Implemting IS09001-2015

Implementing ISO9001:2015
John DiMaria; CSSBB, HISP, MHISP, AMBCI

Sr. Product Manager, Systems Certification - Americas
Copyright 2015 BSI. All rights reserved.
Understanding the New Direction of Standards

Navigating the ten clauses Annex SL/Directive 1
Key changes that are expected for ISO 9001
Breakout sessions I Leadership and Planning
Breakout sessions II Risk and Planning
Discussion and closing
Understanding the New

Direction of Standards
Navigating the ten clauses Annex SL
The New High Level Structure (HLS)
19/10/2015
Reasons For The Changes

Easier integration of multiple standards, using a common
foundation and common language
Increase involvement of Top Management
Decrease the emphasis on Documentation
Increase the emphasis on Achieving Value for the Organization
and its customers
Increase emphasis on Risk Management to achieve objectives
Annex SL
ISO 14001
Environmental
management system
ISO 9001
ISO/IEC 27001
Quality management
system
Information security
Annex SL
ISO 45001
TS 16949
Health & safety
Automotive
ISO 22301
Business continuity
management
ANNEX SL (HLS)
Annex SL
high level structure,
identical core text,
common terms and core definitions.
Annex SL
High level structure, identical core text, common terms and core definitions
ISMS specific
requirements
EMS specific
requirements
QMS specific
requirements
BCMS specific
requirements
Ten clauses of the new Annex SL

Directive 1 for ISO Management Systems
Annex SL describes the framework for a generic management
system. However, it requires the addition of discipline-specific
requirements to make a fully functional quality, environmental,
service management, food safety, business continuity, information
security and energy management system standard
ISO/IEC Directives, Part 1, Consolidated ISO Supplement, 2014
High level structure, identical core text, common terms and core
definitions 10 Main Clauses
19/10/2015
Directive 1 10 Clauses
1. Scope
6. Planning
2. Normative references
7. Support
3. Terms and definitions
8. Operation
4. Context of the organization
9. Performance evaluation
5. Leadership
10. Improvement
Implement Once, Comply Many

19/10/2015
High Level Structure

4 Context of
organization
5 Leadership
6 Planning
7 Support
8 Operation
9 Performance and
Evaluation
4.1
Understanding
context
5.1 Leadership
and commitment
(MS)
6.1 Actions to
address risk and
opportunity
7.1 Resources
8.1 Operational
planning and control
9.1 Monitoring,
measurement,
analysis and
evaluation
10.1 Nonconformity
and corrective
action
4.2 Interested
parties
5.2 Policy
6.2 Objectives
and planning
9.2 Internal
audit
10.2 Continual
improvement
4.3 Scope
5.3 Roles,
responsibilities
and authorities
7.2 Competence
7.3 Awareness
7.4 Communication
4.4 MS
7.5 Documented
information
9.3 Management
review
10 Improvement
Identical Core Text

5 Leadership
10 Improvement
6 Planning
4 Context of the
Organization
9 Performance
Evaluation
7 Support
8 Operation
4. Context of the organization

4.1 Understanding the organization and its context
Determine relevant external and internal issues that affect the
ability to achieve the intended outcome(s)
4.2 Understanding the needs and

expectations of interested parties
Interested party
Needs and expectations
Customers
Quality, price and delivery performance of products
Owners/shareholders
Sustained profitability
Transparency
People in the organization
Good work environment

Job security
Recognition and reward
Suppliers and partners
Mutual benefits and continuity
Society
Environmental protection
Ethical behavior
Compliance with statutory and regulatory requirements
Source ISO 9004
4.3 Determining the scope of the

management system
Source: ISO 9001:2015
4.4 Management system

Establish, implement, maintain, and continually improve a management
system, including the processes needed and their interactions, in
accordance with the requirements of the International Standard
A Process can be defined as a set of interrelated or interacting activities,
which transforms inputs into outputs
Source: ISO/TC 176/SC 2/N 544R3
Interrelated or interacting elements of an organization

Policies, Processes and Objectives
5. Leadership
5.1 Leadership and commitment
How top management* demonstrates leadership and commitment
with respect to the management system
Policy and objectives must be established compatible with the strategic

direction of the organization
How top management integrates the management system requirements

into your organizations business processes
Do they provide proper resources?
Communicating the importance of effective management and of

conforming to requirements
* person or group of people who directs and controls an organization (3.01) at the highest level
5.1 Leadership and commitment

How do they ensure the management system achieves its intended
outcome(s)
Top management must show how they direct and support persons
to contribute to the effectiveness of the management system
How do they promote continual improvement and support other
relevant management roles to demonstrate their leadership as it
applies to their areas of responsibility
5.2 Policy
Top management must establish a documented policy:
Appropriate to the purpose of the organization
Set objectives
Commitment to satisfy applicable requirements
Commitment to continual improvement
5.3 Organizational roles, responsibilities

and authorities
Top management must show that they ensure that the
responsibilities and authorities for relevant roles are assigned and
communicated within the organization
They must assign responsibility and authority for:
Ensuring that the management system conforms to the
requirements of the International Standard
Reporting on the performance of the management system to
top management
6. Planning
6.1 Actions to address risks and opportunities
Lets discuss objectives first!
6.2 Objectives and planning to achieve them
Establish objectives at relevant functions and levels
Consistent with policy
Measureable
Consider applicable requirements
Monitored, communicated, updated
Determine resources, responsibilities, targets and how to
evaluate results
6.1 Actions to address risks and

opportunities
Consider the issues referred to in 4.1* and the requirements referred
to in 4.2** and determine the risks and opportunities that need to be
addressed to:
Give assurance that the management system can achieve its
intended outcome(s);
prevent, or reduce, undesired effects; (mitigate)
achieve continual improvement
*4.1 Understanding the organization and its context
**4.2 Understanding the needs and expectations of interested parties
What is risk-based thinking?

Risk-based thinking is something we all do automatically and often
subconsciously
The concept of risk has always been understood in ISO 9001 and not
new to ISO 14001 this revision makes it more explicit and builds it
into the whole of the management process
Risk-based thinking should already part of the process approach
Risk-based thinking makes preventive action routine

opportunities
The organization shall plan:
actions to address these risks and opportunities
How to:
integrate and implement the actions into its management
system processes
evaluate the effectiveness of these actions
7. Support
7.1 Resources
Provide proper resources needed
7.2 Competence
Competent on the basis of appropriate education, training,
or experience, keep records and evaluate effectiveness
7.3 Awareness
Policy, contribution and implications of not conforming
7.4 Communication
Determine relevant the internal and external
communications; what, when, who and how
7.5 Documented information

7.5.1 General
Determine required documentation
7.5.2 Creating and updating
Identification, format and review
7.5.3 Control of documented information
Available and suitable for use, where and when it is
needed;
Protected, stored, controlled, change control, retention
control
7.5 Documented Information

The organizations quality management system
shall include documented information required by
the International Standard and determined by the
organization as being necessary for the
effectiveness of the quality management system.
Documented information: Information required to
be controlled and maintained by an organization
and the medium on which it is contained.
Documented information can be in any format
and media and from any source.
Source: ISO 9001:2015
8. Operation
8.1 Operational planning and control
Plan, implement and control the processes needed to meet
requirements, and to implement the actions determined in 6.1*
*6.1 Actions to address risks and opportunities

9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
What needs to be measured, methods, when (what intervals)
and when data should be analyzed and reported
9.2 Internal audit
Conducted at planned intervals to ensure compliance with the
standard and internal requirements
9.3 Management review
Review the organization's management system, at planned
intervals, to ensure its continuing suitability, adequacy and
effectiveness
10. Improvement
10.1 Nonconformity and corrective action
React to the nonconformity and, as applicable
Take action to control it
Evaluate the need for action to eliminate the causes
in order that it does not recur or occur elsewhere
Retain documented evidence
10.2 Continual improvement
Continually improve the suitability, adequacy, and
effectiveness of the management system.
ISO 9001: 2015
Understanding the Revision
19/10/2015
What is the aim of ISO 9001?
Increase customer satisfaction through

improved operational consistency and
continual improvement.
ISO 9001: Evolution

1979
1987
1994
2000
2008
2015
BS 5750:1979
ISO adopts BS 5750 as the basis for ISO standard
ISO 9001:1987
ISO 9001:1994 Minor updates only
ISO 9001:2000 Major update to introduce process approach
ISO 9001:2008 Minor updates only
ISO 9001:2015 Major update
1,138,155 Companies Certified ISO 2014 Survey
So, whats new?

Leadership
Greater emphasis for senior managers to be involved

in the management system
Risk
Risk-based thinking incorporated into requirements
Context of Organization
Relevant needs of interested parties is emphasized
Quality Importance
Ensure quality management is now integrated and

aligned with the strategic direction of the
organization
Process Approach
Adoption of a process approach
Documented Information
Control of changes
More flexible approach
19/10/2015
Review and control changes for production or service
Quality Management Principles

Was 8:
Now 7:
Customer focus
Customer focus
Leadership
Leadership
Involvement of people
Engagement of people
Process approach
Process approach
System approach to management
(Included in the process approach)
Continual improvement
Improvement
Factual approach to decision making
Evidence based decision making
Mutually beneficial supplier relationships
Relationship management
Major differences in terminology between

ISO 9001:2008 and ISO 9001:2015
ISO 9001:2008
ISO 9001:2015
Products
Products and Services
Exclusions
Not used
(See Clause A.5 for clarification of
applicability)
Management Representative
Not used
Documentation, quality manual, documented

procedures, records
Documented Information
Work environment
Environment for the operation of processes
Monitoring and measuring equipment
Monitoring and measuring resources
Purchased product
Externally provided products and services
Supplier
19/10/2015
External Provider
Changes from FDIS
5.2.1 Developing the quality policy
8.2.2 Determination of requirements related to

products and services
8.2.3 Review of requirements related to the

products and services
Change
Establishing the Quality Policy

replaces Developing the quality
Policy
Change
Title changed to Determining the

requirements for products and
services
Change
Title changed to Review the

requirements for products and
services
PLAN
DO
CHECK ACT
Benefits
Benefits
of Certification
ISO 9001
Leadership and effecting

culture change
19/10/2015
Clause 5 Defines Leadership

Set policy and objectives and strategic
direction
Policy is communicated, understood and
applied within the organization
Integration of the management systems
requirements into the organizations
business processes and promoting the
process approach
Provide resources needed for the
management system are available
Ensure management system achieves its
intended results
Take accountability of the effectiveness of
the management system
19/10/2015
Communicate the importance of an

effective management system and of
conforming to the management
system requirements
Engage, direct and support persons to
contribute to the effectiveness of the
management system
Promote continual improvement
Support other relevant management
roles to demonstrate their leadership
as it applies to their areas of
responsibility.
Leadership and effecting culture change

Leadership, the ability to motivate groups of people towards a
common goal, is an important skill in todays business world. Without
strong leadership, many otherwise promising businesses fail.
19/10/2015
The Difference Between Leadership and

Management
Management is mostly about processes. Leadership is
mostly about behavior
Leadership relies on less tangible and less measurable
things like trust, inspiration, attitude, decision-making, and
personal character. These are all necessary to motivate an
organization to achieve its management systems objectives
19/10/2015
Top Management According to ISO

Top management is the person or group of people who directs
and controls an organization at the highest level. Top
management has the power to delegate authority and provide
resources within the organization. If the scope of the
management system covers only part of an organization, then
top management refers to those who direct and control that
part of the organization.
Leadership and Policy

Leadership needs to establish, review and maintain a policy, but also
needs to ensure that it is applied within the organization.
Roles and Responsibilities

Leadership needs to ensure that responsibilities and authorities for
relevant roles are assigned, communicated and understood within
the organization.
Organizational Change
Leaders need to ensure the integrity of the management system
is maintained when changes are planned and implemented.
Some of these tasks will be delegated, but it is the managements
responsibility to ensure they are planned, implemented and
achieved.
Breakout session
Leadership and
Planning and Risk
Based Thinking
Leadership and Planning

Implement the new requirements on Leadership and Planning
Pick an industry from your team
Define organizational objectives and plans to achieve them
referencing 6.2
Must be measurable
How will they be evaluated
Define resources needed
19/10/2015
Clause 5 Defines Leadership

Set policy and objectives and strategic
direction
Policy is communicated, understood and
applied within the organization
Integration of the management systems
requirements into the organizations
business processes and promoting the
process approach
Provide resources needed for the
management system are available
Ensure management system achieves its
intended results
Take accountability of the effectiveness
of the management system
19/10/2015
Communicate the importance of an

effective management system and of
conforming to the management system
requirements
Engage, direct and support persons to
contribute to the effectiveness of the
management system
Promote continual improvement
Support other relevant management
roles to demonstrate their leadership as
it applies to their areas of responsibility.
6. Planning
6.1 Actions to address risks and opportunities
Lets discuss objectives first!
6.2 Objectives and planning to achieve them
Establish objectives at relevant functions and levels
Consistent with policy
Measureable
Consider applicable requirements
Monitored, communicated, updated
Determine resources, responsibilities, targets and how to
evaluate results
Risk and Planning

Implement the new requirements on Risk and Planning
Determine external and internal issues that are relevant to
your purpose and its strategic direction and that affect your
ability to achieve the intended result(s) (Objectives) of
your management system. (4.1)
Apply risk based thinking to meet requirements under
section 6.1 Actions to address risks and opportunities
Pick Team Spokesperson
Present findings
19/10/2015

opportunities
Consider the issues referred to in 4.1* and the requirements referred to
in 4.2** and determine the risks and opportunities that need to be
addressed (6.1)to:
give assurance that the management system can achieve its
intended result(s);
prevent, or reduce, undesired effects; (mitigate)
achieve continual improvement
*4.1 Understanding the organization and its context
**4.2 Understanding the needs and expectations of interested parties

opportunities
The organization shall plan:
actions to address these risks and opportunities
How to:
integrate and implement the actions into its management system
processes
evaluate the effectiveness of these actions
Likelihood : 1 - 5 (where 1 is highly unlikely and 5 is definite)

Impact : 1 - 5 (where 1 is minimal and 5 is business closure)
Risk Rating = Likelihood X Impact
Risk
Total
Likelihood Impact
19/10/2015
Risk Rating
Mitigating Controls
Additional Controls implemented
Owner
Final Risk Rating
Conclusions
Feedback
What are the main changes that may

affect you?
The increased role that leadership must play
Decrease in the amount of documentation needed
Risk management processes may need to be developed to determine the level

and extent of control for internal and external (supply-chain) processes and
services, if not already in place.
Auditors and stakeholders will need to become familiar with the revised
standards and so training may need to be considered
No Longer a requirement for a Quality Manual
No Longer a requirement for a Management Representative
Change management
Benefits
Bringing Quality into the heart of our business
Quality management will be integrated and aligned with our business strategies
which will improve performance and drive real value
Introduction of Risk & Opportunity Management
Will help identify and manage risk more effectively and opportunities that
contribute to bottom line improvements
An Integrated Approach
It will be easier to implement more than one management system providing a
more holistic view leading to cost savings
Leadership
Greater involvement by our leadership team will ensure that well all be
motivated towards the organizations goals and objectives
Buy the standard

ISO 9001:2015 & ISO 14001:2015 is available from your national standards body
Associated standards could be useful
ISO 9000 Quality Management Systems Fundamentals and
Vocabulary
ISO 9004 Managing for the sustained success of an organization
ISO 10001 Quality management customer satisfaction
guidelines for codes of conduct
ISO 31000 Risk management principles and guidelines
19/10/2015
Training
Start your training as soon as possible
This will help embed the knowledge
Senior
management
briefing
Transition
training
Implementing
training
Auditor training
Deep dive
training
Risk Based
Thinking
Annex SL
Transition
Course
Lead Auditor
19/10/2015
19/10/2015
What you need to do

Set up a project team to manage the changes
Communicate the project across the whole organization
Create an implementation plan and monitor progress
Take a fresh look at your QMS/EMS
Highlight the changes as opportunities for improvement
Make changes to your documentation to reflect the new structure (as necessary)
Implement the new requirements on leadership, risk and context of the organization
Review the effectiveness of your current control set
Carry out an impact assessment
08/12/2015
Thank You!
Address:
BSI Group America Inc.

12950 Worldgate Drive, Suite 800
Herndon, VA 20170
Email John DiMaria john.dimaria@bsigroup.com

Main Office
Telephone:
Fax:
1-800-862-4977
703-437-9001
Email:
Inquiry.msamericas@bsigroup.com
Links:
http://www.bsiamerica.com

Implemting IS09001-2015

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Implemting IS09001-2015

Uploaded by

Copyright:

Available Formats

Implementing ISO9001:2015

John DiMaria; CSSBB, HISP, MHISP, AMBCI

Copyright 2015 BSI. All rights reserved.

Understanding the New Direction of Standards

Copyright 2015 BSI. All rights reserved.

Understanding the New

Copyright 2015 BSI. All rights reserved.

Reasons For The Changes

Health & safety

Copyright 2015 BSI. All rights reserved.

Copyright 2015 BSI. All rights reserved.

Ten clauses of the new Annex SL

3. Terms and definitions

4. Context of the organization

Implement Once, Comply Many

High Level Structure

Copyright 2015 BSI. All rights reserved.

Identical Core Text

4. Context of the organization

Copyright 2015 BSI. All rights reserved.

4.2 Understanding the needs and

Needs and expectations

Quality, price and delivery performance of products

People in the organization

Good work environment

Suppliers and partners

Mutual benefits and continuity

Copyright 2015 BSI. All rights reserved.

4.3 Determining the scope of the

Copyright 2015 BSI. All rights reserved.

Source: ISO 9001:2015

4.4 Management system

Interrelated or interacting elements of an organization

Copyright 2015 BSI. All rights reserved.

Policy and objectives must be established compatible with the strategic

How top management integrates the management system requirements

Do they provide proper resources?

Communicating the importance of effective management and of

Copyright 2015 BSI. All rights reserved.

5.1 Leadership and commitment

Copyright 2015 BSI. All rights reserved.

Copyright 2015 BSI. All rights reserved.

5.3 Organizational roles, responsibilities

Copyright 2015 BSI. All rights reserved.

6.1 Actions to address risks and

What is risk-based thinking?

Copyright 2015 BSI. All rights reserved.

6.1 Actions to address risks and

Copyright 2015 BSI. All rights reserved.

7.5 Documented information

7.5 Documented Information

Source: ISO 9001:2015

*6.1 Actions to address risks and opportunities

ISO 9001: 2015

Understanding the Revision

Copyright 2015 BSI. All rights reserved.

What is the aim of ISO 9001?

Increase customer satisfaction through

Copyright 2015 BSI. All rights reserved.

ISO 9001: Evolution

So, whats new?

Greater emphasis for senior managers to be involved

Risk-based thinking incorporated into requirements

Relevant needs of interested parties is emphasized