Can the NEW Context of the Organization requirement be met with CURRENT controls?

Question: 
 Some of the current controls we have are "Customer requirements", PFMEAs, DFMEAs, Six Sigma, etc. Would those count as being part of the COTO? 
We also go over these types of changes during management reviews. 

 Answer: 

It goes without saying that, the results analysis during implementation of PFMEAs, DFMEAs, Six Sigma, etc. are part of meeting the requirement «The organization shall monitor and review information about these external and internal issues.» (Cl. 4.1 Understanding the organization and its context, ISO 9001: 2015).

Understanding the organization and its context can be effectively combined with the control of organizational knowledge that is described in the QSP 7.1-03 Control of Organizational Knowledge.

Free downloads: 

• PFMEA and DFMEA templates 
• Preview of Control of Organizational knowledge quality system procedure

Interpretation of ISO 9001:2015 cl.8.7 Control of nonconforming outputs

'The organization shall retain documented information that: a) describes the nonconformity; b) describes the actions taken; c) describes the concessions obtained; d) identifies the authority deciding the action in respect of the nonconformity.' ISO 9001:2015 cl.8.7.2

Q: Does the requirement 8.7.2 of ISO 9001:2015 mean that EVERY Nonconforming output must be recorded? 
Even if it is just corrected (as allowed)? 
This could become a rather overloaded list of Nonconforming outputs.

 A: Yes - EVERY Nonconforming output must be recorded, at least for two reasons.

1. Information about all nonconformities is essential for analysis and improvements. Otherwise, there is a risk to 'sink' in the pool of tiny nonconformities. The issue is not the recording itself, but the consequences of nonconformities.

2. It is impossible to word and regulate a clear distinction between the phrases ‘A nonconforming output that must be recorded’ and ‘A nonconforming output that must not be recorded’. This distinction cannot be justified by any standard. The personnel will attempt to attribute as many nonconformities as possible to the second category (‘must not be recorded’), to make their lives easier. This will cause endless and groundless discussions during internal and certification audits.

More on control of nonconforming outputs:

• QSP 8.7-01 Control of Nonconforming Outputs 
• QSP 8.7-02 Control of nonconformities in provision of services 

A complete set of ISO 9001:2015 Quality System Procedures

Other ISO 9001:2015 Documents and Templates

Addressing ISO 9001:2015 Cl.6.3 Planning of Changes

How to address ISO 9001:2015 clause 6.3 (Planning of changes)?

Could you provide risks and opportunities examples or references for small companies?

Planning of changes (cl.6.3 in ISO 9001:2015) is carried out as part of the Management review by the Coordinating Council or an equivalent.
 The First leader, area managers including Quality manager are part of the Council. 
Decisions on changes are recorded in the Minutes as the Coordinating Council decisions (for minor changes), or implemented based on individual projects.

It is expedient to describe the planning of changes in sec. 6.1 of Quality Manual. Wherein it is necessary to pay attention to the following:

• Sec. 6.1.a. Objective and Rationale of changes are worded by the Initiator, usually a Quality manager. The potential consequences of changes are reviewed in the form of risks and opportunities assessment for examples in accordance with MM 6.1-01-01 Actions to address risks and opportunities in QMS processes. The examples of risks and opportunities for any company are given in Annex 2. 

• Sec. 6.1.b. The integrity of the Quality management system is ensured by relating the inputs and outputs of the processes and providing compliance with all requirements of Sec. 4.4 with respect to Changes. 

Sec. 6.1.c and sec. 6.1.d are carried out similarly to ISO 9001:2008.

A complete set of ISO 9001:2015 Quality System Procedures

Other ISO 9001:2015 Documents and Templates

Quality Risk Assessment - definition of 'high', 'moderate' and 'slight' risk.

Q: I'm putting together a quality risk register for our business and looking for some examples other people have used for their definitions of 'high', 'moderate' and 'slight' risk. 
For example, 'high' risk could be: 

• major financial loss to business, 
• major loss of company reputation, 
• complete break-down of management system, 
• loss of accreditation. 

 A: The examples above refer to the high consequences wording.
At Risk analysis and Risk evaluation phases, it is necessary to take into account likelihood, a mandatory risk component.
Major financial loss to business, major loss of company reputation, complete break-down of management system, loss of accreditation – all these examples could be attributed to the 'slight' level of risk when likelihood is close to 0.

Based on our experience, the risks in the Risk list should be worded in terms of an ‘event’ – an adverse event that may occur with a certain likelihood.
Further, consequences and likelihood are determined, for example, via expert evaluation.

In such a way, risk ranking can be easily implemented.


Q: Risk management tools - what do you use to track risks and controls? 

How do you record and track risk assessment and management for your QMS/organization? 

Do you use any specific tools, databases or other systems to track risk management? 

 A: There are many risk management methodologies. IEC 31010:2009 ‘Risk management -- Risk assessment techniques’ provides a lot of details on the subject.

Based on our experience, for the enterprise-wide application of actions to address risks and opportunities (in compliance with ISO 9001:2015) it is necessary to offer simple tools and simple form of records.

ММ 6.1-01-01 "Risks management in QMS process Methodical Manual" provide examples of such methodologies and techniques.

More on Risk Based thinking.

• Risk Management in QMS Processes 
• Actions to address risks and opportunities Quality System Procedure

Free downloads:

• Risk Management Requirements Implementation in ISO 9001:2015 clauses (Reference Table)
• Risk Management Requirements in ISO 9001:2015 clauses (Presentation, 5 slides)
• Risk Management in QMS Processes (Presentation, 3 slides)

Creating a Culture of Quality

Can a company afford errors in our highly competitive world?

'A company with a highly developed culture of quality spends, on average, $350 million less annually fixing mistakes than a company with a poorly developed one.'

The pressure is rising, so is the possibility of making a mistake.

The quality-improvement studies helped identify the Essentials areas and actions that will help companies improve in each area.

 They four essential quality areas are:

• leadership emphasis, 
• message credibility, 
• peer involvement, and 
• employee ownership of quality issues.

Maintain leadership emphasis on quality. Reduce (eliminate) the gaps between what they say and what they do.


Ensure message credibility - make messages believable, keep them up to date.

Encourage peer involvement.

Increase employee ownership of quality issues.

More in the new article by Ashwin Srinivas and Bryan Kurey Creating a Culture of Quality in Harvard Business Review.

ISO 9001:2015 Control of Monitoring and Measuring Resources

The execution of  ISO 9001:2015 ‘Control of Monitoring and Measuring Resources’ process includes definition of the requirements, ensuring availability and maintenance of the three components of monitoring and measuring resources:

• measuring equipment (ME);
• monitoring and measuring methodologies;
• personnel conducting monitoring and measuring.

The diagram of ‘Control of Monitoring and Measuring Resources’ process is shown below:

ISO 9001:2015 ‘Control of Monitoring and Measuring Resources’ Quality System Procedure requirements apply to the activities of

• metrology department;
• owners of quality management system(QMS) processes, where the monitoring and measuring is carried out, including ‘Production and service provision’ process; 
• responsible for monitoring and measuring in QMS processes; 
• ‘Design and development’ process production engineers. 

Download the complementary description of ‘Control of Monitoring and Measuring Resources’ process inputs and outputs

More information about the ISO 9001:2015 ‘Control of Monitoring and Measuring Resources’ Quality System Procedure.

ISO 9001:2015 Documents and Templates Collection