Embed Size (px)
Citation preview
ISO 9001:2015 - Interested Parties
The new version of ISO 9001 brought a lot of changes and new requirements. Among them, the introduction of the concept of ‘interested parties’ is particularly interest-ing.
So far in the evolution of this standard through the years and through the differ-ent stages of development, the customer has been almost the sole focus, mention-ing suppliers, employees and regulators as carriers of key requirements but not specifically involving any other entity that could have had an impact on the actual results achieved. Not even owners of the organization.
While the customer keeps being the star of the new version of ISO 9001 as usual, they are not by themselves any longer: now the standard brings around the need of considering other stakeholders that could impact final results and customer satis-faction as an important part of the quality management system. These stakeholders are called interested parties
Why did ISO introduced this new con-cept?
ISO 9001 is and has always been a ‘sup-plier standard’. That means that its main concern is to make crystal clear that customers receive products and services
as specified, ensuring and enhancing cus-tomer satisfaction.
The concept of assuring customer satis-faction just by meeting specifications has been considered obsolete for many years so now ISO 9001 is going much further: it requires to ensure that any eventual nega-tive situation that could arise and impact the outcome, and consequently on cus-tomer satisfaction, shall be avoided. The explicit concept of risk was born to ISO 9001:2015. Moreover, this new approach also brings the other side of the coin: the positive aspect of risks, i.e. opportunities.
The organization shall identify any risks
and opportunities that could affect the effectiveness of the quality management system, preventing customers from not receiving products in a timely manner. Likewise, the organization shall identify any opportunity to make the management system even more effective and reliable.
While the intent of risk analysis has been somehow implicit in ISO 9001 since the very beginning, it is just now that it is openly and explicitly included.
As an example, ISO 9001:2008 requires that ‘the type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product’. In other words, it is a requirement to control sup-pliers and products according to potential risks.
Pointing to ensure that customers are kept safe, the new standard drills deeper in the risk based thinking widening the view for all probable actors that could pose any risk to the customer. This is how inter-ested parties came around. That is why interested parties were included in the new standard: they are probable sources for risks for customers. Consequently they matter and their requirements shall be considered. While the concept of interested parties is no news for ISO 14001, it is new for ISO 9001. The advantage is for current users of the environmental management system standards that could extend the concept to be included in quality management systems.
For the rest of the users, it is required to face this as a new challenge.
Continued on page 4
ISO 9001:2015 - Interested PartiesPage 1
TS 16949Page 2
2015 Quarter 4
ISO 9001 2015 ChangesPage 3
TS 16949 Changes
The IATF releases information periodical-ly to clarify rules or initiate new policies. DQS is required to implement these requirements in to our Certificate Body processes. There have been several releas-es recently that may affect your certificate or the audit process. Please visit the iatf-globaloversight.org website frequently to determine any changes to requirements or customer specific requirements that may affect your Quality Management System.
FAQ # 14 released June 2015: If there is a remote location listed on your current certificate for a support function, there are some important requirements that the client must understand. The first is that the client determines the sequence and interaction of the remote support process and how it affects the manufacturing site. An example would be the product design function. The manufacturing site would need to determine the interface and re-sponsibilities between the manufacturing site and the remote location. This may be in the form of meetings, communications and customer expectations for the end product.
If the remote location is audited by a Cer-tification Body other than DQS, it is the responsibility of the client to provide the audit report, any nonconformity manage-ment and results to the DQS audit team as part of audit planning. If the client does not provide the planning information documents, DQS may need to schedule an on-site audit of the remote location per IATF Rules Section 5.5 Option 1.
From FAQ # 14: “It is the site-audit-ing-CB’s obligation to have the client contact the remote-support-auditing-CB to make a request for additional fol-low-up. This would include sending the site-auditing-CB a copy of the remote support function audit report and any nonconformity issued. If the remote-sup-port-auditing-CB fails to implement their request, the site-auditing-CB needs to explain to the client that they have to go back to Option 1.”
Sanctioned Interpretation # 11 released October 2015: The IATF has released preliminary information concerning the alignment of ISO9001:2015 with TS16949:2009. A result of that is all current TS16949:2009 certificates have an expiration date of September 14, 2018.
Rationale: Certificates to ISO 9001:2008 (which forms the basis for certification against ISO/TS 16949) will no longer be valid after three years from publication of ISO 9001:2015. Therefore the maximum validity of certificates issued against the ISO/TS 16949:2009 needs to correspond with the end of the three year transition period for ISO 9001 and is therefore set to September 14, 2018.
Sanctioned Interpretation #12: This SI has several clarifications and changes. It is recommended that the client review these changes to see if any affect their current Quality Management System.
SI # 12 R4 Section 5.8(h): DQS has audited the goals and objectives for each process identified on the client’s organiza-tional process map. These results are doc-umented in the audit report. The change is that if the actions plans are not effective it may result in a Major nonconformance:
“5.8(h) what plans are in place to ensure key customer performance objectives/targets are met, and the client has cor-rective action plans where objectives are not being met. A major nonconformance shall be issued if no action plan is in place
to address the key customer objectives/targets which were not achieved; if the action plan is not implemented in a time-ly manner, and/or the completed actions were found not to be effectively imple-mented. The rationale is that this clarifies the circumstances when a major noncon-formance shall be issued when customer performance is not being achieved.”
Sanctioned Interpretation #13: This is one of the more significant changes. In 2008, the IATF allowed manufactur-ing site extensions for clients that had expanded their manufacturing activities beyond the original location (See CB Advisory # 2008-002). In 2013, the IATF determined that the former site exten-
sions should have their own separate TS16949 Certificate (See CB advisory 2013-006).
Sanctioned Interpretation #13 will allow for manufac-turing sites qualifying as a site extension to once again transition to a “Corporate” structure. Annex 4, available on the iatfglobaloversight.org website outlines the structure and audit process that will be implemented.
NOTE: This will not be effective until April 1, 2016. DQS will contact certificate
holders that may be eligible and present a transition plan in the first quarter of 2016.
Changes to the Rules, Sanctioned Interpretations, and Frequently Asked Questions are posted on the iatfgloba-loversight.org website as they are released. All of our clients are encouraged to visit the site on a regular basis and include any changes in your management review.
Charles Blair
Regional Automotive Program Manager
2
UPDATES TO STANDARDS
2015 Quarter 4
2015 Quarter 4
3
UPDATES TO STANDARDS
Published ISO9001:2015
The latest edition of the ISO9001 standard was released on September 15, 2015 and was made available soon thereafter on September 22, 2015. Although there were some minor changes made to the final draft, there were no major changes
reported.
The major changes, however, remain between ISO9001:2008 and ISO9001:2015. The new standard is far more focused on identification of interested parties and their expectations and the implementation of a process-based system for planning, monitoring and improvement of the overall quality management system.
ISO9001:2015 now requires additional emphasis on identification and monitoring of the processes to ensure that the overall company objectives are met. The Plan-Do-Check-Act cycle is still required to identify opportunities and ensure inherent improvements to the overall system.
Some of the minor changes from the FDIS are noted below:
ISO9001:2015 Clause DIS-to- FDIS-to-IS Change5.1.1 Risk-based Thinking added to section (d): Promoting the use of the process approach and risk-based
thinking. 6.1 In Planning- now it is required that risks shall also address desirable effects (Opportunities). Note 2
added to clarify the intent.7.1 There are several minor editorial-type changes with no effect on the overall intent of the requirements.
In 7.1.3, sub-item (c) has been changed from “transportation” to “transportation resources”.7.1.4 New Note added- A suitable environment can be a combination of human and physical factors.7.1.6 Under Organizational Knowledge, the main requirements remain unchanged, but notes now include
clear definition and some clarification.7.3 A clarification has been added that the term “awareness” applies to relevant persons of the organization
and not all members.7.4 For Communication, a new requirement has been added to determine who communicates8 Section 8 has been revised as well, but the changes are minimal. The changes are mostly to use the cor-
rect terminology that is used throughout the standard.8.2 There are no major changes in 8.2 – just some minor changes to the wording and the paragraph num-
ber for “Changes In Product Requirements”.8.3 Slightly revised as well. Now, there is a need to maintain documented information for inputs, controls,
outputs and changes. Also, there is a better differentiation between the three types of controls – which are review, verification and validation.
8.4 Better definition of externally provided processes, products and services added.8.5, 8.6, 8.7
The term “products and services” and “product outputs” have been replaced with “outputs” – just a clar-ification and not a major change.
8.5.1 There is a new requirement to have steps in place for “the implementation of action to prevent human error”…
8.7 The reference to “corrective” has changed to “correction” as one of the options for controlling noncon-forming products.
9.1 Under 9.1.1, there is a minor change in the General section and the customer satisfaction section.9.2 The reference to “Quality Objectives” has been removed, but the intent is still to audit “to the extent
needed”, as the requirement still includes “importance of the processes concerned, changes affecting the organization, and the results of previous audits”.
2015 Quarter 4
4
UPDATES TO STANDARDS
continued from page 1
Who could be an interested party?
The key to consider a stakeholder as an interested party is to evaluate how they could probably influence the outcome of the organization. It is not about ‘possi-bilities,’ but it is clearly about ‘probabili-
ties’. That means that in the wide field of possibilities, anything could happen, but it is very important here to differentiate ‘contingencies’ from ‘acts of God’ in order not to open a door highly unlikely to be closed. The eventual consideration of any possible interested party could lead to an endless analysis of situations that might never happen in this life, adding complexi-
ty, costs and waste of time to the organization, while not adding any actual value to customers.
In fact, the aim of this require-ment is just the opposite: avoid waste of resources by an early identification of threats to cus-tomer satisfaction, enabling the organization to direct resources to key facts that could negatively impact on customer satisfaction.
So those stakeholders, who actually are able to support or stay on the way to cus-tomer satisfaction, shall be considered as interested parties.
If any stakeholder has requirements for the organization, and those requirements and all interfaces with this stakeholder affect operations, projects, products, processes, or outcomes and results from the organiza-tion so it is to be considered as an inter-ested party and resources and efforts shall be devoted to attend their requirements in order to prevent risks to customers.
To read the full arti-cle from Rafael Griffi (Managing Director, DQS Argentina) go to our website www.dqsus.com under Latest News on our homepage!
10.1 The requirements for improvement of processes and prevention of nonconformities” has been replaced by “correcting, preventing and reducing undesired results”. Also, “predicted requirements” have been replaced by “future needs and expectations”.
10.2 Under 10.2 for Nonconformity and Corrective Action, there is a new requirement to update risks and opportunities that are identified during the planning process.
10.3 Use of outputs was replaced with “results” to be consistent with the other sections of the standard.
As announced in our bulletin of September 22, 2015, all transitions are required to be upgraded within the three year anniversary of the standard. Details of the transition plan are available on our website (www.dqsus.com, Informational Sessions, ISO9001:2015 Information, and click on ‘important ISO9001:2015 bulletin.’”
As described in our transition plan, all upgrade audits are now required to be done in two stages. Stage 1 is intended to ensure full deployment of the new requirements before the actual audit. Stage 1 is also required to be conducted about 2 to 3 months prior to Stage 2. Some topics that will be reviewed during Stage 1 will include:
• Identification of Interested Parties
and their requirements• Identification of Risks and
Opportunities• Identification of Processes• Context of the Organization and
Leadership Requirements• Review of one round of process-
based Internal Audits • At least one management review• Ensure Understanding of the
Requirements• Deployment of Process-based
Management System• Develop the Stage 2/Upgrade
Assessment agenda• Confirmation of Stage 2
Assessment days
Stage 1 audits are intended to assist our clients in identifying any gaps in their Quality Management System so they could be addressed prior to Stage 2. Significant findings or total noncompliance with the new requirements may necessitate the need for an additional Stage 1 to verify the system’s readiness for the Stage 2 audit.
We encourage all our clients to take full advantage of the Stage 1 process and discuss any concerns they may have about the new requirements with their assigned Auditors or Customer Service
Professionals.
Joe MansourISO9001:2015 Program
Manager and Lead Auditor
