Documente Academic
Documente Profesional
Documente Cultură
approved companies
June 2016
Page 1 of 29
NSI 2016
9001:2015 Guidance document for approved companies
Contents
Introduction................................................................................................................................................................ 3
Basic principles of 9001:2015 .............................................................................................................................. 3
Risk based thinking ................................................................................................................................................. 4
Understanding context .......................................................................................................................................... 4
Increase in leaders involvement ........................................................................................................................ 5
Understanding needs & expectations of interested parties .................................................................... 6
Process approach ..................................................................................................................................................... 7
Documentation requirements ............................................................................................................................. 8
What do I do now? ............................................................................................................................................... 10
Step by step ............................................................................................................................................................ 11
New clauses ............................................................................................................................................................. 12
Appendix A: ISO 9001:2015 transition checklist ........................................................................................ 14
Instructions for use ........................................................................................................................................................................... 14
Introduction
As an approved company you are already used to working to written procedures and
processes. The revised 9001 doesnt change this but places emphasis on risk management and
there is less prescriptive requirements for documented procedures.
You may decide that you will keep your current quality management system and simply amend
it where necessary. Some of you may take this as an opportunity for a complete revamp. Either
course of action is entirely reasonable and this guidance document is simply going to walk
you through what the essential elements are that you need to address in order to take you
through to becoming 9001:2015 compliant.
First you need to understand what has changed and what this means to you.
Interested
Leadership
Parties
Process
Context
Approach
Plan
Risk Based Do Documentation
Thinking Check Requirements
Act
Plan Do Check Act is carried over as the main principle of 9001:2008 with amended
elements feeding into this. Some are new and some are enhanced ways of dealing with a
process approach.
There is less demand for prescriptive procedures but more expectations that companies will
determine their own documentation requirements.
Identify Risks
Consider Them
Control Them
Many organizations will manage risk as part and parcel of their general management. Some
may decide to apply a specific risk model that is applied to each risk they identify. Documented
information needs to be in place to support that organizations have understood and managed
this in line with their business and their processes.
Examples of documented information regarding risk may include: A business plan, risk register,
reports on performance.
Understanding context
Approved companies will need to understand and identify all the influences that affect their
business. They must then ensure that their strategy and direction takes this into consideration,
this could be captured in a business plan.
Understanding
Internal and
Process of Impact of Context and
External
Monitoring Changes the
Issues
organization
All organizations will already consider the context. The standard is calling for recognizing this
in a wider sense, so that the processes you develop, change and work to have considered all
the above.
How will you evidence this? Through clear processes and documented information that will
demonstrate you have considered the business in this context. There is no requirement for a
specific document. It may be captured in a business plan or strategy document.
All
No longer specifies
areas/departments Greater Leadership
a management
will have Commitment
representative
responsibility
Things to consider:
Strategic Direction: Does the business know where its headed = you may produce a
business plan to define this;
Then create a quality policy and objectives that outline your intentions;
Customer Satisfaction being key to a companys success;
Review and define what your strengths and weaknesses are;
Consider the impact on delivery of products and services;
Based on this assign QMS responsibilities and authority;
Promote risk based thinking;
Final accountability.
Key Concept
Customer Focus and Improvement
How will you evidence this? Through documented information (you may already have this) and
processes that will produce evidence.
Groups or Customers/public
No longer specifies a
individuals who Shareholders/Board
management
can make an Members
representative
impact Contractors/Suppliers
Needs and
What impact can
Monitor their Expectations from
they have on the
involvement both parties to be
business
understood
Review Meetings
How do you do
Review Reports
this? How often?
Feedback
Organizations will have a number of influences and each will have a varying impact on them.
For example a supplier can significantly affect the ability to deliver on time to a customer. In
this case, a clear supplier agreement process needs to be established at the beginning to
ensure that the risks are understood and well managed.
Note: Refer to Annex A: A step by step guide on how to interpret each clause for more detail.
Process approach
This standard now expects organizations to use a process approach. Each business will have
different processes so they must reflect the business itself and not be generic. What does
process approach mean?
Process = A series of actions you take in order to achieve a result
As an approved company you are already doing this.
Example Processes:
Finance Determine the
Sales processes the
business needs
Recruitment/Training
Human Resources
Management/Leadership
Planning Operations For example:
Suppliers/Subcontractors Performance Indicators
Targets/Budgets
needed to manage and
Commissioning Quotes/Proposals/
control each process
Wins/Losses
Documentation requirements
The standard now expects an organization to determine what their own documentation
requirements are. This is based on being able to effectively plan, operate and control the
business and its processes.
It must include an overall aim to continually improve the business and its quality management
system. Documentation should be used for:
Large Company =
Proposals
More formal
Examples: Tenders
Newsletters / Memos / Quotes
Organization Chart / All Contracts
SMEs =
Job Descriptions / Companies
formal / informal Contract review
Business plan /
approach
Work Instructions / Specifications
Process maps Commissioning
Test results
Calibration records
Dependent on the size of the business, the structure and ethos documentation will vary. Its
essential that each organization determines their own needs as well as interested parties
(referred to earlier) documentation needs.
Example: Some staff will expect or be given a formal written job description which may be
supported by key performance indicators or targets that are measured formally periodically.
Other leaders may issue verbal instructions or a letter of appointment with informal reviews
and an annual appraisal.
Clients/customers may work from a letter of appointment/email or contract with Purchase
orders or require a detailed contract for each site/installation.
Documents can also be used as a way of demonstrating how things should be done, manage
expectations and lead by example.
Documented information is any type of medium:
Paper/Magnetic/Electronic/Photograph
Note: A list of expected records is in Appendix B
What do I do now?
Review your documented procedures and amend them to clearly reflect what documentation
your business creates with the products and services that it sells. This will include processes,
documents, evidence and records.
Note: The revised standard does not call for specific documented procedures BUT does insist
on evidence that those things are still in place such as internal audits and management review.
Step by step
Step 1:
Define strategy
Define context
Define interested parties
Define risk & opportunities
Step 6:
Update QMS
Complete the checklist supplied
Communicate changes to the
staff
New clauses
The new standard has additional clauses and these are detailed below with a description of
what these are.
Additionally, a step by step guide on how to interpret each clause is given in the separate
Annex A to this document.
4.2 Understanding the needs and Ensure you identify, capture what other parties need from
expectations of interested parties you in order to deliver a service or a product e.g. a
supplier/customer.
4.3 Determining the scope of the QMS Scope must set out what the company does and deliver. It
should include products and services. It must now be done
with consideration to the context.
For example: Operating in the fire industry, supply and
maintenance of fire extinguishers.
4.4 QMS and its processes Organizations need to establish a process based QMS. For
example: process maps/overview of how things are done
with inputs and outputs.
You will already have these as part of your QMS.
5.1 Leadership and commitment Accountability expected for the QMS and ensuring it is
integral to the business.
More emphasis on not allocating this to one person.
5.3 Organizational roles, responsibilities Top Management need to ensure that all roles are well
and authorities understood and communicated.
6.1.1 Actions to address risks and This relates to the principle of context and thinking about
opportunities the internal and external issues a business has to deal with.
6.1.2 Planning for the QMS There is a necessity that companies will have a planned
approach which incorporates risk principles.
8.5.5 Post Delivery Activities A clear understanding of all post delivery requirements.
9.1.1 General (Under monitoring and Decide what you are measuring and how it is done.
measurement, analysis and Organizations must evaluate the results and analyze these
evaluation) for the QMS.
10.1 General (Improvement) Seek out improvement opportunities and find ways of
making things better e.g. processes/documents/training.
10.2.2 Non Conformity and corrective Retention of documents recording Non Conformities
action accurately.
Comments:
Comments:
Comments:
Comments:
5. Leadership
Top management are now required to have a
greater involvement in the QMS and ultimate
responsibility.
Comments:
5.2 Policy
Top management need to establish, implement and
maintain a quality policy.
Comments:
Comments:
6. Planning
Planning has an increased focus on ensuring it is
considered with the context of the organisation
and interested parties.
Comments:
Comments:
Comments:
7.1 Resources
7.2 Competence
Comments:
7.3 Awareness
Comments:
7.4 Communication
Comments:
Comments:
Comments:
Comments:
Comments:
Comments:
Comments:
Comments:
Comments:
Comments:
10 Improvement and
10.1 General
Comments:
Comments:
Comments:
Accounts
Contracts
Complaints
Insurances/claims
Finance Invoices
Credit Notes
Statements
Payroll records
Sales Schematics/Drawings
Contract Review
Data Sheet
Quotes/Proposals/Tenders
Incident Reports
Accident Reports
Commissioning paperwork
Welfare visits
Job Description
Training Records/Certificates
Appraisals
Nonconformance reports
Nonconformance register
4.4.2 QMS and its The processes that Process Maps covering core and support
processes explain how the processes e.g. sales/install/finance/HR
company operates.
7.5.3.1 Control of Available and suitable Any documents that the organization determines
documented for use are necessary have to be available and also
information protected from being divulged to third parties.
8.2.4 Changes to When something is Revised versions of the above being issued to
requirements for amended as part of staff and customers of those it affects.
products and delivering the service
services and or product the
change must be
documented.
8.3.4 Design and Verification and Contract Review (this may be detailed on
Development validation activities. documentation and/or software/databases etc)
Controls Define product and
service/ and variances
8.5.3 Property This is about Clear process for managing equipment on site,
belonging to safeguarding handover forms, bespoke customer forms to
customer or customer property ensure accountability of property.
external and also deciding
providers what action to take if
something gets lost,
damaged or
otherwise found to be
unsuitable for use.
8.5.6 Control of Results of reviews of This should be part of the forms and documents
Changes changes to product or that you use.
service provisions, the Contract Review