New ISO quality management standard: Guidelines for the application of ISO 9001:2015

Recently ISO has published a new document that is intended to help users with Quality management system implementation: ISO/TS 9002, Guidelines for the application of ISO 9001:2015.

The new document contains

• practical ISO 9001:2015 clause-by-clause guidance
• real life examples
• additional QMS implementation tips

ISO/TS 9002, Guidelines for the application of ISO 9001:2015 is suitable for any organization, regardless of its size.

ISO 9001:2015 QMS Transition Program Checklist

Other ISO 9001:2015 Documents and Templates

Free downloads

ISO 9001:2015 QMS Implementation program

Monitoring and measuring resources

What was the rational behind TC 176 changing from Control of Monitoring and Measuring Devices to Monitoring and Measuring Resources?

It is obvious, that TC 176 made the change to the ISO 9001:2015 to include all components of Monitoring and Measuring to the Quality Management System.


‘Control of Monitoring and Measuring Resources’ process includes 4 sub processes:


• Creating data for monitoring and measuring;
• Control of Monitoring and Measuring Devices (ISO 9001:2008 requirements were relevant to this sub process only)
• Control of monitoring and measuring methodologies;
• Training of personnel who conducts monitoring and measuring.


This approach has been implemented in our quality system procedure QSP 7.1-02 Control of Monitoring and Measuring Resources.

Control of Infrastructure Quality System Procedure

We have added a new Procedure to our ISO 9001:2015 QSP collection: Control of Infrastructure.

This QSP regulates the execution of ‘Control of Infrastructure’ process as part of Organization’s resources, including:

• Defining the required infrastructure; 
• Ensuring the availability of infrastructure; 
• Maintenance of the infrastructure.

QSP requirements apply to

• Technical director activities; 
• Maintenance manager service; 
• IT manager activities; 
• Quality management system (QMS) process owners activities, including ‘Production and service provision' process. 

‘Control of Infrastructure’ process model diagram is displayed below:

Free download: Control of Infrastructure QSP Preview .PDF that contains the Process Model diagram and process flows description.

The following Quality System forms are included with the Procedure purchase:

• QSF 7.1-02-01 Infrastructure object Commissioning certificate 
• QSF 7.1-02-02 Annual routine maintenance and preventive maintenance schedule 
• QSF 7.1-02-03 Annual overhauls schedule 
• QSF 7.1-02-04 Maintenance instructions 
• QSF 7.1-02-05 Equipment unit maintenance journal 
• QSF 7.1-02-06 Records of buildings and utilities inspection 
• QSF 7.1-02-07 Confidentiality Agreement 
• QSF 7.1-02-08 Information structure to communicate matters relevant to quality management system 

Review the complete description of the Control of Infrastructure Procedure.

Purchase the procedure as part of the Complete ISO 9001:2015 QSPs set and save over 20%

Other ISO 9001:2015 Documents and Templates

Management of Change

Question: 
1. Which ISO 9001:2015 clause refers to the change management in the Process ? 


 Answer:
Speaking about ISO 9001:2015 clauses that refer to the Change in process, first of all we should point out the clause 6.3 Planning of changes. This clause even has a reference to clause 4.4 on the process approach implementation. The requirements of cl.6.3 apply to all QMS processes.

In addition to that, ISO 9001:2015 contains requirements to manage changes in particular processes:

• 8.2.4 Changes to requirements for products and services – relevant to ‘Contract analysis’ process.
• 8.3.6 Design and development changes – relevant to ‘Design and development of products and services’ process.
• 8.5.6 Control of changes – relevant to ‘Production and service provision’ process.

Question: 
2. What are the minimum requirements to notify a customer regarding the change? Change include:

• change in process
• change in machine
• deviation from approved control plan.

  Answer:
Communicating changes to the customers:

• Has to be implemented in compliance with cl.8.2.4 Changes to requirements for products and services when the products/services requirements defined by the Contract, have been changed. A good practice is to notify the customer in a form of Protocol of Disagreements or Contract Amendment.
• May be conducted when provisioning serviced in accordance with cl.8.5.6 Control of changes, if, by the decision of the Organization, those notifications are ‘… necessary actions arising from the review’.

 Save 20% on the Complete set of ISO 9001:2015 quality system procedures



Other ISO 9001:2015 Documents and Templates 

The ISO Survey of Management System Standard Certifications 2015 has been released

ISO has released the 2015 Survey report, that provides data on the total certifications to ISO 9001, ISO 14001 and other management standards across the world.

A free copy can be downloaded from ISO website.

2015 numbers:

Total of Standards that were surveyed: 9 (ISO/IEC 20000-1:2011 Information technology – Service management – Part 1 Service management system requirements has been added in 2015).

Total Certificates issued worldwide: 1,519,952  - a 3% increase compared to 2014.

Companies that are currently certified under ISO 9001:2008 should be looking at re-certification now even if their certification doesn't run out until 2018. Better to be prepared than run into issues during review time. 

Our ISO 9001:2015 documents and templates will help you with re-certification! 

20% off the complete set of ISO 9001:2015 Quality System Procedures in October -November 2016
 

Contract Analysis QSP has been updated

We listen to our customers' feedback and continuously improve our products.

ISO 9001:2015 QSP 8.2-02 Contract Analysis has been recently updated.

We have added 8 quality system forms relevant to the procedure:

• QSF 8.2-02-01 Contract(s) to deliver products (services).
• QSF 8.2-02-02-a Disagreements protocol(s) (.PNG preview)
• QSF 8.2-02-02-b Amendment agreement(s) (if necessary);
• QSF 8.2-02-03 Reconciliation sheet(s). (.PNG preview)
• QSF 8.5-01-02 Certificate of acceptance/transfer.

 Save 20% on the Complete set of ISO 9001:2015 quality system procedures

Other ISO 9001:2015 Documents and Templates 

'Actions to Address risks and opportunities' QSP has been updated

We listen to our customers' feedback and continuously improve our products.

ISO 9001:2015 QSP 6.1-01 Actions to Address risks and opportunities has been recently updated.

We have added 8 quality system forms relevant to the procedure:

• QSF 6.1-01-01 Risk management plan
• QSF 6.1-01-02 Risk criteria
• QSF 6.1-01-03 Risk List
• QSF 6.1-01-04 Risk treatment plan {.PNG preview}
• QSF 6.1-01-05 Risk Owner to Process Owner and to Risk Manager Report on the results of monitoring and review of risk management process, including improvement proposals.{.PNG preview}
• QSF 6.1-01-06 Risk Manager to Quality Manager Current Report on the results of addressing risks and opportunities in QMS Processes.
• QSF 6.1-01-07 Risk Manager to Company Management information report on the productivity of the ‘Actions to address risks and opportunities’ Process
• QSF 6.1-01-08 Risk Manager to Company Management annual report on the results of Risk Management Plan implementation and proposals to increase the effectiveness of the ‘Actions to address risks and opportunities’ Process. 

 Save 20% on the Complete set of ISO 9001:2015 quality system procedures

Other ISO 9001:2015 Documents and Templates 

How and when to use Audit checklist?

Question: 
1. How and when to use Audit checklist? 

  Answer:
1.1 Internal auditors training 
When utilized for internal auditors training, our ISO 9001:2015 Audit checklist:

• provides a complete understanding of how to verify compliance with the requirements of all ISO 9001:2015 clauses;
• can be used as practice for internal auditors workshops. 

1.2 Mandatory ISO 9001:2015 staff training 
When conducting the mandatory ISO 9001:2015 staff training Audit checklist:

• Facilitates understanding of ISO 9001:2015 requirements;
• Allows every employee to check his/her activity performance in compliance with the new requirements of ISO 9001: 2015. 

1.3 QMS transition to the ISO 9001:2015 version 

Use Audit checklist as a guide in the QMS transition to the ISO 9001:2015 version applying ‘fill the gap’ methodology in four phases:

1. Conduct internal audit based on our 9001:2015 Audit checklist. 
2. Formalize the identified nonconformities, including a complete noncompliance with the requirements, in the form of a Program. 
3. Implement the Program. 
4. Conduct recurrent audit using 9001:2015 Audit checklist. 

1.4 Internal audits (Process audits)
When conducting internal audits, Audit checklist ensures:

• detailed verification of each requirements of ISO 9001:2015;
• the issues that could not be verified during current internal audit to be planned for the next internal audit and thus provides the completeness of all ISO 9001:2015 requirements verification;
• compensation for the lack of experience of novice auditors. 

Question: 
2. We are already certified to ISO 9001:2008 version. Are there any specific ways to utilize the Audit Checklist?

 Answer: 
2.1 Our ISO 9001:2015 Audit checklist can be used for QMS self-assessment for compliance with the new version of ISO 9001:2015 (see 1.3).
2.2 Use our ISO 9001:2015 Audit checklist for internal auditors’ professional development (see 1.1.).
2.3 Use of Audit checklist for internal audits is a good practice, proven over many years of experience (see 1.4.).

Question: 
3. Does ISO 9001:2015 Audit checklist cover ISO 9001:2015 conformance and performance audits?

 Answer: 
Yes, ISO 9001:2015 Audit Checklist completely covers ISO 9001:2015 conformance and performance audit.

Implementation of ISO 9001:2015 clause 4.1

How do you prove you meet the requirements of Clause 4.1 of ISO 9001:2015?

The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system. The organization shall monitor and review information about these external and internal issues. ISO 9001:2015 Cl.4.1

Information monitoring and internal and external issues components analysis are carried out in the QMS processes.

1) ‘Marketing’ process. 
Information about external issues includes results of the analysis of

• political and legal issues,
• economic issues,
• demographic issues, 
• environmental issues, 
• cultural and scientific issues, 
• information from consumers,
• information from competitors, 
• information from external providers, 
• information from contact audiences,
• information from marketing intermediaries. 

Information about internal issues includes results of the analysis of

• corporate level strategy, 
• business level strategy, 
• functional level strategies, 
• adequacy of resources. 

Information to understand the context of the organization is a part of ‘Marketing’ report for management review, as well as a part of the database to obtain and maintain organizational knowledge relevant to marketing activity.

 2) ‘Control of personnel’ process - information and analysis of the of internal issues components, relevant to the status, tasks and perspectives of the personnel development.

3) ‘Design and development’ process information and analysis of the of internal issues components, relevant to perspective development.

Summarizing of information from QMS processes information (mentioned above) and general analysis of internal and external issues is carried out in the ‘Management Review’ process.

The best practice of creation and transfer of information on internal and external issues is the development of the ‘Control of organizational knowledge’ QMS process.

Description of activity of monitoring and review of information relevant to the internal and external issues is given in the corresponding QMS documented procedures of relevant processes and in the Quality manual, including section 4.1.

Other ISO 9001:2015 Documents and Templates 

Quality System Forms

The Quality manual and the documented procedures regulate the activities necessary and sufficient to meet all the requirements of ISO 9001:2015. This is the main purpose of the procedures.

Quality system forms are created by the decision of the Organization.

We have updated some of our procedures with the Quality System Form templates.
 QSP 7.1-01 Control of personnel:

• Annual training plan 
• Training efficiency evaluation sheet
• Talent search form 

QSP 7.5-01 Control of documented information

• Master List of Documents 
• Master List of Records 

QSP 8.7-01 Control of nonconforming outputs

• Nonconformity protocol 
• Hold Tag 

QSP 9.3-01 Management Review

• MR meeting agenda
• MR meeting minutes

QSP 10.2-01 Corrective actions

• CAR form
• CAR list

System audit vs. Technical audit

Question: 
Can we conclude that System audit can/may include Technical audit since technical expert may be required during a System audit (1st, 2nd or 3rd party) as per ISO 19011?

Technical Audit is an audit performed by an auditor, engineer or subject matter expert. 
Technical audit covers the technical aspects of the project implemented in the organization 

System Audit

1st Party - An internal audit that an organization performs on itself. 
2nd Party - An external audit that an organization performs on a supplier of goods or services. 
3rd Party - An external audit that is conducted by an independent organization upon another organization. 

 Answer: 
1. Planning, conducting, analysis and improvement activities of Technical audit can be a part of the Internal audits program (1st party).
2. Results of Technical audit should be taken into account when planning the scope of the 2st party audit.
3. Technical audit can not change the 3st party audits program including certification, as they are carried out by specialists of independent organization per their own programs.

Related materials

• Internal Audit quality system procedure
• ISO 9001:2015 Documents and templates

Can the NEW Context of the Organization requirement be met with CURRENT controls?

Question: 
 Some of the current controls we have are "Customer requirements", PFMEAs, DFMEAs, Six Sigma, etc. Would those count as being part of the COTO? 
We also go over these types of changes during management reviews. 

 Answer: 

It goes without saying that, the results analysis during implementation of PFMEAs, DFMEAs, Six Sigma, etc. are part of meeting the requirement «The organization shall monitor and review information about these external and internal issues.» (Cl. 4.1 Understanding the organization and its context, ISO 9001: 2015).

Understanding the organization and its context can be effectively combined with the control of organizational knowledge that is described in the QSP 7.1-03 Control of Organizational Knowledge.

Free downloads: 

• PFMEA and DFMEA templates 
• Preview of Control of Organizational knowledge quality system procedure

Interpretation of ISO 9001:2015 cl.8.7 Control of nonconforming outputs

'The organization shall retain documented information that: a) describes the nonconformity; b) describes the actions taken; c) describes the concessions obtained; d) identifies the authority deciding the action in respect of the nonconformity.' ISO 9001:2015 cl.8.7.2

Q: Does the requirement 8.7.2 of ISO 9001:2015 mean that EVERY Nonconforming output must be recorded? 
Even if it is just corrected (as allowed)? 
This could become a rather overloaded list of Nonconforming outputs.

 A: Yes - EVERY Nonconforming output must be recorded, at least for two reasons.

1. Information about all nonconformities is essential for analysis and improvements. Otherwise, there is a risk to 'sink' in the pool of tiny nonconformities. The issue is not the recording itself, but the consequences of nonconformities.

2. It is impossible to word and regulate a clear distinction between the phrases ‘A nonconforming output that must be recorded’ and ‘A nonconforming output that must not be recorded’. This distinction cannot be justified by any standard. The personnel will attempt to attribute as many nonconformities as possible to the second category (‘must not be recorded’), to make their lives easier. This will cause endless and groundless discussions during internal and certification audits.

More on control of nonconforming outputs:

• QSP 8.7-01 Control of Nonconforming Outputs 
• QSP 8.7-02 Control of nonconformities in provision of services 

A complete set of ISO 9001:2015 Quality System Procedures

Other ISO 9001:2015 Documents and Templates

Addressing ISO 9001:2015 Cl.6.3 Planning of Changes

How to address ISO 9001:2015 clause 6.3 (Planning of changes)?

Could you provide risks and opportunities examples or references for small companies?

Planning of changes (cl.6.3 in ISO 9001:2015) is carried out as part of the Management review by the Coordinating Council or an equivalent.
 The First leader, area managers including Quality manager are part of the Council. 
Decisions on changes are recorded in the Minutes as the Coordinating Council decisions (for minor changes), or implemented based on individual projects.

It is expedient to describe the planning of changes in sec. 6.1 of Quality Manual. Wherein it is necessary to pay attention to the following:

• Sec. 6.1.a. Objective and Rationale of changes are worded by the Initiator, usually a Quality manager. The potential consequences of changes are reviewed in the form of risks and opportunities assessment for examples in accordance with MM 6.1-01-01 Actions to address risks and opportunities in QMS processes. The examples of risks and opportunities for any company are given in Annex 2. 

• Sec. 6.1.b. The integrity of the Quality management system is ensured by relating the inputs and outputs of the processes and providing compliance with all requirements of Sec. 4.4 with respect to Changes. 

Sec. 6.1.c and sec. 6.1.d are carried out similarly to ISO 9001:2008.

A complete set of ISO 9001:2015 Quality System Procedures

Other ISO 9001:2015 Documents and Templates

Quality Risk Assessment - definition of 'high', 'moderate' and 'slight' risk.

Q: I'm putting together a quality risk register for our business and looking for some examples other people have used for their definitions of 'high', 'moderate' and 'slight' risk. 
For example, 'high' risk could be: 

• major financial loss to business, 
• major loss of company reputation, 
• complete break-down of management system, 
• loss of accreditation. 

 A: The examples above refer to the high consequences wording.
At Risk analysis and Risk evaluation phases, it is necessary to take into account likelihood, a mandatory risk component.
Major financial loss to business, major loss of company reputation, complete break-down of management system, loss of accreditation – all these examples could be attributed to the 'slight' level of risk when likelihood is close to 0.

Based on our experience, the risks in the Risk list should be worded in terms of an ‘event’ – an adverse event that may occur with a certain likelihood.
Further, consequences and likelihood are determined, for example, via expert evaluation.

In such a way, risk ranking can be easily implemented.


Q: Risk management tools - what do you use to track risks and controls? 

How do you record and track risk assessment and management for your QMS/organization? 

Do you use any specific tools, databases or other systems to track risk management? 

 A: There are many risk management methodologies. IEC 31010:2009 ‘Risk management -- Risk assessment techniques’ provides a lot of details on the subject.

Based on our experience, for the enterprise-wide application of actions to address risks and opportunities (in compliance with ISO 9001:2015) it is necessary to offer simple tools and simple form of records.

ММ 6.1-01-01 "Risks management in QMS process Methodical Manual" provide examples of such methodologies and techniques.

More on Risk Based thinking.

• Risk Management in QMS Processes 
• Actions to address risks and opportunities Quality System Procedure

Free downloads:

• Risk Management Requirements Implementation in ISO 9001:2015 clauses (Reference Table)
• Risk Management Requirements in ISO 9001:2015 clauses (Presentation, 5 slides)
• Risk Management in QMS Processes (Presentation, 3 slides)

Creating a Culture of Quality

Can a company afford errors in our highly competitive world?

'A company with a highly developed culture of quality spends, on average, $350 million less annually fixing mistakes than a company with a poorly developed one.'

The pressure is rising, so is the possibility of making a mistake.

The quality-improvement studies helped identify the Essentials areas and actions that will help companies improve in each area.

 They four essential quality areas are:

• leadership emphasis, 
• message credibility, 
• peer involvement, and 
• employee ownership of quality issues.

Maintain leadership emphasis on quality. Reduce (eliminate) the gaps between what they say and what they do.


Ensure message credibility - make messages believable, keep them up to date.

Encourage peer involvement.

Increase employee ownership of quality issues.

More in the new article by Ashwin Srinivas and Bryan Kurey Creating a Culture of Quality in Harvard Business Review.

ISO 9001:2015 Control of Monitoring and Measuring Resources

The execution of  ISO 9001:2015 ‘Control of Monitoring and Measuring Resources’ process includes definition of the requirements, ensuring availability and maintenance of the three components of monitoring and measuring resources:

• measuring equipment (ME);
• monitoring and measuring methodologies;
• personnel conducting monitoring and measuring.

The diagram of ‘Control of Monitoring and Measuring Resources’ process is shown below:

ISO 9001:2015 ‘Control of Monitoring and Measuring Resources’ Quality System Procedure requirements apply to the activities of

• metrology department;
• owners of quality management system(QMS) processes, where the monitoring and measuring is carried out, including ‘Production and service provision’ process; 
• responsible for monitoring and measuring in QMS processes; 
• ‘Design and development’ process production engineers. 

Download the complementary description of ‘Control of Monitoring and Measuring Resources’ process inputs and outputs

More information about the ISO 9001:2015 ‘Control of Monitoring and Measuring Resources’ Quality System Procedure.

ISO 9001:2015 Documents and Templates Collection

Important steps to start implementing Risk management in the QMS

What are the important steps to start implementing Risk management in the QMS?

It is important to accept that the main task of the initial implementation of risk management in the QMS - making actions to address risks and opportunities an integral part of management decision-making at all levels. 

Then the keyword is "simplicity".

Implementation of risk management into the QMS processes (ISO 9001:2015 cl.4.4.1.f, cl.6.1 and step "Do" - ISO 31000) consists of four phases:

• Risk identification,
• Risk analysis,
• Risk evaluation,
• Risk treatment.

1) Risk identification consists of finding, recognizing and describing the risk. The ultimate objective of risk identification is to draft a comprehensive Risk list.

At this phase, the following is important:

•      A common approach to risk wording for all processes. A good practice is to word the risks through the "Event" category - an adverse event that may occur with some likelihood.

•      Adding all possible risks to the Risk list, including the risks with negligible likelihood.

2) At the Risk analysis phase it is important to:

•      Use a simple method of risk level (R) determination, which is clear and can be easily accessible to a broad range of employees. A good practice is to use a ratio:

R = C ∙ L

where 

C – consequences,

L – likelihood.

•      Commonly use an expert evaluation in determining the components of level of risk, as well as in determining risk criteria at the Risk evaluation phase. At the same time, evaluate the consequences on the extent of the potential adverse impact on the user (external or internal).

3) At the Risk evaluation phase (risk ranking, matching the level of risk and risk criteria as well as the allocation of risk in relation to which it is necessary to carry out risk treatment), the following is important:

• The level of risk criteria (the maximum allowable level of risk, below which risk treatment is required) should not be set very high. This allows to process the greater amount of risk and avoid possible initial stage errors.

4) At the Risk treatment phase, which is conducted in order to prevent, or reduce, undesired effects and to enhance desirable effects at the process level, it is important to:

•      Start with the application of quality management tools, which the team already possess. In reality, the use of cause and effect diagrams in conjunction with "brainstorming" can already give the desirable effect.

ISO 9001:2015 Risk Management resources:

• Actions to Address Risks and Opportunities Quality system procedure
• ISO 9001:2015 Actions to address risks and opportunities in QMS processes – Methodical Manual
• Risk Management in QMS Processes

Free Downloads

• Risk Management Requirements Implementation in ISO 9001:2015 clauses (Reference Table)
• Risk Management Requirements in ISO 9001:2015 clauses (Presentation, 5 slides)
• Risk Management in QMS Processes (Preview) (Presentation, 3 slides)