I Leadership and Planning
Breakout sessions II Risk and Planning
Discussion and closing

Copyright 2015 BSI. All rights reserved.

Understanding the New


Direction of Standards
Navigating the ten clauses Annex SL
The New High Level Structure (HLS)

Copyright 2015 BSI. All rights reserved.

19/10/2015

Reasons For The Changes


Easier integration of multiple standards, using a common
foundation and common language
Increase involvement of Top Management
Decrease the emphasis on Documentation
Increase the emphasis on Achieving Value for the Organization
and its customers
Increase emphasis on Risk Management to achieve objectives
Copyright 2015 BSI. All rights reserved.

Annex SL
ISO 14001

Environmental
management system

ISO 9001

ISO/IEC 27001

Quality management
system

Information security

Annex SL
ISO 45001

TS 16949

Health & safety

Automotive

ISO 22301

Copyright 2015 BSI. All rights reserved.

Business continuity
management

ANNEX SL (HLS)
Annex SL
high level structure,
identical core text,
common terms and core definitions.
Annex SL

High level structure, identical core text, common terms and core definitions

ISMS specific
requirements

Copyright 2015 BSI. All rights reserved.

EMS specific
requirements

QMS specific
requirements

BCMS specific
requirements

Ten clauses of the new Annex SL


Directive 1 for ISO Management Systems
Annex SL describes the framework for a generic management
system. However, it requires the addition of discipline-specific
requirements to make a fully functional quality, environmental,
service management, food safety, business continuity, information
security and energy management system standard
ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014
High level structure, identical core text, common terms and core
definitions 10 Main Clauses
Copyright 2015 BSI. All rights reserved.

19/10/2015

Directive 1 10 Clauses
1. Scope

6. Planning

2. Normative references

7. Support

3. Terms and definitions

8. Operation

4. Context of the organization

9. Performance evaluation

5. Leadership

10. Improvement

Implement Once, Comply Many


19/10/2015

High Level Structure


4 Context of
organization

5 Leadership

6 Planning

7 Support

8 Operation

9 Performance and
Evaluation

4.1
Understanding
context

5.1 Leadership
and commitment
(MS)

6.1 Actions to
address risk and
opportunity

7.1 Resources

8.1 Operational
planning and control

9.1 Monitoring,
measurement,
analysis and
evaluation

10.1 Nonconformity
and corrective
action

4.2 Interested
parties

5.2 Policy

6.2 Objectives
and planning

9.2 Internal
audit

10.2 Continual
improvement

4.3 Scope

5.3 Roles,
responsibilities
and authorities

7.2 Competence

7.3 Awareness

7.4 Communication
4.4 MS
7.5 Documented
information

Copyright 2015 BSI. All rights reserved.

9.3 Management
review

10 Improvement

Identical Core Text


5 Leadership
10 Improvement

6 Planning
4 Context of the
Organization

9 Performance
Evaluation

7 Support

8 Operation
Copyright 2015 BSI. All rights reserved.

4. Context of the organization


4.1 Understanding the organization and its context
Determine relevant external and internal issues that affect the
ability to achieve the intended outcome(s)

Copyright 2015 BSI. All rights reserved.

4.2 Understanding the needs and


expectations of interested parties
Interested party

Needs and expectations

Customers

Quality, price and delivery performance of products

Owners/shareholders

Sustained profitability
Transparency

People in the organization

Good work environment


Job security
Recognition and reward

Suppliers and partners

Mutual benefits and continuity

Society

Environmental protection
Ethical behavior
Compliance with statutory and regulatory requirements
Source ISO 9004

Copyright 2015 BSI. All rights reserved.

4.3 Determining the scope of the


management system

Copyright 2015 BSI. All rights reserved.

Source: ISO 9001:2015

4.4 Management system


Establish, implement, maintain, and continually improve a management
system, including the processes needed and their interactions, in
accordance with the requirements of the International Standard
A Process can be defined as a set of interrelated or interacting activities,
which transforms inputs into outputs
Source: ISO/TC 176/SC 2/N 544R3

Interrelated or interacting elements of an organization


Policies, Processes and Objectives

Copyright 2015 BSI. All rights reserved.

5. Leadership
5.1 Leadership and commitment
How top management* demonstrates leadership and commitment
with respect to the management system

Policy and objectives must be established compatible with the strategic


direction of the organization

How top management integrates the management system requirements


into your organizations business processes

Do they provide proper resources?

Communicating the importance of effective management and of


conforming to requirements
* person or group of people who directs and controls an organization (3.01) at the highest level

Copyright 2015 BSI. All rights reserved.

5.1 Leadership and commitment


How do they ensure the management system achieves its intended
outcome(s)
Top management must show how they direct and support persons
to contribute to the effectiveness of the management system
How do they promote continual improvement and support other
relevant management roles to demonstrate their leadership as it
applies to their areas of responsibility

Copyright 2015 BSI. All rights reserved.

5.2 Policy
Top management must establish a documented policy:
Appropriate to the purpose of the organization
Set objectives
Commitment to satisfy applicable requirements
Commitment to continual improvement

Copyright 2015 BSI. All rights reserved.

5.3 Organizational roles, responsibilities


and authorities
Top management must show that they ensure that the
responsibilities and authorities for relevant roles are assigned and
communicated within the organization
They must assign responsibility and authority for:
Ensuring that the management system conforms to the
requirements of the International Standard
Reporting on the performance of the management system to
top management

Copyright 2015 BSI. All rights reserved.

6. Planning
6.1 Actions to address risks and opportunities
Lets discuss objectives first!
6.2 Objectives and planning to achieve them
Establish objectives at relevant functions and levels
Consistent with policy
Measureable
Consider applicable requirements
Monitored, communicated, updated
Determine resources, responsibilities, targets and how to
evaluate results
Copyright 2015 BSI. All rights reserved.

6.1 Actions to address risks and


opportunities
Consider the issues referred to in 4.1* and the requirements referred
to in 4.2** and determine the risks and opportunities that need to be
addressed to:
Give assurance that the management system can achieve its
intended outcome(s);
prevent, or reduce, undesired effects; (mitigate)
achieve continual improvement
*4.1 Understanding the organization and its context
**4.2 Understanding the needs and expectations of interested parties
Copyright 2015 BSI. All rights reserved.

What is risk-based thinking?


Risk-based thinking is something we all do automatically and often
subconsciously
The concept of risk has always been understood in ISO 9001 and not
new to ISO 14001 this revision makes it more explicit and builds it
into the whole of the management process
Risk-based thinking should already part of the process approach
Risk-based thinking makes preventive action routine

Copyright 2015 BSI. All rights reserved.

6.1 Actions to address risks and


opportunities
The organization shall plan:
actions to address these risks and opportunities
How to:
integrate and implement the actions into its management
system processes
evaluate the effectiveness of these actions

Copyright 2015 BSI. All rights reserved.

7. Support
7.1 Resources
Provide proper resources needed
7.2 Competence
Competent on the basis of appropriate education, training,
or experience, keep records and evaluate effectiveness
7.3 Awareness
Policy, contribution and implications of not conforming
7.4 Communication
Determine relevant the internal and external
communications; what, when, who and how
Copyright 2015 BSI. All rights reserved.

7.5 Documented information


7.5.1 General
Determine required documentation
7.5.2 Creating and updating
Identification, format and review
7.5.3 Control of documented information
Available and suitable for use, where and when it is
needed;
Protected, stored, controlled, change control, retention
control
Copyright 2015 BSI. All rights reserved.

7.5 Documented Information


The organizations quality management system
shall include documented information required by
the International Standard and determined by the
organization as being necessary for the
effectiveness of the quality management system.
Documented information: Information required to
be controlled and maintained by an organization
and the medium on which it is contained.
Documented information can be in any format
and media and from any source.
Copyright 2015 BSI. All rights reserved.

Source: ISO 9001:2015

8. Operation
8.1 Operational planning and control
Plan, implement and control the processes needed to meet
requirements, and to implement the actions determined in 6.1*

*6.1 Actions to address risks and opportunities


Copyright 2015 BSI. All rights reserved.

9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
What needs to be measured, methods, when (what intervals)
and when data should be analyzed and reported
9.2 Internal audit
Conducted at planned intervals to ensure compliance with the
standard and internal requirements
9.3 Management review
Review the organization's management system, at planned
intervals, to ensure its continuing suitability, adequacy and
effectiveness
Copyright 2015 BSI. All rights reserved.

10. Improvement
10.1 Nonconformity and corrective action
React to the nonconformity and, as applicable
Take action to control it
Evaluate the need for action to eliminate the causes
in order that it does not recur or occur elsewhere
Retain documented evidence
10.2 Continual improvement
Continually improve the suitability, adequacy, and
effectiveness of the management system.
Copyright 2015 BSI. All rights reserved.

ISO 9001: 2015

Understanding the Revision

Copyright 2015 BSI. All rights reserved.

19/10/2015

What is the aim of ISO 9001?

Increase customer satisfaction through


improved operational consistency and
continual improvement.

Copyright 2015 BSI. All rights reserved.

ISO 9001: Evolution


1979

1987

1994

2000

2008

2015

BS 5750:1979
ISO adopts BS 5750 as the basis for ISO standard
ISO 9001:1987
ISO 9001:1994 Minor updates only
ISO 9001:2000 Major update to introduce process approach
ISO 9001:2008 Minor updates only
ISO 9001:2015 Major update
1,138,155 Companies Certified ISO 2014 Survey
Copyright 2015 BSI. All rights reserved.

So, whats new?


Leadership

Greater emphasis for senior managers to be involved


in the management system

Risk

Risk-based thinking incorporated into requirements

Context of Organization

Relevant needs of interested parties is emphasized

Quality Importance

Ensure quality management is now integrated and


aligned with the strategic direction of the
organization

Process Approach

Adoption of a process approach

Documented Information
Control of changes
Copyright 2015 BSI. All rights reserved.

More flexible approach

19/10/2015

Review and control changes for production or service

Quality Management Principles


Was 8:

Now 7:

Customer focus

Customer focus

Leadership

Leadership

Involvement of people

Engagement of people

Process approach

Process approach

System approach to management

(Included in the process approach)

Continual improvement

Improvement

Factual approach to decision making

Evidence based decision making

Mutually beneficial supplier relationships

Relationship management

Copyright 2015 BSI. All rights reserved.

Major differences in terminology between


ISO 9001:2008 and ISO 9001:2015
ISO 9001:2008

ISO 9001:2015

Products

Products and Services

Exclusions

Not used
(See Clause A.5 for clarification of
applicability)

Management Representative

Not used

Documentation, quality manual, documented


procedures, records

Documented Information

Work environment

Environment for the operation of processes

Monitoring and measuring equipment

Monitoring and measuring resources

Purchased product

Externally provided products and services

Supplier

Copyright 2015 BSI. All rights reserved.

19/10/2015

External Provider

Changes from FDIS

5.2.1 Developing the quality policy

8.2.2 Determination of requirements related to


products and services

8.2.3 Review of requirements related to the


products and services

Copyright 2015 BSI. All rights reserved.

Change

Establishing the Quality Policy


replaces Developing the quality
Policy

Change

Title changed to Determining the


requirements for products and
services

Change

Title changed to Review the


requirements for products and
services

PLAN

Copyright 2015 BSI. All rights reserved.

DO

CHECK ACT

Benefits
Benefits

of Certification

ISO 9001

Copyright 2015 BSI. All rights reserved.

Leadership and effecting


culture change

Copyright 2015 BSI. All rights reserved.

19/10/2015

Clause 5 Defines Leadership


Set policy and objectives and strategic
direction
Policy is communicated, understood and
applied within the organization
Integration of the management systems
requirements into the organizations
business processes and promoting the
process approach
Provide resources needed for the
management system are available
Ensure management system achieves its
intended results
Take accountability of the effectiveness of
the management system
Copyright 2015 BSI. All rights reserved.

19/10/2015

Communicate the importance of an


effective management system and of
conforming to the management
system requirements
Engage, direct and support persons to
contribute to the effectiveness of the
management system
Promote continual improvement
Support other relevant management
roles to demonstrate their leadership
as it applies to their areas of
responsibility.

Leadership and effecting culture change


Leadership, the ability to motivate groups of people towards a
common goal, is an important skill in todays business world. Without
strong leadership, many otherwise promising businesses fail.

Copyright 2015 BSI. All rights reserved.

19/10/2015

The Difference Between Leadership and


Management
Management is mostly about processes. Leadership is
mostly about behavior
Leadership relies on less tangible and less measurable
things like trust, inspiration, attitude, decision-making, and
personal character. These are all necessary to motivate an
organization to achieve its management systems objectives

Copyright 2015 BSI. All rights reserved.

19/10/2015

Top Management According to ISO


Top management is the person or group of people who directs
and controls an organization at the highest level. Top
management has the power to delegate authority and provide
resources within the organization. If the scope of the
management system covers only part of an organization, then
top management refers to those who direct and control that
part of the organization.

Copyright 2015 BSI. All rights reserved.

Leadership and Policy


Leadership needs to establish, review and maintain a policy, but also
needs to ensure that it is applied within the organization.

Copyright 2015 BSI. All rights reserved.

Roles and Responsibilities


Leadership needs to ensure that responsibilities and authorities for
relevant roles are assigned, communicated and understood within
the organization.

Copyright 2015 BSI. All rights reserved.

Organizational Change
Leaders need to ensure the integrity of the management system
is maintained when changes are planned and implemented.
Some of these tasks will be delegated, but it is the managements
responsibility to ensure they are planned, implemented and
achieved.

Copyright 2015 BSI. All rights reserved.

Breakout session
Leadership and
Planning and Risk
Based Thinking

Copyright 2015 BSI. All rights reserved.

Leadership and Planning


Implement the new requirements on Leadership and Planning
Pick an industry from your team
Define organizational objectives and plans to achieve them
referencing 6.2
Must be measurable
How will they be evaluated
Define resources needed

Copyright 2015 BSI. All rights reserved.

19/10/2015

Clause 5 Defines Leadership


Set policy and objectives and strategic
direction
Policy is communicated, understood and
applied within the organization
Integration of the management systems
requirements into the organizations
business processes and promoting the
process approach
Provide resources needed for the
management system are available
Ensure management system achieves its
intended results
Take accountability of the effectiveness
of the management system
Copyright 2015 BSI. All rights reserved.

19/10/2015

Communicate the importance of an


effective management system and of
conforming to the management system
requirements
Engage, direct and support persons to
contribute to the effectiveness of the
management system
Promote continual improvement
Support other relevant management
roles to demonstrate their leadership as
it applies to their areas of responsibility.

6. Planning
6.1 Actions to address risks and opportunities
Lets discuss objectives first!
6.2 Objectives and planning to achieve them
Establish objectives at relevant functions and levels
Consistent with policy
Measureable
Consider applicable requirements
Monitored, communicated, updated
Determine resources, responsibilities, targets and how to
evaluate results
Copyright 2015 BSI. All rights reserved.

Risk and Planning


Implement the new requirements on Risk and Planning
Determine external and internal issues that are relevant to
your purpose and its strategic direction and that affect your
ability to achieve the intended result(s) (Objectives) of
your management system. (4.1)
Apply risk based thinking to meet requirements under
section 6.1 Actions to address risks and opportunities
Pick Team Spokesperson
Present findings

Copyright 2015 BSI. All rights reserved.

19/10/2015

6.1 Actions to address risks and


opportunities
Consider the issues referred to in 4.1* and the requirements referred to
in 4.2** and determine the risks and opportunities that need to be
addressed (6.1)to:
give assurance that the management system can achieve its
intended result(s);
prevent, or reduce, undesired effects; (mitigate)
achieve continual improvement
*4.1 Understanding the organization and its context
**4.2 Understanding the needs and expectations of interested parties
Copyright 2015 BSI. All rights reserved.

6.1 Actions to address risks and


opportunities
The organization shall plan:
actions to address these risks and opportunities
How to:
integrate and implement the actions into its management system
processes
evaluate the effectiveness of these actions

Copyright 2015 BSI. All rights reserved.

Likelihood : 1 - 5 (where 1 is highly unlikely and 5 is definite)


Impact : 1 - 5 (where 1 is minimal and 5 is business closure)
Risk Rating = Likelihood X Impact

Risk

Total
Likelihood Impact

Copyright 2015 BSI. All rights reserved.

19/10/2015

Risk Rating

Mitigating Controls

Additional Controls implemented

Owner

Final Risk Rating

Conclusions
Feedback

Copyright 2015 BSI. All rights reserved.

What are the main changes that may


affect you?

The increased role that leadership must play

Decrease in the amount of documentation needed

Risk management processes may need to be developed to determine the level


and extent of control for internal and external (supply-chain) processes and
services, if not already in place.

Auditors and stakeholders will need to become familiar with the revised
standards and so training may need to be considered

No Longer a requirement for a Quality Manual

No Longer a requirement for a Management Representative

Change management
Copyright 2015 BSI. All rights reserved.

Benefits
Bringing Quality into the heart of our business
Quality management will be integrated and aligned with our business strategies
which will improve performance and drive real value
Introduction of Risk & Opportunity Management
Will help identify and manage risk more effectively and opportunities that
contribute to bottom line improvements
An Integrated Approach
It will be easier to implement more than one management system providing a
more holistic view leading to cost savings
Leadership
Greater involvement by our leadership team will ensure that well all be
motivated towards the organizations goals and objectives
Copyright 2015 BSI. All rights reserved.

Buy the standard


ISO 9001:2015 & ISO 14001:2015 is available from your national standards body
Associated standards could be useful
ISO 9000 Quality Management Systems Fundamentals and
Vocabulary
ISO 9004 Managing for the sustained success of an organization
ISO 10001 Quality management customer satisfaction
guidelines for codes of conduct
ISO 31000 Risk management principles and guidelines

Copyright 2015 BSI. All rights reserved.

19/10/2015

Training
Start your training as soon as possible
This will help embed the knowledge
Senior
management
briefing

Transition
training

Implementing
training

Auditor training

Deep dive
training

Risk Based
Thinking

Annex SL

Copyright 2015 BSI. All rights reserved.

Transition
Course

Lead Auditor

19/10/2015
19/10/2015

What you need to do


Set up a project team to manage the changes
Communicate the project across the whole organization
Create an implementation plan and monitor progress
Take a fresh look at your QMS/EMS
Highlight the changes as opportunities for improvement
Make changes to your documentation to reflect the new structure (as necessary)
Implement the new requirements on leadership, risk and context of the organization
Review the effectiveness of your current control set
Carry out an impact assessment
Copyright 2015 BSI. All rights reserved.

08/12/2015

Thank You!

Address:

BSI Group America Inc.


12950 Worldgate Drive, Suite 800
Herndon, VA 20170

Email John DiMaria john.dimaria@bsigroup.com


Main Office
Telephone:
Fax:

Copyright 2014 BSI. All rights reserved.

1-800-862-4977
703-437-9001

Email:

Inquiry.msamericas@bsigroup.com

Links:

http://www.bsiamerica.com