Module 2=

An ISO 9001:201 5 Based

Quality Management System

W www.saigtobat com | ffi

 Module 2: An ISO
9001 :2015 Based Quality
Quality Management
Management System Systems - An lntroduction
An:,lso 9001:2015 Based Quality
, :, Management Systern
.l

Normative References and

Context of the Organisation

Duration: 30 minutes

Objectives:
. Understand the structure of the ISO 9001 Standard
. Understand the relationship of the structure to Annex SL Guideline
document
. Understand the concepts on which the standard is based

Slides: 26 - 30

ffi | wwwsaiglobalcom
STRUCTURE OF THE STANDARD
The ISO 9001 standard has evolved over the past 30 years into the structure it
is today.

The focus of the Quality Management standard today emphasises:

. Achieving value for the organisation and its customers
. Organisationalcontext
. responsiveness to changing business environment
. Consideration of interested parties
. Leadershiprequirements
. Control of risk to the organisation

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organisation

4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of QMS
4.4 Quality management system and its processes

5. Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organisational roles, responsibilities and authorities

www saigtobat.com | ffi

 6. Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes

7. Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information

B. Operation

8.1 Operational planning and control

8.2 Determination of requirements for products and services
8.3 Design and development of products and services
8.4 Control of externally provided processes, products and services
8.5 Production and service provision
8.6 Release of products and services
8.7 Control of nonconforming ouiputs

9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 lnternalaudit
9.3 Management review

10. lmprovement
10.1 General
10.2 Nonconformity and corrective action
'l 0.3 Continual improvement

ffi |wwwsaiglobalcom
ANNEX SL FRAMEWORK
The structure of the ISO 9001 Quality Management standard is in line with the
requirements of Annex SL, a document issued by ISO in 2012, which defines
the framework for a generic management system framework for the
development of all Management System Standards.

Annex SL is termed the "high level structure", and all new ISO management
system standards will adhere to this framework, and all current management
system standards will migrate to the framework at their next revision.

The intent is to provide a consistent format and clause numbering approach,

with much of the same core text. This approach will enable organisations to
more easily implement a single system addressing multiple standards.

www.saigtobat com I W
ISO 9001 - ANNEX A: CLARIFICATION OF NEW
STRUCTURE, TERMINOLOGY & CONCEPTS
The recent update of the ISO 9001 Standard adopted the requirements
outlined in Annex SL, and provided explanatory information in Annex A of the
Standard, to provide clarification about the changes in relation to the
requirements outlined in Annex SL.

Annex A1 - Structure and Terminology

. The clause structure and some of the terminology have been changed to
improve alignment with other management systems standards
. The structure of clauses is intended to provide a coherent presentation of
requirements rather than a model for documenting an organisation's
policies, objectives and processes
. Changes in the structure and terminology do not need to be reflected in
the documentation of an organisation's quality management system
. There is no requirement for the terms used by an organisation to be
replaced by the terms used in the Standard to specify quality
management system req uirements
. Organisations can choose to use terms which suit their operations, for
example:
- using 'records', 'documentation', 'protocols', etc. rather than
'documented information'
- 'supplier', 'partner', vendor etc. rather than 'external provider

Annex A2 - Products and Services

. The term "products and services" includes all output categories
(hardware, services, software and processed materials)
. This is intended to highlight the differences between products and
serviges in the application of some requirements
. The characteristic of services is that at least part of the output is realised
at the interface with the customer
. This could reflect that conformity to requirements cannot necessarily be
confirmed before service delivery
. Many outputs that organisations provide to customers, or are supplied to
them by external providers, include both products and services

W I www saiglobalcom
The term "services" is included in the definition to recognise that the ISO 9001
standard is equally applicable to service industries that don't technically
manufacture products. Previous versions of the standard were often regarded
as being applicable only to manufacturing.

Annex A3 - Understanding the Needs and Expectations of

lnterested Parties
ln ISO 9001:2015 there are two new clauses relating to the context of the
organisation:

4.1 Understanding the organisation and its context; and

4.2 Understanding the needs and expectations of interested
parties

Together these new clauses require the organisation to determine the issues
and requirements that can impact on the planning of the quality management
system. Organisations are required to define the purpose of their business
and what it is trying to achieve.

Annex A4 - Risk Based Thinking

. The Standard requires the organisation to understand its context clause
4.1 and determine the risks and opportunities that need to be addressed
clause 6.1
. One of the key purposes of a quality management system is to act as a
preventive tool
. There is no separate clause or sub-clause titled 'Preventive action'
. The concept of preventive action is expressed through a risk-based
approach to formulating quality management system requirements
. The risk-based approach to drafting the Standard has facilitated some
reduction in prescriptive requirements and their replacement by
perform ance-based req uirements
. Although risks and opportunities have to be determined and addressed,
there is no requirement for formal risk management or a documented risk
management process

This is a somewhat new concept which may have been inherent in the 2008
version but has now been given major emphasis. lt recognises that not all
products and services carry the same risk and that not all processes have the
same significance in the organisation in regard to their associated risks (many
organisations will have a need to introduce a full-blown risk management
process). Organisations will need to evaluate their operations and apply risk-
based thinking where relevant in their quality management systems.

www.saiglobalcom I W
 Annex A5 - Applicability
The Standard no longer makes specific reference to 'exclusions' when
determining the applicability of its requirements to the organisation's quality
management system. Organisations themselves will determine the need for
defining their processes, procedures and instructions, and cover these to the
extent that they believe is necessary to conform with requirements. This is
different from the approach taken in 2008 which suggested permitted
exclusions could only be in section 7 of the standard. The responsibility is now
very much on the organisation to decide how and in what form they cover the
working components of their operation.

An organisation will need to review the applicability of requirements due to:

. the size of the organisation, the management model it adopts, the range
of the organisation's activities, and the nature of the risks and
opportunities it encounters
. Where a requirement can be applied within the scope of its quality
management system, the organisation cannot decide that it is not
applicable.
. Where a requirement cannot be applied (for example where the relevant
process is not canied out) the organisation can determine that the
requirement is not applicable.
. Non-applicability cannot be allowed to result in failure to achieve
conformity of products and services or to meet the organisation's aim to
enhance customer satisfaction.

Annex A6 - Documented lnformation

. As part of the alignment with other management system standards a
common clause on 'Documented lnformation' has been adopted
. Where appropriate, the terms "documented procedure" and "record" have
both been replaced throughout the requirements by "documented
information"
. Where ISO 9001:2008 would have referred to documented procedures
(e.9. to define, control or support a process) this is now expressed as a
req uirem ent lo m a i nta i n do c u m e nted i nf orm atio n
. Where ISO 9001:2008 would have referred to records this is now
expressed as a requirement to refain documented information

The term "documented information" has been adopted to cover multiple

applications such as procedures, processes, records, instructions, all of which
serve to define the quality management system.

ffi | wwwsaigtobatcom
Annex A7 - Organisational Knowledge
. Ctause 7-1-6 Orqanisat(ona( knowledge addresses the needto determtne
and maintain the knowledge obtained by the organisation and its
to ensure that it can achieve conformity of products and
personneJ,
services
. The process for considering and controlling past, existing, and additional
knowledge needs to take account of the organisation's context, its size
and complexity, the risks and opportunities it needs to address, and the
need for accessibility of knowledge
. The balance between knowledge held by competent people and
knowledge made available by other means is at the discretion of the
organisation

This is a new category in the 2015 standard and its key purpose is to insure
that the knowledge from any source to support the organisation is retained
and made available for use within the quality management system. lt ensures
that the organisation focuses on how its knowledge base is managed.

Annex A8 - The Control of Externally Provided Processes,

Products and Services
Control of externally provided processes, products and services (Clause 8.4)
addresses all forms of external provision, whether by:
. purchasing from a supplier
. an arrangement with an associate company
. the outsourcing of processes and functions of the organisation, or by any
other means

The organisation is required to take a risk-based approach to determine the

type and extent of controls appropriate to particular external providers and
externally provided products and services

The previous revision of the standard did refer to outsourcing and suppliers,
but this changed requirement now includes processes, products and services
provided by a third party and requires the organisation to assess and control
the risk involved.

www saigtobal.com | re
 NOTES

W wvwv. sa ig loba l. com