Escolar Documentos
Profissional Documentos
Cultura Documentos
Table of Contents
ISO 9001:2015Clause 04 Context of the Organization
The internal context may include,
Example internal issues could include
An interested party
Interested Parties & Requirements
Clause 4.3 Determining the scope of the quality management system
External issues
Internal issues
4. Risk-based approach
Risk Based Thinking ISO 9001 :2015
Risk as Currently Stated in ISO 9001:2015
Seven principles of Quality management
Understanding structure terminology and concept of ISO 9001:2015
Risk Based Thinking ISO 9001 :2015
Risk in ISO 9001:2015
Seven principles of Quality management as per ISO 9001:2015
committee draft
List of mandatory documents required by ISO 9001:2015
Political Factors
Ecological/Environmental Issues
Current legislation
Anticipated future legislation
International legislation (global influences)
Regulatory bodies and processes
Government policies, terms and change
Funding, grants, and initiatives
Market lobbying groups
Wars and conflicts
Economic Factors
National economies and trends
General taxation issues
Taxation to activities, products, services
Seasonality or other weather issues
Market and trade cycles
Specific sector factors
Customer/end-user drivers
Interest and exchange rates
International trade and monetary issues
Social Factors
Lifestyle trends
Demographics
Consumer attitudes and opinions
Media views
Law changes affecting social behaviors
Image of the organization
Consumer buying patterns
Fashion and role models
Major events and influences
Buying access and trends
6
Ethnic/Religious factors
Advertising and publicity
Ethical issues
Technology Factors
Competing technology development
Associated/Dependent technologies
Replacement technology/Solutions
Maturity of Technology
Information and communications
Consumer buying mechanisms
Technology legislation
Innovation potential
Technology access, licensing, patents
Intellectual property issues
Global communication
Social media use
Maturity of organizations products/ services
Example internal issues could include, but are not limited to:
9
Example external issues could include, but are not limited to:
Political, economic, social, technological, legal and regulatory Laws
changing , affecting product conformity, minimum wage changing,
evolutions in more efficient machinery affecting price
Operating Permits becoming tighter on emission levels technology
demands
Overall economic performance in the country above EU norm
(positive)
Competitive environment overall low-cost of entry in to the market
Economic plans for future -etc
The nature and impact of economy on market -etc
Customer demographic -etc
General levels of consumer confidence -etc
Customer expectation -etc
10
Owners
Management
Employees
Trade unions
Suppliers
Partners
Client
Government agencies
Media
Society
Any other person or organization interested in the organization
There is no requirement in this International Standard for the
organization to consider interested parties which have been determined
by the organization not to be relevant to its quality management system.
Similarly, there is no requirement to address a particular requirement of
a relevant interested party if the organization considers that the
requirement is not relevant. Determining what is relevant or not relevant
is dependent on whether or not it has an impact on the organizations
ability to consistently provide products and services that meet customer
and applicable statutory and regulatory requirements or the
organizations aim to enhance customer satisfaction. The organization
can decide to determine additional needs and expectations that will assist
it to meet its quality objectives. However, it is at the organizations
discretion whether or not to accept additional requirements to satisfy
interested parties beyond what is required by this International Standard.
Scope
Clause 4.3 Determining the scope of the quality management system
The organization must establish scope of the quality management system
by determining the boundaries and applicability of the quality
management system. While determining the scope the organization must
consider the internal and external issues determined in 4.1.,the
requirements of relevant interested parties in 4.2. and the products and
services of the organization. Requirements from this International
standards that can be applied by the organization shall be applied within
the scope of the QMS. Requirements from this International standards
that cannot be applied by the organization and which does not affect the
organizations ability or responsibility to provide product and services
that meet the conformity of its product and services and enhancement of
the customer satisfaction. The organization must make available the
13
External issues
Contractual arrangements generally within the sector
Competitive environment overall low cost of entry into the market
Legislation, e.g. employment of non-nationals
Regulation within the industry generally
Overall competition within the recruitment sector
Overall economic climate in the country
Countries environmental requirements affecting products and service
Technology advances
Standardization and certification within the industry
Client consideration of bringing expertise in-house
Client working environment other trades working alongside us,
Client configuration changes during installation
Relationships with external interested parties
Perceptions/values of external interested parties
15
Internal issues
Structure of the organization
Roles within the organization
Availability of reliable, qualified and competent workforce
Stability of workforce
Staff retention
Staff training levels
External providers competence and availability
Availability and quality of candidates to fulfill our vacancies
Culture within the organization
Working hours
Staff morale
Internal politics
Governance, Policies, objectives
Strategies
Capabilities
Resources
Knowledge
General competence
Technologies
Information systems
Decision making processes
Relationships with interested parties
Perceptions/values of interested parties
Standards, guidelines and models adopted
Contractual relationships
16
Potential conicts
Processes for resolving conicts
Social customs
Managements abilities
Priorities
Database skills
Root cause analysis abilities
Improvement tools and abilities to apply
Ability to motivate workforce
Project management expertise new offices
Understanding and experience in implementing ISO 9001
Co-operation of workforce
Manufacturing sites/Offices:
India (Manufacturing)
Germany (Ofce)
Spain (Ofce)
Applicability:
18
All clause requirements are applicable to the above scope, except: 8.3
(Design and development of products and services). This is because the
organization does not design its products and services, but produces ber
cable (and installs IT cabinets, and cabling along routes) according to
established/dened standards and industry guidance. Clause 8.3 is
therefore not applicable to our Quality Management System.
End of example
This promotes the use of risk based thinking. Risk is defined as the
effect of uncertainty. Notes in the definition further describe risk as a
deviation from the expected, either positive or negative. The term
uncertainty is defined as a lack of information or knowledge about a
potential event that can be expressed as a result of the likelihood and
consequence of such an event. A positive deviation arising from a risk
can provide an opportunity, but not all positive effects of risk result in
opportunities. Actions to address opportunities can also include
consideration of associated risks. Clause 4.4.1 f requires that when
planning its QMS, the top management must implement and promote a
culture of risk-based thinking throughout the organization to determine
and address the risks and opportunities associated with providing
assurance that the QMS can achieve its intended result(s); provide
conforming products and services, enhance customer satisfaction;
promote desirable effects and improvement; and prevent, or mitigate,
undesired effects.
Clause 4.4.1 g requires evaluate of QMS processes as per the
requirement given in clause 9.1.3 and evaluation may be done through a
review of measurement and monitoring records and performance
indicators for each process. These reviews must identify opportunities to
improve QMS processes, use of resources and product quality. Clause
4.4.1 h calls for improvement in process as per as the requirement given
in clause 10. When process nonconformities occur, then corrective
action is required to bring the QMS process under control. Remember,
the corrective action process is not just for product related
nonconformities. Processes must be continually improved through
setting of incrementally realistic, measurable objectives. Planning for
continual improvement requires a review of process data, resources and
controls to bring about the desired change.
Clause 4.4.1a 4.4.1h must be applied to all QMS processes. Note also
that many ISO 9001 clauses (e.g. clause 8.2; 8.4; 8.6; etc.), require
specific processes to be established within your QMS, These processes
must also be identified and controlled in your QMS.
ISO 9001:2015
22
1.2 Application
4.3 Determining the scope of the quality management system
2. Normative references
2 Normative references
5. Management Responsibility
5 Leadership
5.4 Planning
6 Planning
5.6.1 General
9.3.1 General
6. Resource Management
7.1 Resources
6.2.1 General
7.2 Competence
6.3 Infrastructure
7.1.3 Infrastructure
7. Product Realization
8 Operation
26
7.4 Purchasing
8.4 Control of externally provided processes, products and services
8.1 General
9.1.1 General
8.5 Improvement
10 Improvement
Suppliers
Suppliers provide organizations with the resources they need to carry
out their activities. If a supplier provides bad service, this affects the way
the organization operates. Close supplier relationships are an effective
way to remain competitive and secure the resources needed
Investors
All organizations require investment to grow. They may borrow the
money from a bank or have people invest in their work. Relationships
with investors need to be managed carefully as problems can
detrimentally affect the long term success of the organization
Media
Positive media attention can bring success to the organization by
maintaining its reputational strength. Managing the media (including the
presence in social media) is a challenge.
Competitors
Members of the organization need to have a sense of belonging. Can
the organization offer benefits that are better than those offered by the
competitors? Is there a strong value proposition? Competitor analysis
and monitoring is crucial if an organization is to maintain or improve its
position in the competitive landscape of the community. The
organization must always be aware of its competitors activities. The
landscape can change quickly.
There are two new clauses relating to the context of the organization, 4.1
Understanding the organization and its context and 4.2 Understanding
the needs and expectations of interested parties. Together these clauses
require the organization to determine the issues and requirements that
can impact on the planning of the quality management system.Interested
parties cannot go beyond the scope of ISO 9001.There is no requirement
to go beyond interested parties that are relevant to the quality
management system.Consider impact on the organizations ability to
consistently provide products and services that meet customer and
37
The organization should determine external and internal issues for the
organization relevant to its purpose, strategic planning and which affect
the organizations ability to achieve its objectives . The Organization
should monitor and review the information about external and internal
issues.Management Review required the monitoring of external and
internal issues. The organization must consider issues related to values,
culture knowledge and performance of the organization for
understanding of internal issues. The organization must consider issues
related to arising from legal, technological, competitive, market,
cultural, social, and economic environments, whether international,
national, regional or local for understanding of external context.
Clause 4.2 Understanding the needs and expectations of interested
parties
The organization shall determine relevant interested parties and
requirements of relevant interested parties. Interested parties include
Customers, Partners,Persons in the organization, External providers.
Relevant interested parties to be considered are those that potentially
could impact the organizations ability to provide products and services
that meet requirements. Monitor and review information related to
interested parties and relevant requirements. Management Review
requires the monitoring of relevant interested parties.
Clause 4.3 Determining the scope of the quality management system
The organization must establish scope of the quality management system
by determining the the boundaries and applicability of the quality
management system. While determining the scope the organization must
consider the internal and external issues determined in 4.1.,the
requirements of relevant interested parties in 4.2. and the products and
services of the organization. Requirements that can be applied by the
organization shall be applied. Requirements that cannot be applied
cannot affect the organizations ability to provide product and services
that meet requirements. The organization must maintain scope as
documented information. stating the Products and services covered by
the QMS and any Justification where a requirement cannot be applied.
Clause 4.4 Quality management system and its processes
41
(global influences)
Regulatory bodies and processes
Government policies, terms and change
Funding, grants, and initiatives
Market lobbying groups
Wars and conflicts
Economic Factors
National economies and trends
General taxation issues
Taxation to activities, products, services
Seasonality or other weather issues
Market and trade cycles
Specific sector factors
Customer/end-user drivers
Interest and exchange rates
International trade and monetary issues
Technology Factors
Competing technology development
Associated/Dependent technologies
Replacement technology/Solutions
Maturity of Technology
Information and communications
Consumer buying mechanisms
Technology legislation
Innovation potential
Technology access, licensing, patents
Intellectual property issues
Global communication
Social media use
Maturity of organizations products / services
Social Factors
Lifestyle trends
44
Demographics
Consumer attitudes and opinions
Media views
Law changes affecting social behaviors
Image of the organization
Consumer buying patterns
Fashion and role models
Major events and influences
Buying access and trends
Ethnic/Religious factors
Advertising and publicity
Ethical issues
Investors:
All organizations require investment to grow. They may borrow the
money from a bank or have people invest in their work. Relationships
with investors need to be managed carefully as problems can
detrimentally affect the long term success of the organization
Media:
Positive media attention can bring success to the organization by
maintaining its reputational strength. Managing the media (including the
presence in social media) is a challenge.
Competitors:
Members of the organization need to have a sense of belonging. Can the
organization offer benefits that are better than those offered by the
competitors? Is there a strong value proposition? Competitor analysis
and monitoring is crucial if an organization is to maintain or improve its
position in the competitive landscape of the community. The
organization must always be aware of its competitors activities. The
landscape can change quickly.
As in the case of the macro-environmental context, the organization
cannot always control its micro-environment factors. But they must be
carefully managed together and with the internal context understanding.
4. Risk-based approach
The main objectives of ISO 9001 is to provide confidence in the
organizations ability to consistently provide customers with conforming
goods and services and to enhance customer satisfaction. The concept of
risk in the context of ISO 9001 relates to the uncertainty in achieving
these objectives. This International Standard makes risk-based thinking
more explicit and incorporates it in requirements for the establishment,
implementation, maintenance and continual improvement of the quality
management system. Organizations can implement a formal risk
management program such as 31000, but there is no requirement to do
so. The concept of risk has always been implicit in ISO 9001 , this
revision makes it more explicit and builds it into the whole management
46
DEFINITIONS
ISO 9001:2015 defines risk as the effect of uncertainty on an expected
result.
Risk= Effect of uncertainty on an expected result
An effect is a deviation from the expected positive or negative.
Risk is about what could happen and what the effect of this happening
might be.
Risk also considers how likely it is.
The target of a management system is achieve conformity and customer
satisfaction.
8.5.1Development processes
The extent of post delivery activities that are required shall take
account of:
a) the risks associated with the goods and services
The organization shall take into consideration the determined risks and
opportunities and shall:
paragraph except that now one must think of the missed opportunities
for measuring (or rather, not measuring) and the associated risk.
9.2Internal audit
10.2Improvement
hitting me. I can reduce the probability of being hit by a car. I plan to
cross at a time when there are no cars moving near me and so reduce the
likelihood of an accident. I also choose to cross the road at a place where
I have good visibility and can safely stop in the middle to re-assess the
number of moving cars, further reducing the probability of an accident
For example I move to the side of the road, check there are no barriers to
crossing and that there is a safe place in the centre of the moving traffic.
I check there are no cars coming. I cross half of the road and stop in the
central safe place. I assess the situation again and then cross the second
part of the road.
For Example I arrive at the other side of the road unharmed and on time:
this plan worked and undesired outcomes have been avoided.
For example I repeat the plan over several days, at different times and in
different weather conditions. This gives me data to understand that
changing context (time, weather, quantity of cars) directly affects the
effectiveness of the plan and increases the probability that I will not
achieve my objectives of being on time and avoiding injury. Experience
teaches me that crossing the road at certain times of day is very difficult
because there are too many cars.To limit the risk I revise and improve
my process by using the footbridge at these times. continue to analyse
the effectiveness of the processes and revise them when the context
changes. I also continue to consider innovative opportunities such as
Can I move the meeting place so that the road does not have to be
crossed? Can I change the time of the meeting so that I cross the road
when it is quiet? Can we meet electronically?
56
2 Leadership
Leaders at all levels establish unity of purpose and direction and create
conditions in which people are engaged in achieving the quality
objectives of the organization.
Rationale
Creation of unity of purpose, direction and engagement enable an
organization to align its strategies, policies, processes and resources to
achieve its
objectives.
Explanation:
This is the second of the Seven principles of Quality management and
there is no change in the heading of this principle. The Eight principle
definition stated Leaders establish unity of purpose and direction of the
organization. They should create and maintain the internal environment
in which people can become fully involved in achieving the
organizations objectives. The Seven principle definition states
Leaders at all levels establish unity of purpose and direction and create
conditions in which people are engaged in achieving the quality
objectives of the organization.Leadership is providing role model
behaviors consistent with the values of the organization. Behavior that
will deliver the organizations objectives. Internal environment includes
the culture and climate, management style, shared, trust, motivation and
support. The leadership should Consider the needs of all interested
parties including customers, owners, employees, suppliers, financier,
local communities and society as whole. The leadership should establish
a clear vision of the organizations future. The leadership should set a
challenging goals and targets. The leadership should create and sustain a
shared values, fairness and ethical role models at all levels of the
organization. The leadership should Establish trust and eliminate fear.
The leadership should provide people with the required resources
59
3 Engagement of People
It is essential for the organization that all people are competent,
empowered and engaged in delivering value. Competent, empowered
and engaged people throughout the organization enhance its capability to
create value.
Rationale
To manage an organization effectively and efficiently, it is important to
involve all people at all levels and to respect them as individuals.
Recognition, empowerment and enhancement of skills and knowledge
facilitate the engagement of people in achieving the objectives of the
organization.
Explanation:
This is the third of the Seven principles of Quality management and the
term Involvement of People has been change to Engagement of
People. The Eight principle definition stated People at all levels are
the essence of an organization and their full involvement enables their
abilities to be used for the organizations benefit. The Seven principle
definition states It is essential for the organization that all people are
competent, empowered and engaged in delivering value. Competent,
empowered and engaged people throughout the organization enhance its
capability to create value. Engaging people means employees are
committed to their organisations goals and values, motivated to
contribute to organisational success, and are able at the same time to
enhance their own sense of well-being.An engaged employee
experiences a blend of job satisfaction, organisational commitment, job
involvement and feelings of empowerment. When we talk of
engagement of people it means that all the employees are competent,
empowered and they are delivering value. An engaged employee will
have a better perception of job importance. An engaged employee will
have better clarity of job expectation. There will be more improvement
opportunities. There will be regular feedback and dialog with
60
4 Process Approach
Consistent and predictable results are achieved more effectively and
efficiently when activities are understood and managed as interrelated
processes that function as a coherent system.
Rationale
The quality management system is composed of interrelated processes.
Understanding how results are produced by this system, including all its
processes, resources, controls and interactions, allows the organization
to optimize its performance.
Explanation:
This is the fourth of the Seven principles of Quality management and
there is no change in the heading of this principle. The Eight principle
definition stated A desired result is achieved more efficiently when
activities and related resources are managed as a process. The Seven
principle definition states Consistent and predictable results are
achieved more effectively and efficiently when activities are understood
and managed as interrelated processes that function as a coherent
system. Processes are dynamic-they cause things to happen.processes
within an organization should be structured in order to achieve a certain
objective in the most efficient and effective manner.It helps us in
systematically defining the activities necessary to achieve/obtain desired
results.It helps us in establishing clear responsibility and accountability
for managing key activities.It helps us in analyzing and measuring of the
capabilities of key activities. It helps us in identifying the interfaces of
key activities within and between the functions of the organization.It
helps us in evaluating risks,consequences and impacts of activities on
customers,suppliers and other interested parties. Quality Management
System are constructed by connecting interrelated processes together to
deliver the system objectives which is the satisfaction of the interested
parties. This helps us in structuring a system to achieve the
organizations objectives in the most effective and efficient way and
61
5 Improvement
Successful organizations have an ongoing focus on improvement.
Rationale
Improvement is essential for an organization to maintain current levels
of performance, to react to changes in its internal and external conditions
and to create new opportunities.
Explanation:
This is the fifth of the Seven principles of Quality management and can
be mapped to the sixth of the Eight Quality principle which is
Continual Improvement. The term Continual Improvement has
been change to Improvement. The fifth principle of the Eight Quality
principle System approach to management no longer exist in the
Seven principle of quality management.The Eight principle definition
stated Continual improvement of the organizations overall
performance should be a permanent objective of the organization. The
Seven principle definition states Successful organizations have an
ongoing focus on improvement. Improvement is the improvement in
organizational efficiency and effectiveness. The organization should
Employ a consistent organization-wide approach to improvement of the
organizations tools of improvement. The organization should Provide
people with the training in the methods and tools of improvement. The
organization should Make improvement of products, processes,and the
system an objective for every individual in the organization. The
organization should Establish the goals to guide and lead.
This post is a review of the Draft International Standard (DIS) of ISO 9001
published on 14th May 2014 and should be read along with my post Seven
principles of Quality management as per ISO 9001:2015 committee draft.The
information presented in this post related to the revision of ISO 9001 is not final
and should not be used for making changes to existing quality management
systems. The contents of ISO 9001:2015 are subject to change and should not be
used in any contractual or legally binding agreements
1. Structure and terminology
The most significant change we will see in ISO 9001:2015 is the new structure.
The reason for the change is to adopt the common approach outlined in Annex
SL, the new document that all ISO management system standards, including ISO
9001, ISO 14001 and the recently released ISO 27001, must follow. Currently,
ISO 9001 contains 8 sections, of which four attempt to approximate plan, do,
check, act. The new structure, based on Annex SL, has 10 sections four of which
also approximate to plan, do, check, act. All new management system standards
will have this common structure. Here is the new structure:
Scope
This section describes the scope of the management system standard and will be
unique to the individual standard.
Normative References
This section references other relevant standards, which are indispensable for the
application of the document and will also be unique.
Terms and Definitions
Section three contains definitions, and while some of these are common terms
related to Annex SL, other definitions will be unique to the management system
standard.
Context of the Organization
This part is about understanding the organizations purpose, the management
system and who the stakeholders are. It describes how to set up the management
system and is similar in some respects to the old section 4 except that it explicitly
requires a broader understanding of the situation and needs of the business
4.1 Understanding the organization and its context.
A new requirement; One of several that might suggest a greater union between the
QMS and wider business planning activities. Requires organisations to ascertain,
monitor and review both internal and external issues that are relevant to its
65
purpose and strategic direction, and have the ability to impact the QMS and its
intended results.
4.2 Understanding the needs and expectations of interested parties.
A broadening of scope beyond just customers. Requires the organisation to
determine the relevant requirements of relevant interested parties e.g. a person
or organization that can affect, be affected by, or perceive themselves to be
affected by a decision or activity.
4.3 Determining the scope of the QMS.
The scope statement must state the products and services covered.
4.4 The QMS and its processes.
A major change that specifies a number of factors to be considered when planning
the processes that make up the QMS. Although a process-planning approach has
been previously expressed in earlier standards, this greatly reinforces the
requirement.
Leadership
This section provides requirements for commitment, policy and responsibilities.
This section is similar to the old section 5 on Management but the emphasis is
perhaps more on leadership than just management. This is a soft requirement
and it will be interesting to see how it develops.
5.1 Leadership and commitment.
Greater emphasis is placed on the role of top management. Requires top
management to demonstrate leadership and commitment, and suggests that a
more hands-on approach is expected.
5.2 Quality policy.
Policy requirements are enhanced. A requirement is introduced that the quality
policy is appropriate to the context of the organization, and that it is applied
throughout the organization.
5.3 Organizational roles, responsibilities and authorities.
The requirement for a Management representative is no longer specified. The
duties previously assigned to that role may now be assigned to any role or split
across several roles.
Planning
Planning is now a section on its own. Planning was always covered by the current
standard in sections 4.1, 6.1, 7.1 and 8.1 but the new structure includes risk (which
is now a clear requirement) and opportunities, the setting of goals and objectives
66
to achieve plans, and resources. Interestingly, risk was introduced in AS9100 (the
aerospace version of ISO 9001) in a similarly limited manner. In the latest version
of AS9100, however, risk was expanded and defines a number of specific
requirements/activities for a risk process. It will be interesting to see whether ISO
will leave the requirement for risk as a general requirement as defined in Annex
SL or whether it will take ASs lead and expand it. This planning section also
requires a greater application of goals and objectives to integrate with the
management systems planning and operation to generally facilitate success of the
organization.
6.1 Actions to address risks and opportunities.
A major change introduced to require a risk-based approach. In addition to this
clause, reference to the terms risk and opportunity are made throughout the
standard.
6.2 Quality objectives and planning to achieve them.
Requirements for objective planning are tightened up. An objective should
include a description of who is responsible, what is the target, when is it planned
to be achieved. Progress must be monitored. Also, requires objectives to be set for
relevant processes.
6.3 Planning of changes.
The clause lists items to be considered in change management.
Support
The support section includes most of the expected support processes that exist in
an organization and which are covered in the current ISO standard. Human
resources is renamed as competence, and communication, which will require a
new approach in most organizations, is given its own section rather than a
mention as a management responsibility. Finally, document control has been
renamed documented information. It now covers both procedure/document
control and records control.
7.1 Resources.
7.2 Competence.
7.3 Awareness.
There is an expansion of application from personnel to persons doing work
under the organizations control.
7.4 Communication.
Now includes external communication about the QMS.
67
organization to determine the issues and requirements that can impact on the
planning of the quality management system.Interested parties cannot go beyond
the scope of ISO 9001.There is no requirement to go beyond interested parties that
are relevant to the quality management system.Consider impact on the
organizations ability to consistently provide products and services that meet
customer and applicable statutory and regulatory requirements or the
organizations aim to enhance customer satisfaction.Organizations can go beyond
the minimum requirements to determine additional needs and expectations for
interested parties that would not be relevant at the discretion of organization and
should be clear in quality management system.
Clause 4.1 Understanding the Organization and its context
The organization should determine external and internal issues for the
organization relevant to its purpose, strategic planning and which affect the
organizations ability to achieve its objectives . The Organization should monitor
and review the information about external and internal issues.Management
Review required the monitoring of external and internal issues. The organization
must consider issues related to values,
culture knowledge and performance of the organization for understanding of
internal issues. The organization must consider issues related to arising from legal,
technological, competitive, market, cultural, social, and economic environments,
whether international, national, regional or local for understanding of external
context.
Clause 4.2 Understanding the needs and expectations of interested parties
The organization shall determine relevant interested parties and requirements of
relevant interested parties. Interested parties include Customers, Partners,Persons
in the organization, External providers. Relevant interested parties to be
considered are those that potentially could impact the organizations ability to
provide products and services that meet requirements. Monitor and review
information related to interested parties and relevant requirements.Management
Review requires the monitoring of relevant interested parties.
Clause 4.3 Determining the scope of the quality management system
The organization must establish scope of the quality management system by
determining the the boundaries and applicability of the quality management
72
system. While determining the scope the organization must consider the internal
and external issues determined in 4.1.,the requirements of relevant interested
parties in 4.2. and the products and services of the organization. Requirements that
can be applied by the organization shall be applied. Requirements that cannot be
applied cannot affect the organizations ability to provide product and services that
meet requirements. The organization must maintain scope as documented
information. stating the Products and services covered by the QMS and any
Justification where a requirement cannot be applied.
Any interested party which is not relevant to the quality management system need
not be considered and similarly any requirement of the interested party need not
be considered . Determining what is relevant or not relevant is dependent on
whether or not it has an impact on the organizations ability to consistently provide
products and services that meet customer and applicable statutory and regulatory
requirements or the organizations aim to enhance customer satisfaction. The
organization can decide to determine additional needs and expectations that will
meet its quality objectives. However, it is at the organizations discretion whether
or not to accept additional requirements to satisfy interested parties beyond what is
required by this Standard.
4. Risk-based approach
The main objectives of ISO 9001 is to provide confidence in the organizations
ability to consistently provide customers with conforming goods and services and
to enhance customer satisfaction. The concept of risk in the context of ISO 9001
relates to the uncertainty in achieving these objectives. This International
Standard makes risk-based thinking more explicit and incorporates it in
requirements for the establishment, implementation, maintenance and continual
improvement of the quality management system. Organizations can implement a
formal risk management program such as 31000, but there is no requirement to do
so. The concept of risk has always been implicit in ISO 9001 , this revision makes
it more explicit and builds it into the whole management system. Risk-based
thinking is already part of the process approach. Risk-based thinking makes
preventive action part of the routine. Risk-based thinking can also help to identify
opportunities. Organizations are required to understand the context of the
organization and any external and internal issues (clause 4.1).Risks and
opportunities are determined in clause 6.1.One of the key purposes of a quality
73
6 Documented information
The term documented procedure and record have both been replaced by
documented information. Where ISO 9001:2008 would have referred to
documented procedures (e.g. to define, control or support a process) this is now
expressed as a requirement to maintain documented information. Where ISO
9001:2008 would have referred to records this is now expressed as a requirement
to retain documented information.The current draft of ISO 9001 does not require
a quality manual or documented procedure as Annex SL does not require
documented procedures or a quality manual.The requirements in 7.5 are similar to
ISO 9001:2008 4.2.3 Control of documents and 4.2.4 Control of Records.
7 Organisational knowledge
The organization shall determine the knowledge necessary for the operation of the
QMS, ensure conformity of products and services, enhance customer
satisfaction.The organization is responsible for maintaining, protecting and
making sure the knowledge is available (as necessary).
Knowledge is to be considered when making changes to the
organization.Depending on the size and complexity of the organization,the risks
and opportunities it needs to address, the need for accessibility of knowledge, the
process for considering and controlling past, existing and additional knowledge
needs is to be considered. As long as the conformity of products and services can
be achieved,balance between knowledge held by competent people and
knowledge made available by other means is at the discretion of the
organization.Consideration can be given to whether competent employees have
this knowledge
8 Control of externally provided products and services
The term Supplier and Outsourcing have been replaced by the term external
provider and includes Purchasing from suppliers, Arrangement with an
associate/sister company, Outsourcing of processes and functions.The term
Purchased products has been replaced with the term externally provided
products and services. Clause 8.4 Control of externally provided products and
services addresses all forms of external provision, whether it is by purchasing
from a supplier, through an arrangement with an associate company, through the
75
road, pedestrian traffic lights, or diverting the road so that the area has
no traffic. It is necessary to analyse the opportunities and consider which
can or should be acted on. Both the impact and the feasibility of taking
an opportunity must be considered. Whatever action is taken will change
the context and the risks and these must then be reconsidered.
DEFINITIONS
8.5.1Development processes
79
The extent of post delivery activities that are required shall take
account of:
a) the risks associated with the goods and services
The organization shall take into consideration the determined risks and
opportunities and shall:
9.2Internal audit
80
10.2Improvement
central safe place. I assess the situation again and then cross the second
part of the road.
Check the effectiveness of the actions does it work?
For Example I arrive at the other side of the road unharmed and on time:
this plan worked and undesired outcomes have been avoided.
Learn from experience continual improvement
For example I repeat the plan over several days, at different times and in
different weather conditions. This gives me data to understand that
changing context (time, weather, quantity of cars) directly affects the
effectiveness of the plan and increases the probability that I will not
achieve my objectives of being on time and avoiding injury. Experience
teaches me that crossing the road at certain times of day is very difficult
because there are too many cars.To limit the risk I revise and improve
my process by using the footbridge at these times. continue to analyse
the effectiveness of the processes and revise them when the context
changes. I also continue to consider innovative opportunities such as
Can I move the meeting place so that the road does not have to be
crossed? Can I change the time of the meeting so that I cross the road
when it is quiet? Can we meet electronically?
customers can be confident that they will receive the expected product or
service.
Risk-based thinking therefore:
builds a strong knowledge base
establishes a proactive culture of improvement
assures consistency of quality of goods or services
improves customer confidence and satisfaction
Successful companies intuitively take a risk-based approach
6. How do I do it?
Use a risk-driven approach in your organizational processes.
Identify what YOUR risks and opportunities are it depends on context
Example
If I cross a busy road with many fast-moving cars the risks are not the
same as if the road is small with very few moving cars. It is also
necessary to consider such things as weather, visibility, personal
mobility and specific personal objectives.
Analyse and prioritize your risks and opportunities
What is acceptable, what is unacceptable? What advantages or
disadvantages are there to one process over another?
Example
Objective: I need to safely cross a road to reach a meeting at a given
time.
It is UNACCEPTABLE to be injured.
It is UNACCEPTABLE to be late.
The opportunity of reaching my goal more quickly must be balanced
against the likelihood of injury. It is more important that I reach my
meeting uninjured than it is for me to reach my meeting on time.
It may be ACCEPTABLE to delay arriving at the other side of the road
by using a footbridge if the likelihood of being injured by crossing the
road directly is high.
I analyse the situation. The footbridge is 200 metres away and will add
time to my journey. The weather is good, the visibility is good and I can
see that the road does not have many cars at this time.
I decide that walking directly across the road carries an acceptably low
level of risk of injury and an opportunity to reach my meeting on time.
86
To limit the risk I revise and improve my process by using the footbridge
at these times.
I continue to analyse the effectiveness of the processes and revise them
when the context changes.
I also continue to consider innovative opportunities:
- can I move the meeting place so that the road does not have to be
crossed?
- can I change the time of the meeting so that I cross the road when it is
quiet?
- can we meet electronically?
7. Conclusion
risk-based thinking is not new
risk-based thinking is something you do already
risk-based thinking is continuous
risk-based thinking ensures greater knowledge and preparedness
risk-based thinking increases the probability of reaching objectives
risk-based thinking reduces the probability of poor results
risk-based thinking makes prevention a habit
Useful documents
ISO 31000:2009 Risk Management Principles and guidelines
PD ISO/TR 31004:2013. Risk management - Guidance for the
implementation of ISO 31000
those who need them. The organization should analyze data using
appropriate tools.The organization should make decision and take
actions based on analysis of data,balanced with experience and
intuition.
7 Relationship Management
For sustained success, organizations manage their relationships with
interested parties, such as suppliers.
Rationale
Interested parties influence the performance of an organization.
Sustained success is more likely to be achieved when an organization
manages relationships with its interested parties to optimize their impact
on its performance. Relationship management with its supplier and
partner network is often of particular importance
Explanation:
This is the seventh of the Seven principles of Quality management and
can be mapped to the eighth of the Eight Quality principle which is
Mutually beneficial supplier relationships . The term Mutually
beneficial supplier relationships has been change to Relationship
Management. The fifth principle of the Eight Quality principle System
approach to management no longer exist in the Seven principle of
quality management.The Eight principle definition stated An
organization and its suppliers are interdependent and a mutually
beneficial relationship enhances the ability of both to create value The
Seven principle definition states For sustained success, organizations
manage their relationships with interested parties, such as suppliers.An
interested party is a person or group that has a stake in the success or
performance of an organization. Interested parties may be directly
affected by the organization or actively concerned about its performance.
Interested parties can come from inside or outside of the organization.
Examples of interested parties include customers, suppliers, owners,
partners, employees, unions, bankers, or members of the general public.
Interested parties are also referred to as stakeholders. Relation
management with interested parties meaning sharing
knowledge,vision,values, understanding and suppliers are not treated as
adversaries.The organization establishes a relationships that balance
95