Element 4.0 - The (Swot) Matrix

Element 4.
0 The (swot) Matrix

Element 4.0 (continued) Ive had a lot of questions/comments about my last
Newsletter (ISO 9001:2015 Newsletter Issue 3) where I discussed Strategic Planning
and SWOT Analysis. Since I like to be practical when dealing with ISO, I wanted to
share with you a useful tool that I discovered many years ago called The (swot) Matrix
actually its just called a SWOT Matrix but I needed to get your attention. I have used
this tool in every one of my Strategic Planning sessions to date and it always gets
everyone around the table to participate and keeps them engaged. Ive also used this
tool with a company with only 3 people and one with over 500 people (and even with
just a single department within a larger organization). My point is that this tool has a lot
of flexibility and generates some great outcomes, not the least of which is alignment
amongst a group of people on what their business priorities are.
Oh, one more thing this tool is just another way to easily address all of the ISO
9001:2015 requirements within Clauses 4.1 Understanding the Organization and its
Context; 4.2 Understanding the Needs and Expectations of Interested Parties; and
most definitely Clause 6.1 Actions to address risks and opportunities.
So lets get to it below is the Template version of this tool

(Feel free to download it just click on the image and a dialogue box should open up in
order to save this as a MS Word file)
NOTE: I plan to pull together an actual example of a SWOT Matrix filled out, based on a
sampling from my Client sessions over the years. I hope to have this done for the next
Newsletter issue (in a few weeks time) so stay tuned for thatdownloadable example to
go along with this template.
So how does The (swot) Matrix work?

Well first of all, SWOT stands for Strengths Weaknesses Opportunities Threats,
and as a business analysis tool it has been around for a long, long time. The power of
using a matrix approach when performing a SWOT Analysis is that it turns this activity
into a series of actions (or strategies) that companies can adopt. How does it do this?
well it takes the four (4) simple lists of brainstormed items (S-W-O-T) and asks the
group to connect any dots they see. The group by the way is whoever is trying to lead
the company forward into the future. Each quadrant of the SWOT Matrix represents the
results from looking at only two (2) of these simple lists to uncover potential actions
(strategies) that the business could take.
Note the use of the word Top for each of these lists, i.e. Top Strengths, Top
Weaknesses, etc. Its critical that you filter out the top 5 most important items to
consider on each of these four (4) lists, otherwise this session would take days to
accomplish. By the way, dont underestimate the amount of time it does take to get
agreement on what is considered Top in your organization it certainly generates
some lively discussions, which are important to have, but lively none the less. As I said
earlier, the strength of this tool is that it walks a group of people through a structured
thinking process, and ends with them all reading from the same page.
Each quadrant of the SWOT Matrix poses a different question to the group. The intent
of the upper left quadrant (Strengths-Opportunities) is to review the Top Strengths
alongside the Top Opportunities and debate potential strategies that could be employed
to take advantage of an important opportunity that is presenting itself today, using a key
strength that you have. You will see that the top two quadrants represent offensive
Strategies while the lower two quadrants represent defensive Strategies, which you
want to keep balanced.
Keep in mind that the Template shows ten (10) potential Strategies, the key word here
being potential for this exercise, my experience has shown that less is better since
trying to keep 10 plates spinning (10 strategies) can overwhelm a Management Team.
Also note that each Strategy has a place in one of the quadrants and is not
sitting outside the SWOT Matrix. This is another important feature of this tool in that it
ensures that there are no rogue Strategies being pursued by well meaning
Managers. Each Strategy must address at least one pair of Top S-W-O-Ts, otherwise it
is not an action that the company should waste resources on.
This SWOT Matrix tool/approach lies somewhere between the extremes of
implementing a full fledged formal strategic planning process at one end of the
spectrum, to using a simple/informal/reactive method for setting company direction, at
the other end. The first year using this tool is usually the most challenging, with
subsequent years simply updating it to reflect the current reality, and either re-confirming
the previous years Strategies and/or establishing new ones.
As I said above, make sure to watch for our next Newsletter issue where you can obtain
an example of a completed SWOT Matrix
PS: Dont forget to look at the Q&A section below for some final thoughts
To sign up for our Newsletters click here
Q: How can I get my Managers interested in doing strategic planning?
A: I suppose that depends on how your Management Team currently performs business
planning each year. If they do something in this regard then ask them if they do the
traditional SWOT Analysis. If they do, then show them the SWOT Matrix tool and
explain it to them in 2 minutes or less. As a business tool, its fairly self-evident how it
works and what it can achieve. Either way, suggest that they try it out at their next
annual planning session. If they dont do anything, then forward my Newsletter to
them and follow-up a few days later to answer any questions they might have, and
suggest that it could be a way to re-energize the current way they perform Management
Review meetings once a year. If youre not sure, or if your Management Team has
questions you cant answer, then feel free to contact me and Ill see if I can help.
ISO 9001:2015 Element 4.0 Context of

the Organization
Whats new in Element 4.0? As I mentioned in my last Newsletter (ISO 9001:2015
Newsletter Issue 2), the current FDIS (Final Draft International Standard) version of the
Standard will very likely remain unchanged when the official edition is published (late
September). With that in mind, I wanted to get started on analyzing it, section by
section, so that you are able to start thinking about how you can begin your journey of
upgrading your QMS (Quality Management System) to this revised Standard. My plan
is to make a first pass by circling the Standard at a high level so that we gain an overall
perspective before getting overwhelmed in all of the details. On that note, the next few
Newsletters will cover each of the ISO 9001 Elements (see below), and once completed,
I will circle back and dive into Clause 4.1 more thoroughly.
The new Clause numbering
Section 4 Context of the organization
Section 5 Leadership
Section 6 Planning
Section 7 Support
Section 8 Operation
Section 9 Performance evaluation
Section 10 Improvement
Element 4.0 Context of the Organization consists of four (4) Clauses as listed below:
4.1 Understanding the Organization and its Context
4.2 Understanding the Needs and Expectations of Interested Parties
4.3 Determining the Scope of the Quality Management System (QMS)
4.4 Quality Management System and its Processes
What does Context mean?

The old version of the Standard (ISO 9001:2008) simply jumped right in without
spending much time trying to set the stage for all of the QMS details that would follow.
This revised edition steps back and begins by putting things into perspective (context)
for you, hence the title of this Element. You may have heard someone in the past use
the phrase let me put this into context for you while telling a story because without
some background information then the details lose some of their meaning and
importance. NOTE: Keep in mind that it is explicitly stated within the Standard that it is
entirely up to you to decide what context means for your organization. so remember
that if Auditors from the ISO Certification Bodies begin to make speeches about
what THEY think context means for your company.
ISO 9001 and Business/Strategic Planning

Business or Strategic Planning always had a home in Management Responsibility of
the old version of the Standard, specifically within the Quality Objectives section. In this
newly revised ISO 9001:2015, business or strategic planning (which typically includes a
SWOT Analysis Strength, Weaknesses, Opportunities, Threats) covers the majority of
what Clause 4.1 is asking for, and handles Element 6.0 (Planning) as well. But what if
your organization doesnt do formal business or strategic planning? Well, here you
have a couple of choices, convince your management team to start doing it or find
another way to comply. Just so we are clear, I am a big believer in Strategic Planning
(or Business Road-Mapping) because I have seen first-hand how companies were able
to successfully navigate and grow, in a field full of competitors, by getting their Team to
all row in the same direction (i.e. getting alignment and clarity on goals for the business)
pretty powerful tool from the results Ive seen.
An alternative approach for addressing context

Clause 4.1 Understanding the Organization and its Context: Since many of you will
need another option for handling context, I am going to suggest you consider using an
alternative approach. First of all, this alternative approach assumes that you will not
scrap your current Quality Manual (even though it is no longer an ISO requirement).
Secondly, you need to be prepared to re-write a portion of your Quality Manual so that it
includes a Business/Strategic Planning section that essentially outlines your business
planning activities, looking at internal and external issues, and including a simplified
SWOT analysis. This may seem overwhelming but when I cover Clause 4.1 in more
detail (in a future Newsletter) I will provide you with more information on how to handle
this. A draft of this new Quality Manual section can be prepared in advance of a
Management Team meeting where it can be used to do some training with the Team
as well as to finalize/approve this important section. Thirdly, youll need to re-visit this
new Quality Manual section at least once a year (perhaps at a Management Review
Meeting?), so that the information regarding context can be updated, or re-confirmed
as is.
There can obviously be many other approaches that will work, since every company is
unique, with each performing various degrees of formal strategic planning. So as
always, how you address context depends very much on how your current planning
process works (or doesnt).
What else is needed for this Element?

Clause 4.2 Understanding the Needs and Expectations of Interested
Parties: Once youve addressed context then you can identify those interested
parties that are relevant to your business, and what their requirements are. Again, if
your organization doesnt do formal business planning then the alternative is to handle
this topic in that same new section of your Quality Manual that I mentioned above. I see
this as a table listing these interested parties, with Customers being at the top of this list.
Once again, this can be drafted up in advance, reviewed by the Management Team,
finalized/approved and then re-visited by them once a year to keep this list up to date.
Clause 4.3 Determining the Scope of the QMS: Determining Scope should be a
natural next step after handling the previous two Clauses. Nothing much has changed
with the exception that Not Applicables need to be defined here and you are now
allowed to take an N/A from any section of the Standard (as opposed to being restricted
in the past). However, before you get too excited, the wording in Clause 4.3 basically
says that if it affects the Customer then you cant take an N/A on it, period. Im actually
a bit surprised that this change has not caused more discussion in blogs and internet
forums since essentially the last paragraph of this Clause, along with the use of the term
products and services throughout the Standard, implies that almost every
organization will now need to address Design activities (at least for services) within
their QMS.
Clause 4.4 QMS and its Processes: Needless to say, all of the preceding Clauses
need to be finalized in order to address the requirements within this one, which is for the
most part a repeat of the 2008 version but with much more prescriptive wording. For
instance, some of the requirements within this Clause include determining inputs &
outputs for each process, addressing risk & opportunities for each, and collecting
evidence to show that each process is working as planned.
The ISO 9001 Standard includes a diagram (see section 0.3.2, Figure 2 of ISO
9001:2015) that depicts how the main Elements connect to each other in a Plan-DoCheck-Act cycle. Many organizations will simply borrow this flowchart and call it their
own to address Clause 4.4 however by doing so they will miss an opportunity to finally
connect their real business activities to their QMS (instead of running it in a parallel
universe!). At the very, very least, developing your own business process flowchart
would give you something to show the Auditors (both internal and external) about how
your organization actually functions. What I am talking about here is a high level
diagram showing your main business processes (no more than 6 to 10), and how they
connect or flow from one to the other. Add in references to the main Elements of the
ISO 9001:2015 Standard and youve now connected the dots for the External Auditors.
Creating this document can be an eye opening (and fun) exercise. This is a great way
to engage upper management in taking more ownership of their QMS.
Make sure to watch for our next Newsletter issue where we will cover another section of
ISO 9001:2015
Q: Since ISO 9001:2015 no longer requires a Quality Manual, should I delete it from the
QMS?
A: I know the temptation may be to scrap the Quality Manual since it will need to be
revised to comply with ISO 9001:2015 but I recommend you keep it for a number of
reasons. One main reason for having a Quality Manual is that it provides the reader
(your employees) with a blueprint on how you manage Quality in your company. It helps
them navigate around all of the processes youve decided to implement to ensure you
deliver a Quality product and a Quality service to your Customers. Another potential
benefit I see is using it as a document to show how your company decided to
address/interpret the requirements within the ISO 9001 Standard, which is helpful for
both inside and outside readers (your Internal Auditors, your Customers, your Suppliers,
your ISO Certification Auditors). As Ive said before this 2015 revision is an opportunity
to connect your QMS much closer to your business so consider not just scrapping the
Quality Manual but rather re-building it into a more business/practical document by
using only a handful of main content pages, followed by a few Appendices as reference
material.
Clause 4.1: Understanding the organization and

its context
Whats new in Clause 4.1? We covered Element 10.0 (the final Element) in my last
Newsletter (ISO 9001:2015 Newsletter Issue 10), and now as promised I plan to start
back at the beginning and delve into each of the Clauses in more detail. Clause 4.1 is
brand new in this 2015 edition of the Standard and I discussed it at a high level back
in Newsletter Issue #3.
Let me start by making an observation regarding Clause 4.1 I find it interesting that
the word context is nowhere to be found within Clause 4.1. This is not normal since
typically the words in the title of the Clause are almost always repeated within the
Clause itself. Normally youd expect the wording to be something like The organization
shall determine itscontext, etc, etc. Basically Clause 4.1 never really asks you to state
what your context is but rather asks you to determine what internal and external issues
impact your organization.
Here is another important fact, the phrase documented information does not exist
within Clause 4.1, so you are free to simply verbally describe how your Strategic
Planning process (or SWOT activity) functions. Even if some companies keep a record
of these activities they can state that this information is considered proprietary and
confidential. If the Auditor sees this as a gap and wishes to pursue this further, they will
be faced with demonstrating that a lack of documented information in this area
somehow makes this particular QMS process, ineffective (see Clause 4.4.2).
This is a good example of how this new Standard differs from the old one Auditors will
now need to swim upstream and downstream (and within) each process (with perhaps
only verbal evidence along with their own observations), in order to assess whether the
process is functioning, functioning as planned, and functioning effectively. Many
Auditors will find this to be a challenge, especially when sitting across the table from the
business leaders in the company.

Section 6 Planning
Section 7 Support
Section 8 Operation
Clause 4.1: Understanding the organization and its context So what does context
mean? Notes 2 and 3 try and help by making suggestions however I view context as a
statement made by top management that describes the business that the organization
is engaged in and also includes a description of the external and internal factors that
affect or impact how they operate.
If your company practices Strategic Planning then a lot of what Clause 4.1 requires will
be addressed within that process. Additionally, if your organization engages in SWOT
analysis (which was discussed back in Newsletter Issue #4), then the output from that
exercise covers the internal issues (Strengths & Weaknesses) as well as the external
issues (Opportunities & Threats) quite nicely. If your organization then develops action
plans (or Strategies) based on the SWOT analysis then that will become perfect
evidence for Clause 6.1 (Actions to address risks and opportunities).
However, many companies may not be able to make reference to any formal Strategic
Planning process, which makes complying with this Clause more challenging. The first
thing to do is determine if your organization has any type of meeting where they discuss
what the business challenges will be for the upcoming year and where goals/targets
might be set. If this type of meeting does occur then make reference to it either in your
Level 1 Quality Manual (which I suggest you retain revise it of course but still retain it)
or within a supporting Level 2 Procedure. Be sure to explain how this meeting covers
both internal and factors impacting your business for the year ahead.
If for some reason your organization simply does not conduct any type of business
planning meeting at the beginning the fiscal year then you will need another option or
alternative for handling context. This alternative approach first assumes that you will
not scrap your current Quality Manual (even though it is no longer an ISO requirement).
Secondly, you need to be prepared to re-write a portion of your Quality Manual so that it
includes a Business/Strategic Planning section which describes how your business
planning activities look at internal and external issues. An easy approach you can use
within this new section of your Quality Manual would be to create two tables, one listing
Internal Issues and one listing External Issues. Youll need to re-visit this new Quality
Manual section at least once a year (perhaps at a Management Review Meeting), so
that the information regarding context can be updated for the next year (or reconfirmed as is).
There can obviously be many other approaches that will work, since every company is
unique, with each performing various degrees of formal strategic planning. So as
always, how you address context depends very much on how your current annual
business planning process works (or doesnt).
To view all of our past Newsletters or to sign up to receive them click here
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 4.2: Understanding the needs and

expectations of interested parties
Whats new in Clause 4.2? In our last Newsletter (ISO 9001:2015 Newsletter Issue
11) we discussed the term context which was found in the previous Clause, and now in
Clause 4.2 we are introduced to another new phrase entitled interested parties.
Clause 4.2 is brand new in this 2015 edition of the Standard and I discussed it at a high
level back inNewsletter Issue #3.
Let me start by making an observation regarding Clause 4.2 Notice that the title says
needs and expectations but these words never show up within the Clause itself, but
rather they are replaced with the word requirements. This seems odd especially since
requirements is a much more prescriptive word. This is just another inconsistency
similar to what I pointed out in the last Clause (see Newsletter Issue #11).
Here is another important fact, the phrase documented information does not exist
within Clause 4.2, so you are free to simply verbally describe how your organization
determines who the interested parties are to your QMS, and what their requirements
are. Again, if the Auditor sees this as a gap and wishes to pursue this further, they will
be faced with demonstrating that a lack of documented information in this area
somehow makes this particular QMS process, ineffective (see Clause 4.4.2).
Notice also the use of the word relevant you get to decide which interested parties
are relevant to your QMS, ANDwhich of their requirements are relevant. So lots of
flexibility is provided in how you can address the requirements within this Clause.
As I said in my last Newsletter, this is another good example of how this new Standard
differs from the old one Auditors will now need to swim upstream, and downstream,
and within each process (with perhaps only verbal evidence, along with their own
observations), in order to assess whether the process is functioning, functioning as
planned, and functioning effectively. Many Auditors will find this to be a challenge,
especially when sitting across the table from the business leaders in the company.

Section 6 Planning
Section 7 Support
Section 8 Operation
Clause 4.2: Understanding the needs and expectations of interested parties So

who are the interested parties? If your organization does do formal Strategic Planning
then those groups that are external to your business (usually identified as part of the
Opportunities & Threats discussions) are typically interested parties since they are
impacted by the direction you take with quality. If your organization doesnt do formal
business planning then the alternative is to handle this topic in a new section of your
Quality Manual.
Let me repeat, this Clause can be addressed through verbal discussion/evidence
however I suggest you consider building a table that lists your interested parties, with
Customers being at the top of this list, followed by Vendors, Employees, etc, and dont
forget about accreditation bodies (your ISO Certification organization) and regulatory
bodies connected to your QMS such as the DOT (for transportation of your products).
Next to each of these interested parties you can either list their relevant requirements
and/or simply reference which Procedure within your QMS addresses their
requirements. This table of relevant interested parties (along with their associated
relevant requirements) should be reviewed by the Management Team,
finalized/approved and then re-visited by them once a year to keep this list up-to-date.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 4.3: Determining the Scope of the

Quality Management System
12) we discussed the term interested parties which was found in the previous Clause,
and now here in Clause 4.3 we are introduced to the topic called scope. The term
scope was previously found in the 2008 version, in Section 1.0, but in that case
scope was referring to scope of the document (the International Standard). In the
2015 edition, Clause 4.3 is brand new in the Standard since it deals with the scope of
your organizations quality management system (QMS). Although the 2008 version did
not have a shall requirement regarding scope, the ISO Certification Bodies required
that it be stated on the certificate they issued to you, so they mandated that you define
what your scope was within your QMS. This necessitated having the exact same
wording shown somewhere, and in most cases companies placed it within their Quality
Manual.
Let me start by making an observation regarding Clause 4.3 notice that this is the first
time where the term documented information surfaces. Since there is no specific
requirement for a document called the Quality Manual, organizations will need to decide
where to maintain this documented information. Once again, I suggest that you retain
your Quality Manual for many reasons as stated previously (see Newsletter Issue #3),
and that this be where your company defines the boundaries or scope of your QMS.
The new numbering format

Element 4 Context of the organization
Element 5 Leadership
Element 6 Planning
Element 7 Support
Element 8 Operation
Element 9 Performance evaluation
Element 10 Improvement
Clause 4.3: Determining the Scope of the Quality Management System Any
company that is currently registered to the 2008 version will have a scope statement
somewhere in their QMS. With that in mind, let me highlight what is new for 2015. First
of all, Clause 4.3 a) & b) asks your organization to consider what was stated back in
Clauses 4.1 (Context) and 4.2 (Interested Parties) when determining what your scope
statement will be. I believe this is somewhat backwards since it is simpler to start with
defining your Scope and then let that drive a determination of who
the relevant interested parties are, as well as what the internal context issues are, and
what the external context issues are. Secondly, the Standard now asks you to
specifically list the types of products and services that will be included within your
QMS. Developing a list of products, and also a list of services, will be an excellent
exercise to better understand what gaps exist within your current QMS. The expectation
is that each item listed (each product and each service) will be assessed and
addressed using the 400+ shalls within the 2015 Standard dont underestimate the
impact this will have. As a Customer why would you expect anything less?
Clause 4.3 also contains requirements regarding Not Applicables which I discussed
back in Newsletter Issue #3. What is different here is that you are allowed to take a NA
on any Clause within the Standard. However you will have to justify that by excluding a
Clause this will have no impact on your ability to provide conforming products AND
conforming services, AND it will have no impact on the enhancement of satisfaction
levels of your Customers. Another way to view this is if you decide to take a NA for a
particular activity that you currently do then that implies that the activity/process can
behave inconsistently/ erratically/ chaotically, and yet have zero impact on the quality of
your products, or the quality of your services and the Customer will never notice it.
Having said all of that, it will be interesting to read what justifications are stated within a
QMS, since this information must be maintained as documented information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 4.4: Quality Management System and its

Processes
13) we discussed the topic of scope which was outlined in the previous Clause, and
now here in Clause 4.4 we cover the whole of the QMS, along with its processes.

Element 6 Planning
Element 7 Support
Element 8 Operation
Clause 4.4 Quality Management System and its Processes consists of two (2) SubClauses as listed below:
4.4.1 [no title] The organization shall establish, implement
4.4.2 [no title] To the extent necessary, the organization shall
Sub-Clause 4.4.1 This area was covered in the very first lead-off Clause previously
found in the 2008 version. In the 2015 edition, this Sub-Clause adds a few new
requirements, the first being Sub-Clause 4.4.1 a) which asks the organization to
determine the inputs and outputs of the processes needed for the QMS. The second
being Sub-Clause 4.4.1 c) where performance indicators need to be identified for these
processes. The third is Sub-Clause 4.4.1 e) which asks you to assign who is
responsible, and who has the authority over each of these processes. Finally, in SubClause 4.4.1 f) a new requirement asks how these processes will address the risks and
opportunities identified in Clause 6.1.
Sub-Clause 4.4.2 This is the sub-clause that provides you with the flexibility to decide
how much, or how little, documentation your QMS needs, to function effectively. SubClause 4.4.2 a) uses the term maintain documented information and Sub-Clause 4.4.2
b) says retain documented information, and these terms are translated for you in
Annex A.6 whereby maintain is equivalent to the old control of documents, and
retain is the same as control of records.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 5.1: Leadership and

Commitment
14) we discussed the topic of QMS and its Processes which was outlined in the
previous Clause, and now here in Clause 5.1 we address the new term Leadership.
NOTE: This Clause does not include a requirement for documented information.

Element 6 Planning
Element 7 Support
Element 8 Operation
Clause 5.1 Leadership and Commitment consists of two (2) Sub-Clauses as listed
below:
5.1.1 General
5.1.2 Customer Focus
Sub-Clause 5.1.1 General The first five words set the tone in this sub-clause: Top
management shall demonstrateleadership, and then they proceed to give you ten
(10) ways to demonstrate it, which is double the number from the 2008 version. In the
2015 edition of this Standard, this area adds some new requirements, the first being
Sub-Clause 5.1.1 a) which asks top management to take accountability for the
effectiveness of the QMS this word was not found anywhere in the 2008 version. The
second being Sub-Clause 5.1.1 b) where there is a requirement that top management
ensure that the quality policy and the quality objectives are compatible with the context
and strategic direction of the organization. The third is Sub-Clause 5.1.1 c) which asks
top management to integrate the QMS into its businessprocesses. These last two
additions clearly asks that top management view the QMS as an integral part of how the
business is run.
The fourth additional requirement (from 2008) is Sub-Clause 5.1.1 d) which asks top
management to promote the use ofrisk-based thinking. This is the one and only
shall requirement within the entire Standard that mentions risk-based thinking.
Nowhere else within Elements 4.0 through to Element 10.0, of ISO 9001:2015, is the
term risk-based thinking found. Interesting isnt it? Considering all the hoopla that has
been raised on this topic, in various webinars and online forums, one would have
thought there would have been multiple shalls requiring risk-based thinking (but no,
just once, in sub-clause 5.1.1 d). I will have more to say on the risk topic when I get to
Clause 6.1, so stay tuned when I will share more information on one approach
organizations can use to address risk, and risk-based thinking.
The fifth and sixth new requirements are found in Sub-Clauses 5.1.1 f) & g) which ask
top management to communicate the importance of effective quality management and
to ensure that the QMS achieves its intended results. It would be a good exercise for
every organization seeking to transition to this new ISO 9001:2015 Standard, to first
decide who is considered top management and then to ask them to express what they
see as the intended results for their QMS. Continuing on, Sub-Clause 5.1.1 h) is one
place where they have attempted to deal with eliminating the previous role of
Management Representative, by spreading this responsibility to others. Finally, in SubClause 5.1.1 j) they ask top management to support other relevant management roles in
providing leadership, in other areas of the business.
Sub-Clause 5.1.2 Customer Focus This requirement leads off by asking top
management to demonstrate leadership in this area of Customer focus by providing us
with three (3) ways to do it, two of which were found in the previous 2008 version. Sub-
Clause 5.1.2 b) adds a new requirement asking that top management ensure that risks
and opportunities that can impact Customer satisfaction with the organizations products
and services, are properly addressed. Although the Standard doesnt reference Clause
6.1 (Actions to address risks and opportunities), it should have, since that is where top
management needs to point, to demonstrate that theyve addressed this requirement.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 5.2: Policy

15) we discussed the topic of Leadership, and now here in Clause 5.2 we address the
term Policy, and in this case Quality Policy.
NOTE: This Clause does include a requirement for documented information.

Element 6 Planning
Element 7 Support
Element 8 Operation
Clause 5.2 Policy consists of two (2) Sub-Clauses as listed below:

5.2.1 Establishing the Quality Policy
5.2.2 Communicating the Quality Policy
Sub-Clause 5.2.1 Establishing the Quality Policy The requirements within this subclause really didnt change much from the previous 2008 edition except in one area,
found in 5.2.1a). Here theyve added the words Top management shall establish a
quality policy that is appropriate to the context of the organization and supports its
strategic direction. Well as you know, context was covered back in Clause 4.1, and
strategic direction was also mentioned back in Clauses 4.1 and 5.1. These new words
are another example of how they have attempted to align the actual running of the
business with the ISO 9001 Standard, which in my opinion can only help the ongoing
management support needed for every QMS.
This sub-clause gives you a reason to get this topic back on the boardroom table. The
Quality Policy sets the tone as to how Top Management views quality. It is the goal that
the organization is trying to attain. Its the reason why you installed the QMS in the first
place so you can achieve the Quality Policy! Many Quality Policy statements have
become stale and outdated since the last major revision to the Standard back in the
year 2000. These new requirements regarding context and strategic direction should
initiate a discussion with Top Management to get their input on this key document.
Many companies also have developed Mission Statements, so here is a great
opportunity to see if it can be used in place of your Quality Policy, and satisfy the
requirements within this sub-clause.
Sub-Clause 5.2.2 Communicating the Quality Policy Within this sub-clause you
will find a number of new requirements starting with 5.2.2a) which asks that you make
your Quality Policy available to everyone whenever they wish to view it. Some
employees only get to see the Quality Policy during orientation training, and if it isnt
posted in multiple areas then is it really available to them?
Sub-clause 5.2.2b) asks that you ensure that the Quality Policy is applied within the
organization. First they ask that you make it available and now they want you to
apply it. As I said above, the Quality Policy is the goal of your QMS, and as such
should be applied by employees to help them make the right decisions for the business,
when quality is involved.
Finally, Sub-clause 5.2.2c) asks that you also make the Quality Policy available to
relevant interested parties, as appropriate. First off, interested parties were covered
back in Clause 4.2. Second, there is lots of flexibility in the word relevant so be sure to
go back to how you addressed Clause 4.2, what interested parties were involved, and
then determine how each of them will be able to view your Quality Policy if they wish to.
This could be as simple as placing it on your website (which it probably should be

anyways) and then direct any inquiries from interested parties to that location.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 5.3: Organizational Roles,

Responsibilities and Authorities
16) we discussed the topic of Quality Policy, and now here in Clause 5.3 we address
the area of roles, responsibilities and authorities.
Note 1: This Clause does NOT include a requirement for documented information.
Note 2: Ive had some readers email me to ask Where do I get the content for these
Newsletters?. Thats simple its from working in the field with both my Clients and
with their ISO Certification Bodies. A lot of hands-on experience comes from
conducting numerous gap audits, where the requirements of the Standard have to be
interpreted and applied to each unique situation. Combining a Gap Audit with ISO 9001
Essentials Training, has become our most popular request from our Newsletter readers
(more details on this, as well as other training, can be found below).

Element 6 Planning
Element 7 Support
Element 8 Operation
Clause 5.3 Organizational Roles, Responsibilities and Authorities consists of zero

(0) Sub-Clauses.
Whats new in this Clause is what is missing from it namely there is no longer a
requirement to appoint a QMS Management Representative. This situation is very
similar to the removal of the requirement for a Quality Manual, and once again I suggest
you carefully re-consider before eliminating this role.
As I mentioned back in an earlier Newsletter (ISO 9001:2015 Newsletter Issue 5), the
Management Representative role can provide an important focal point for many quality
related activities within an organization, such as taking ownership of the internal audit
process, coordinating audits with outside Customers, as well as handling external
regulatory/accreditation bodies, to mention just a few.
Keep in mind that your QMS could erode over time if no one is specifically identified and
assigned to look after it. Id recommend that the role of Management Representative
be maintained but that it become a rotating responsibility amongst the Top Management
team members, and that it is re-assigned every two years max. This provides a few
advantages, such as: a) it satisfies the intent of the ISO 9001:2015 Standard of
distributing QMS responsibilities; b) it recognizes that everyone shares the commitment
to Quality within the organization; and c) every member of Top Management eventually
gains a much better appreciation of all that is involved in maintaining a QMS.
Other wording that is new within Clause 5.3 is the phrase ...ensure that roles,
responsibilities and authorities areunderstood within the organization. This implies
that Top Management will ensure that it is understood who is responsible for what
within the Quality Management System. If this new requirement is not addressed
properly it will surface during audit interviews where conflicting responses are received
from auditees when asked about who makes the final decision on quality related issues.
Other then the above comments, Clause 5.3 is mostly a repeat of requirements from the
earlier 2008 edition.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ISO 9001:2015
Element 6.0 Planning
Whats new in Element 6.0? The term risk is new and as I mentioned in my last
Newsletter (ISO 9001:2015 Newsletter Issue 5), I gave a presentation to the ASQ
Toronto Section on Oct 14th where I reviewed the main changes within ISO 9001:2015.
There was record attendance (approx. 140 people) and they had lots of questions,
mostly about the topic of risk. There seems to be a lot of confusion on how to handle
the new risk requirements in the Standard. ClickHERE to download a copy of this
presentation.
Section 6 Planning
Section 7 Support
Section 8 Operation
Element 6.0 Planning consists of three (3) Clauses as listed below:

6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes
Clause 6.1 Actions to address risks and opportunities: This Clause contains two
sub-clauses, namely 6.1.1 and 6.1.2 (with neither of these sub-clauses having titles).
We previously discussed Clause 6.1 back in an earlier Newsletter (ISO 9001:2015
Newsletter Issue 3), when we covered the topics of Business/Strategic Planning and
SWOT, where both of these approaches should generate actions to address risks and
opportunities, which is what is needed to comply with this Clause.
Sub-Clause 6.1.1 asks you to refer back to the issues in Clause 4.1 (Understanding the
Organization and its Context) and the requirements in Clause 4.2 (Understanding the
Needs and Expectations of Interested Parties) as part of your planning process, and
then continues on to explain why you need to address risks and opportunities, in subclause parts [a] through [d].
Sub-Clause 6.1.2 carries on and asks you to [a] plan actions for risks/opportunities,
and [b] plan how you will weave these actions into your QMS (and then check whether
these actions worked). They finish by reminding you that it is completely your decision
on how big or how small these actions will be.
Theyve also added a couple of NOTES at the end which attempt to clarify the words in
this Clause.
Clause 6.2 Quality objectives and planning to achieve them: This Clause contains
two sub-clauses, namely 6.2.1 and 6.2.2 (with neither of these sub-clauses having
titles). Sub-Clause 6.2.1 starts off being very similar to the requirements in the 2008
version but adds that these quality objectives should also be established for
processes, which is something new.
Sub-Clause 6.2.1 parts [a] through [e] outline requirements that are not really different
from 2008, however [f] and [g] asks that you communicate the quality objectives and
that you keep them updated. Finally they make sure that there is no confusion by telling
you to maintain them as documented information. These requirements add some
teeth to what Ive always said is a critical Clause within the ISO 9001 Standard because
it drives your quality performance.
Sub-Clause 6.2.2 parts [a] through [e] definitely add new substance to the topic of
Quality Objectives by asking Who, What, When and How. This level of detailed
requirements will ensure that you are clearly stating how you handle quality objectives
within your organization. This new ISO 9001:2015 Standard is attempting to achieve
more business alignment, and all of the Clauses within Element 6.0 are a good
example of that.
Clause 6.3 Planning of changes: This Clause has essentially the same requirements
as the 2008 version and therefore should have limited impact on an existing QMS that is
currently compliant with ISO 9001.
Make sure to watch for our next Newsletter issue where we will cover another section of
ISO 9001:2015
To sign up for our Newsletters click here
Q: How should Quality Objectives be developed? Are they the same as Business
Objectives?
A: Let me start with the second part of the question. Yes, Quality Objectives can be
identical to the Business Objectives, or they can be a sub-set of them. Business
Objectives are generated from the key words found within an organizations Mission
Statement. If you state that you want to be the market leader in your industry then you
need to set a measurable objective (and an action plan) that will get you there. This is
the same approach that you should use with your QMS by ensuring that your Quality
Objectives flow directly from the key words within your Quality Policy statement. So if
your Quality Policy says something like we make sure Customers are always
satisfied by being on-time every time then you would need two quality objectives, one
for the level of Customer Satisfaction you want to achieve, and another objective for the
on-time delivery performance that you are striving towards.
Clause 6.1: Actions to Address

Risks and Opportunities
17) we discussed the topic of roles, responsibilities and authorities, and now here in
Clause 6.1 we address the area of risks and opportunities.
Note A: This Clause does NOT include a requirement for documented information.
Note B: The content for these Newsletters comes from working in the field with my
Clients, and with their ISO Certification Bodies. I gain a lot of hands-on experience from

Element 6 Planning
Element 7 Support
Element 8 Operation
Clause 6.1 Actions to Address Risks and Opportunities consists of two (2) SubClauses as listed below:
6.1.1 [no title] When planning for the quality management system
6.1.2 [no title] The organization shall plan
Sub-Clause 6.1.1 This sub-clause asks you to refer back to the issues in Clause 4.1
(Understanding the Organization and its Context) and the requirements in Clause 4.2
(Understanding the Needs and Expectations of Interested Parties) as part of your
planning process, and then continues on to explain why you need to address risks and
opportunities, in sub-clause 6.1.1 parts [a] through [d].
Lets take a moment and talk about risk I continue to see discussions (lots and lots
of discussion) in online forums debating the terms risk and risk-based thinking, what
they mean and what can be shown to an auditor as objective evidence.
Lets begin with some words taken directly from the ISO 9001:2015 Standard
From Annex A.4: One of the key purposes of a quality management system is to act
as a preventive tool. Consequently, this International Standard does not have a separate
clause or subclause on preventive action. The concept of preventive action is expressed
through the use of risk-based thinking in formulating quality management system
requirements.
Also, here are some additional facts derived directly from the ISO 9001:2015
Standard
Other than Clause 5.1.1 d), there are NO other shall requirements for risk-based
thinking in the ISO 9001:2015 Standard. Not one other shall period and Clause
5.1.1 d) simply asks top management to promote the use of risk-based thinking thats
it promote the use and NO documented information is required.
Let me continue
The single word risk (not risk-based thinking) shows up in only eight (8) sentences as
a requirement, but not one of these areas ask for documented information, which
means verbal-only evidence will have to be acceptable to an auditor.
Let me summarize then by saying that this new ISO 9001:2015 Standard has eliminated
the Preventive Action clause and replaced it with a concept called risk-based thinking.
I say concept because there is no teeth to it, no requirements exist other than to
promote the concept within the organization, and no requirement to show documented
proof that you have implemented risk-based thinking (even the old Preventive Action
clause required a controlled record to be kept!).
As an ISO 9001 Auditor, I fully recognize the predicament this places the Auditor in, and
two words come to mind, flexible and open-minded, because thats what it will take to
assess whether an organization has complied.
As an ISO 9001 Trainer/Consultant, my advice is to begin by understanding how your
organization currently deals with risks and opportunities, as an ongoing business issue
(i.e. business or strategic planning). Resist the urge to implement some new process or
activity since it will likely not last if the business process owners dont see inherent value
in doing it, year after year, after year. If your organization has weak business planning
practices then look to your existing Quality Management System (QMS) since it
primarily functions as a risk mitigating tool. Keep in mind that your QMS also has
ways of uncovering opportunities as well.
I recommend that once youve decided how you will address the terms risk, risk-based
thinking and opportunities, then document your interpretation of these words within
your Quality Manual. This is a good way to guide the Auditor (Internal or External) on
how your organization has chosen to address these topics, and doing so should help
prevent future disputes during subsequent audits of your QMS.
Sub-Clause 6.1.2 This sub-clause asks you to [a] plan actions for risks &
opportunities, and [b] plan how you will weave these actions into your QMS (and then
plan how to check whether these actions worked). They finish off in the last sentence
reminding you that it is completely your decision on how big or how small these actions
will be.
Depending on what you discovered when you investigated how your business currently
handles risks and opportunities, will dictate how you address the requirements within
sub-clause 6.1.2. If you have a Strategic Plan, or a Business Plan, and/or a SWOT
Analysis (ISO 9001:2015 Newsletter Issue 4), then make reference to that activity within
your Quality Manual. Otherwise, follow my advice above about using your existing QMS
as your risk & opportunity tool.
Finally, theyve also added a couple of NOTES at the end which attempt to clarify the
words in this Clause, and although they are nice sounding words, they dont really help
much and remember that a NOTE is not a requirement within the ISO 9001:2015
Standard.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 6.2: Quality objectives and

planning to achieve them
18) we discussed the topic of risks and opportunities, and now here in Clause 6.2 we
address the area of quality objectives.
Note A: This Clause does include a requirement for documented information.

Element 6 Planning
Element 7 Support
Element 8 Operation
Clause 6.2 Quality objectives and planning to achieve them consists of two (2)
Sub-Clauses as listed below:
6.2.1 [no title] The organization shall establish quality objectives
6.2.2 [no title] When planning how to achieve its quality objectives
Sub-Clause 6.2.1 The lead off sentence starts off by being very similar to the
requirements in the 2008 version but adds that these Quality Objectives should also be
established for relevant processes, which is something new. Many organizations
already have objectives in place for processes, in addition to measurements for
individual functions or departments. You can recognize these process objectives
because they are the metrics that not one single Manager can control, but rather
depends on various functional areas to perform effectively, an example of which would
be on-time delivery to the Customer.
Parts [a] through [e] within this sub-clause outline requirements that are not really
different from 2008, asking that the Quality Objectives: be consistent with the Quality
Policy; be measurable; that they take into account any applicable requirements; be
relevant to the conformity of products/services and to the enhancement of Customer
satisfaction; and be monitored. However parts [f] and [g] asks that you communicate
the Quality Objectives, and that you keep them updated. In many organizations this is
often accomplished during monthly or quarterly business scorecard review meetings.
Finally they make sure that there is no confusion by telling you to maintain your Quality
Objectives as documented information. All of the requirements found in Clause 6.2
add some teeth to what Ive always said is a critical section within the ISO 9001
Standard because it drives your quality performance.
The following was taken from a previous Newsletter and I think its worth repeating
How should Quality Objectives be developed? Are they the same as Business
Objectives? Let me start with the second part of the question. Yes, Quality Objectives
can be identical to the Business Objectives, or they can be a sub-set of them. Business
Objectives are generated from the key words found within an organizations Mission
Statement. If you state that you want to be the market leader in your industry then you
need to set a measurable objective (and an action plan) that will get you there. This is
the same approach that you should use with your QMS by ensuring that your Quality
Objectives flow directly from the key words within your Quality Policy statement. So if
your Quality Policy says something like we make sure Customers are always
satisfied, by being on-time every time then you would need two quality objectives,
one for the level of Customer Satisfaction you want to achieve, and another objective for
the on-time delivery performance that you are striving towards.
Sub-Clause 6.2.2 Parts [a] through [e] definitely adds new depth to the topic of
Quality Objectives by asking Who, What, When and How. They want to know
what will be done to achieve each Quality Objective (and what resources will be needed
to do it); Who is responsible for each Quality Objective; When each Quality Objective
will be achieved; and how the status of each Quality Objective will be tracked and
assessed. This level of detailed requirements will ensure that you are clearly stating
how you will manage to achieve your Quality Objectives within your organization.
This new ISO 9001:2015 Standard is attempting to achieve more business alignment,
and Clause 6.2 is another good example of that.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Clause 6.3: Planning of changes

19) we discussed the topic of quality objectives, and now here in Clause 6.3 we
address the area of planning QMS changes, which by the way is what you will be
doing to your current QMS when you transition to this new ISO 9001:2015 Standard!
Note A: This Clause does NOT include a requirement for documented information.
RISK & RISK-BASED THINKING:
I continue to receive emails about the new term risk-based thinking and how an
organization should address it. In a previous Newsletter (ISO
9001:2015 Newsletter Issue 18) I covered this topic, however based on the continued
confusion in this area I thought Id point out what Annex A.4 has to say about riskbased thinking the following words were taken directly from the ISO 9001:2015
Standard (bolded words are mine):
Although 6.1 specifies that the organization shall plan actions to address risks, there
is no requirement for formal methods for risk management or a documented risk
management process. Organizations can decide whether or not to develop a more
extensive risk management methodology than is required by this International Standard,
e.g. through the application of other guidance or standards.
Not all the processes of a quality management system represent the same level of risk
in terms of the organizations ability to meet its objectives, and the effects of uncertainty
are not the same for all organizations. Under the requirements of 6.1, the organization is
responsible for its application of risk-based thinking and the actions it takes to address
risk, including whether or not to retain documented information as evidence of its

determination of risks.
I hope the above statement will help to reduce the concern about what will be needed to
comply with this new vague term called risk-based thinking

Element 6 Planning
Element 7 Support
Element 8 Operation
Clause 6.3 Planning of changes consists of zero (0) Sub-Clauses.

The lead off sentence starts off by being very similar to the requirements in the old 2008
version, essentially asking that if the organization intends to make a change to its
Quality Management System (QMS), then that event should be planned for in advance.
One thing that was left out in this new version (that was included in 2008), was the
requirement that any changes made to the QMS should support the achieving of the
Quality Objectives.
Parts [a] through [d] within this sub-clause outline requirements that provide much more
substance then what was found in the old version (2008). Item [a] asks that if a change
to the QMS is planned then the organization must consider what the purpose is of
making this change, as well as the potential consequences resulting from it. Item [b] is
a repeat from 2008 regarding maintaining the integrity of the QMS. Item [c] asks that
the organization consider the resources required to implement the change, and Item [d]
deals with the allocation (or re-allocation) of responsibilities and authorities as a result of
the change.
A good example of when this Clause applies would be for making the transition to this
new ISO 9001:2015 Standard, when your organization will upgrade its QMS to comply
with these new requirements!
SO 9001:2015
Element 7.0 Support
Whats new in Element 7.0? We covered the planning activities in my last
Newsletter (ISO 9001:2015 Newsletter Issue 6), and these plans now require support
to implement them, which is the focus of Element 7.0 (Support). This Element
combines a number of topics from the previous 2008 version with the biggest change
being the concept of organizational knowledge to address the potential loss of
knowledge which could impact Customer satisfaction, as well as the ability to run the
business effectively.

Section 6 Planning
Section 7 Support
Section 8 Operation
Element 7.0 Support consists of five (5) Clauses as listed below:

7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information
Clause 7.1 Resources This Clause contains six (6) sub-clauses:

Sub-Clause 7.1.1 (General) is as the name implies general regarding the need for
resources to ensure the QMS functions properly. It also asks the organization to take
into consideration the impact on internal resources as well as the need to use external
providers.
Sub-Clause 7.1.2 (People) is a straight-forward requirement to make sure you put
round pegs into round holes. Note that this applies to any person who performs
activities outlined within the QMS, whether they be management, front-line, full-time,
part-time, hourly, salary, union, non-union, contract, temporary, summer student, intern,
virtual worker, etc.
Sub-Clause 7.1.3 (Infrastructure) contains the same requirements as we had in the past
with very little changes to it.
Sub-Clause 7.1.4 (Environment for the operation of processes) is essentially the same
as work environment in the previous version, however they have included social and
psychological factors to be considered within the accompanying Note. They use terms
like non-confrontational and emotionally protective which should make trying to audit
this requirement quite a challenge.
Sub-Clause 7.1.5 (Monitoring and measuring resources) is the new calibration clause
and it repeats many of the same requirements found in the 2008 version.
Sub-Clause 7.1.6 (Organizational Knowledge) As I mentioned earlier this is one of the
new changes found within Element 7.0 and it addresses the risk of knowledge walking
out the door with the possible negative impact on Customer orders. Keep in mind that
although this is a new requirement in 2015, it had been partially addressed by asking
organizations to create documented procedures in the 2008 version (and likewise with
work instructions). These types of documents are one way to capture knowledge
embedded within the organization and preserve it over time.
Clause 7.2 Competence: This Clause contains very few changes from the previous
2008 version.
Clause 7.3 Awareness: This Clause has a couple of changes within it, namely it is
asking organizations to make it clear to their employees the impact on the business if
they improve their performance, as well as the impact if they perform poorly.
Clause 7.4 Communication: This Clause combines requirements found in the

previous 2008 version however it takes it a step further by being very prescriptive by
asking what, when, who and how the organization will communicate both
internally and externally.
Clause 7.5 Documented Information This Clause contains three (3) subclauses, Sub-Clause 7.5.1 (General), Sub-Clause 7.5.2 (Creating and Updating) and
Sub-Clause 7.5.3 (Control of documented information). This is the new Clause
combining the old control of documents and control of records. The requirements
appear to be much the same and it is not clear what theyve accomplished by combining
these two concepts, except perhaps confusion in the user community.
Be sure to watch for our next Newsletter issue where we will cover another section of
ISO 9001:2015
Q: How should we address this new term called documented information and has
there been a reduction in documentation requirements in this new revision?
A: Let me start with the second part of the question. In the previous edition (2008) they
asked for 1 Quality Manual, 6 areas requiring a documented procedure and 19 records.
In this new revision they have used the term documented information 34 times. I just
dont see where theyve reduced the requirements for documentation. As always, its up
to you to decide how much, or how little, documentation you will create to satisfy
yourself and your Customers that you have an effectively functioning QMS period.
With respect to addressing documented information I would suggest that if your
current method of controlling documents and controlling records works, then leave it
as is and dont change it. Of course if it needs fixing then get on with repairing it for the
good of your business and not just because a revision was made to the ISO 9001
Standard.
Element 8.0 Operation

Whats new in Element 8.0? We covered the support activities in my last
Newsletter (ISO 9001:2015 Newsletter Issue 7), and this support is now
directed towards your main operations, which is the focus of Element 8.0 (Operation).
This Element is by far the largest of all the Elements and combines a number of
requirements from the previous 2008 version. The biggest change being Clause 8.3
(Design and development of products and services), since it is now clear that services
and service processes need to be designed and not left to chance. I had mentioned
this change in earlier Newsletters because many organizations take a not applicable
on Design and they now need to re-think that decision for those services they provide to
their Customers. This really shouldnt be a major hurdle since many companies already
have implemented structure into their service delivery processes but just have not
referenced them inside their Quality Management System (QMS).

Section 6 Planning
Section 7 Support
Section 8 Operation
Element 8.0 Operation consists of seven (7) Clauses as listed below:

8.1 Operational planning and control
8.2 Requirements for products and services
8.3 Design and development of products and services
8.4 Control of externally provided processes, products and services
8.5 Production and service provision
8.6 Release of products and services
8.7 Control of nonconforming outputs
Clause 8.1 Operational planning and control This Clause re-states similar
requirements for planning and control from the 2008 version but with a few key
differences. The first one being that these requirements now apply to all processes
identified within your QMS and not just the product realization processes. This was
implied in 2008 and now theyve made it much clearer. The other change deals with
managing the risks associated with changes you make to any of your QMS processes,
as well as action plans to mitigate any adverse effects from those changes.
Clause 8.2 Requirements for products and services: This Clause contains four (4)
sub-clauses, Sub-Clause 8.2.1 (Customer communication), Sub-Clause 8.2.2
(Determining the requirements related to products and services), Sub-Clause 8.2.3
(Review of requirements related to products and services), and Sub-Clause 8.2.4
(Changes to requirements for products and services). After a careful review of Clause
8.2, a few key items come to the surface. The first being that they use two separate
shall requirements to make it abundantly clear that you should not accept an Order
from a Customer unless you are convinced that you can deliver it (both the product and
the service) to their satisfaction. The number of nonconformances generated will be an
indicator of how often you break your promise to the Customer. The other key item in
this Clause is again the concept of services. You need to also review your ability to
make good on all of the services that you also promise to the Customer. As I said in
an earlier Newsletter, the best way to make sure that services are being addressed
properly within your QMS, is to develop a listing of all the services that your Customers
expect from your organization, then use that list to guide you as you dive into each of
the Clauses of this new Standard.
Clause 8.3 Design and development of products and services: This Clause
contains six (6) sub-clauses, Sub-Clause 8.3.1 (General), Sub-Clause 8.3.2 (Design
and development planning), Sub-Clause 8.3.3 (Design and development inputs), SubClause 8.3.4 (Design and development controls), Sub-Clause 8.3.5 (Design and
development outputs) and Sub-Clause 8.3.6 (Design and development changes).
Clause 8.3 has all of the previous requirements from 2008, along with some minor
changes, the most significant of which is the mention of Customer throughout, as well
as managing any risks associated from adverse effects of design changes. Of course,
Ive already mentioned above about handling design of services, which is now
expected within this Clause.
Clause 8.4 Control of externally provided processes, products and services: This
Clause contains three (3) sub-clauses, Sub-Clause 8.4.1 (General), Sub-Clause 8.4.2
(Type and extent of control) and Sub-Clause 8.4.3 (Information for external providers).
The biggest change here is the switch from the term supplier to external provider,
and so the word purchasing is no longer found within the ISO 9001:2015 Standard
(except in Annex A.8). Also, the 2008 version was product focused and as you can
see this has now grown to products, services & processes. So although the
requirements within Clause 8.4 remain essentially the same as 2008 (albeit there are
more of them and they are more prescriptive), the scope is much broader since it
encompasses many more activities, with many more players, regardless of whether
money actually changes hands (i.e. Vendors; Corporate Headquarters; Sister
Plants/Facilities; Shared Services; Other Depts; Joint Ventures; Associations; etc).
Clause 8.5 Production and service provision: This Clause contains six (6) subclauses, Sub-Clause 8.5.1 (Control of production and service provision), Sub-Clause
8.5.2 (Identification and traceability), Sub-Clause 8.5.3 (Property belonging to
customers or external providers), Sub-Clause 8.5.4 (Preservation), Sub-Clause 8.5.5
(Post-delivery activities) and Sub-Clause 8.5.6 (Control of changes). One of the
changes found here is in Sub-Clause 8.5.1 g) which asks you to include mistake
proofing as part of your control techniques. They do however use the wording as
applicable so it will be up to each organization to decide whether to make use of this
excellent tool. Another change is contained within Sub-Clause 8.5.3 which now includes
property supplied by external providers, and not just Customers. Sub-Clause 8.5.5 c)
is interesting in that it asks you to consider the life cycle of your products and services.
Finally, Sub-Clause 8.5.6 includes new requirements pertaining to managing changes
made in your Operations.
Clause 8.6 Release of products and services This Clause is essentially the same
as the previous 2008 version, with very few changes.
Clause 8.7 Control of nonconforming outputs This Clause starts off by using a
title that makes use of the term outputs, which ensures that you dont forget about
services being supplied to your Customers. In the past, this area of the Standard
typically only dealt with a limited number of nonconformance types or categories, and
they were primarily product related. Otherwise, the requirements found within this
Clause are similar to the 2008 version.
ISO 9001:2015
Element 9.0 Performance

Evaluation
Whats new in Element 9.0? We covered the operation of the organization in my
last Newsletter (ISO 9001:2015 Newsletter Issue 8), and now Element 9.0 (Performance
Evaluation) focuses on measuring how your Quality Management System (QMS) is
performing. For the most part Element 9.0 does not introduce any significant changes
over the 2008 version. Some of the minor changes include a more prescriptive
General lead-off section covered in Sub-Clause 9.1.1, which is a welcome change
from the previous 2008 version which was essentially redundant. Customer Satisfaction
and Internal Audit, which are two of the most critical sections of ISO 9001 remain pretty
much unchanged. More specific analysis, along with an expanded scope for these
analyses are changes that have found their way into this Element. Finally,
Management Review has had some minor modification, the most important being the
addition of this phrase and alignment with the strategic direction of the organization.
This represents one of the main changes that Ive seen in this new edition of ISO 9001.
They have attempted to connect the QMS with the Business, and this is just one
example of tying these two together.

Section 6 Planning
Section 7 Support
Section 8 Operation
Element 9.0 Performance evaluation consists of three (3) Clauses as listed below:
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal Audit
9.3 Management Review
Clause 9.1 Monitoring, measurement, analysis and evaluation: This Clause

contains three (3) sub-clauses, Sub-Clause 9.1.1 (General), Sub-Clause 9.1.2
(Customer satisfaction) and Sub-Clause 9.1.3 (Analysis and evaluation). As I
mentioned above, the first sub-clause (9.1.1) is a more prescriptive version from 2008,
and asks when monitoring and measurement will take place and when the data will
be analysed. It is also asks for documented information as evidence. Sub-Clause
9.1.2 (Customer Satisfaction) contains much of the same from 2008 however it uses the
term Customer needs and expectations rather than Customer requirements which
makes it broader and more subjective as a criteria for measuring Customer satisfaction
levels. Also, theyve included the phrase shall determine the methods for
obtaining, monitoring and reviewing this information, with the new word monitoring
having been added in from the previous 2008 version. Sub-Clause 9.1.3 (Analysis and
evaluation) repeats many of the shall requirements from the previous 2008 edition, and
adds two more areas of analysis (9.1.3 d and e) regarding the effectiveness of planning
activities as well as determining how effective were your actions taken to address risks
and opportunities.
Clause 9.2 Internal audit: This Clause contains two (2) sub-clauses, Sub-Clause
9.2.1 and Sub-Clause 9.2.2, neither of which have titles on them. In my introductory
paragraph above I noted that there was really nothing new added to this Clause with the
exception that the internal audit process will now need to cover a much broader range
of QMS requirements than what auditors saw with the 2008 version. Although there is
still a Note referencing ISO 19011 as a guidance document, let me take this
opportunity to re-iterate that it still your choice how you train, and how you ensure
competency of your Internal Auditors. The requirements of ISO 19011 are not a part of
ISO 9001:2015 unless you make it so by including ISO 19011 within your QMS.
Clause 9.3 Management review: This Clause contains three (3) sub-clauses, SubClause 9.3.1 (General), Sub-Clause 9.3.2 (Management review inputs) and Sub-Clause
9.3.3 (Management review outputs). Sub-Clause 9.3.1 (General) includes a very direct
connection to your Business by asking you to make sure that your QMS is aligned with
the strategic direction of your organization. This is a new requirement but one that
makes good sense to implement properly. The other change here is the omission of the
term Quality Policy from being part of the management review process. Sub-Clause
9.3.2 (Management review inputs), item e) refers back to Clause 6.1 by stating
management review shall be planned and carried out taking into consideration the
effectiveness of actions taken to address risks and opportunities (see 6.1). The rest of
this sub-clause is much the same as found before in earlier versions. Finally, SubClause 9.3.3 (Management review outputs) eliminates the word any from this sentence
The outputs of the management review shall include any decisions and actions related
to. This removes the option of claiming that if no decisions were made during
management review then the old sub-clause called Review Output did not apply. Also,
items a), b) and c) of Sub-Clause 9.3.3 are similar yet less demanding then their
predecessors back in 2008.
Be sure to watch for our next Newsletter issue where we will cover another section of
ISO 9001:2015
Q: Im the QMS Rep and I want to get started on making the transition to the new ISO
9001:2015, how should I begin?
A: I would suggest you schedule one week to get this initiative launched. You should
attempt to involve all of your internal auditors (as well as anyone else who is interested
in helping make this transition). Obtain a copy of the new ISO 9001:2015 Standard and
project it onto a big screen for everyone to see. Starting with Element 4.0 (Context of
the organization), review the requirements and highlight the obvious additions and
changes. I say obvious because otherwise your session will disintegrate into arguing
about the minutia. Once an Element is complete, perform a gap audit to assess and
document what needs to be done to comply. Try and get Elements 4, 5, 6, 7, 9, 10 done
in three days (half day each) and reserve a whole day for Element 8.0 (Operation). On
the fifth day, finalize your gap audit report and issue it to all attendees, as well as to top
management, so they get a sense of how much work will be involved in making this
transition. Ive had good success so far helping companies do exactly what Ive
described above. I simply combined my Essentials training with my Gap Audit
service. The added advantage is that all attendees received a training certificate
covering their education on the new ISO 9001:2015 Standard.
ISO 9001:2015
Element 10.0 Improvement
Whats new in Element 10.0? We covered performance evaluation of the Quality
Management System (QMS) in my last Newsletter (ISO 9001:2015 Newsletter Issue 9),
and now Element 10.0 (Improvement) focuses on raising the bar on the effectiveness
of your QMS. There really is not much new that has been added into this Element but
one term has been eliminated, that being preventive action. They explain in Annex A.4
that risk-based thinking replaces the concept of preventive action and therefore that
Clause from 2008 was no longer needed. I see it a little differently, I think they simply
took the old Preventive Action section from 2008 and sprinkled it throughout this
revised Standard and came up with a new term called risk-based thinking. Here in
Clause 10.1 item b) you see a good example of what I am referring to, where they use
this phrase These shall include correcting, preventing or reducing undesired effects.
If you do a word search of the word potential, (as in potential nonconformity or
potential problem or potential risk) youll find it occurs seven (7) times as part of a shall
requirement in ISO 9001:2015. The bottom line is that Preventive Action as a process
or activity is still very much a requirement within this new Standard.

Section 6 Planning
Section 7 Support
Section 8 Operation
Element 10.0 Improvement consists of three (3) Clauses as listed below:

10.1 General
10.2 Nonconformity and corrective action
10.3 Continual Improvement
Clause 10.1 General Although this Clause contains no sub-clauses it is more

prescriptive then its predecessor in 2008. It also includes some interesting and
somewhat-new requirements, as seen within Clause 10.1 item a) with this phrase
These shall includeimproving products and services to meet requirements as well as
to address future needs and expectations. Along with Clause 10.1 item b) which states
These shall includecorrecting, preventing or reducingundesired effects. Those last
two words are quite broad and subjective in nature so once again it will be up to you to
put some scope around the term undesired effects.
Clause 10.2 Nonconformity and corrective action: This Clause contains two (2)
sub-clauses, Sub-Clause 10.2.1 and Sub-Clause 10.2.2, neither of which have titles on
them. Both of these are essentially a repeat from 2008, with a bit more detail added,
including a new requirement found in 10.2.1 item e) which states the organization
shallupdate risks and opportunities determined during planning.
Clause 10.3 Continual Improvement This Clause contains no sub-clauses and
includes nothing substantially different from what was found in the previous 2008
version.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Element 4.0 - The (Swot) Matrix

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Element 4.0 - The (Swot) Matrix

Uploaded by

Copyright:

Available Formats

Element 4.

0 The (swot) Matrix

So lets get to it below is the Template version of this tool

So how does The (swot) Matrix work?

To sign up for our Newsletters click here

Q: How can I get my Managers interested in doing strategic planning?

ISO 9001:2015 Element 4.0 Context of

What does Context mean?

ISO 9001 and Business/Strategic Planning

An alternative approach for addressing context

What else is needed for this Element?

Clause 4.1: Understanding the organization and

The new Clause numbering

Clause 4.2: Understanding the needs and

The new Clause numbering

Clause 4.2: Understanding the needs and expectations of interested parties So

Clause 4.3: Determining the Scope of the

The new numbering format

Clause 4.4: Quality Management System and its

The new numbering format

Clause 5.1: Leadership and

The new numbering format

Clause 5.2: Policy

The new numbering format

Clause 5.2 Policy consists of two (2) Sub-Clauses as listed below:

This could be as simple as placing it on your website (which it probably should be

Clause 5.3: Organizational Roles,

The new numbering format

Clause 5.3 Organizational Roles, Responsibilities and Authorities consists of zero

Element 6.0 Planning consists of three (3) Clauses as listed below:

To sign up for our Newsletters click here

Clause 6.1: Actions to Address

The new numbering format

Clause 6.2: Quality objectives and

The new numbering format

Clause 6.3: Planning of changes

risk, including whether or not to retain documented information as evidence of its

The new numbering format

Clause 6.3 Planning of changes consists of zero (0) Sub-Clauses.

The new Clause numbering

Element 7.0 Support consists of five (5) Clauses as listed below:

Clause 7.1 Resources This Clause contains six (6) sub-clauses:

Clause 7.4 Communication: This Clause combines requirements found in the

Element 8.0 Operation

The new Clause numbering

Element 8.0 Operation consists of seven (7) Clauses as listed below:

Element 9.0 Performance

The new Clause numbering

Clause 9.1 Monitoring, measurement, analysis and evaluation: This Clause

The new Clause numbering

Element 10.0 Improvement consists of three (3) Clauses as listed below:

Clause 10.1 General Although this Clause contains no sub-clauses it is more

You might also like