Tuesday, February 23, 2016

New Standard ISO 9001:2015 has the same Requirements as ISO 9001:2008

Yes, the New Standard has the same (V. ISO 9001:2008) Requirement,  
Plus Net Additions to ISO 9001:2008

The release of the Final Draft International Standard of ISO 9001:2015 has created a great deal of hand wringing and argument that many requirements of the ISO 9001:2008 standard have been deleted, abandoned and/or lessened.  Some people believe that an organization no longer needs to have a Quality Manual, Quality Objectives, or the six required procedures for their respective Quality Management Systems.  Reality: Nothing could be further from the truth. The fact is that the ISO 9001:2015 standard does not reduce any requirements. It does require them in a different language, and does require/ empower the organization to decide the details.

Quality Institute of America (QIA) has been providing a series of articles to help people who wish to understand the new standard. These are divided into five groups: Group 1 provided an Introduction to the ISO 9001-2015 standard. Group 2, provided a thorough understanding of the new standard by referencing the old version, and pointing out how the new standard essentially has the same requirement with a different twist and location in the new standard.

The ISO 9001:2015 version actually has net additions to the old (ISO 9001:2008) version. This article is the first in the Group 3, and introduces you to a summary of the additions. It will be followed by full length articles on the various additions.

Group 4 will have some articles on how to implement the new ISO 9001:2015, and Group 5 will have some articles to help you audit to the new standard, or face audits to it.
We are presenting these articles through various channels, but principally through our web-sites: http://www.qi-a.com/Articles.aspx as well as our blog page: https://plus.google.com/u/0/b/114348208229269811700/+QualityInstituteofAmericaHouston/posts/p/pub

Net Addition #1:

4.1 Understanding the Organization and its context
The Organization shall determine external and internal issues that are relevant to its purpose and strategic direction ant that affect its ability to achieve the intended result(s) of its Quality Management System (QMS).

The Organization shall monitor and review information about these external and internal issues.
Context of an Organization refers to the scope of a thing, either an Organization as a whole, or its sub-parts such as divisions, locations, departments or an individual employee’s job title.

The new ISO 9001:2015 standard sets forth what an Organization shall monitor and review, but is not specific on the details of how to monitor/review, what is to be done with this data and where an Organization should keep or store the data.  Data analysis (Section 9.1.3) and Organizational knowledge management (Section 7.1.6) are the sections for addressing the requirements of Section 4.1. Section 9.1.3 mandates that an Organization shall analyze and evaluate appropriate data/information arising from monitoring and measurement in order to evaluate the data/information for various effects upon the Organization’s QMS.

Section 7.1.6 requires an Organization to determine (by monitoring and/or measuring) the knowledge necessary for the operation of its processes and to achieve conformity of its products and services.
Unlike the old standard, the new one expects you to understand your organization's context before you establish its QMS. When ISO 9001:2015 asks you to understand your organization's context it wants you to consider the external and internal issues that are relevant to its purpose and strategic direction and to think about the influence these issues could have on its QMS and the results it intends to achieve.

Net Addition #2:

Organizational Knowledge – 7.1.6
The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. This knowledge shall be maintained and be made available to the extent necessary.When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates.

Organizational knowledge has been defined as an asset of a company to which no value can be named (Businessdirectory.com). In other words, it is (or can be) priceless to an organization.  Organizational Knowledge is knowledge specific to the organization and generally gained from experience. This knowledge is (or can be) based upon Internal Sources (Intellectual property, experience knowledge, etc.) and External Sources (academia, standards, conferences, etc.)

A logical way to think of Organizational Knowledge is for an organization to define what it produces or the service(s) it provides.  From this premise, determine from where knowledge is gained (engineering, advanced degrees held by employees, specific skill sets such as welding, sales, management expertise, instrumentation and production machinery, etc.). Think along the lines of: “This is who we are, what we do and how we do it…” Never underestimate or overlook sources of knowledge.  Results of Nonconformance NCs, Corrective Actions, etc. can lead to lessons learned from failure, lessons learned from Risk Analysis and from Training can be a gold mine of information/data that an organization should utilize as a competitive advantage in that it arose from within and may be looked upon as unique to competitors in the marketplace.

After a thorough examination of an organization’s structure, the results can then be categorized as either Internal or External, pursuant to the standard.

Net Addition #3:

Management of Change – 6.3

                Section 6.3 of the ISO 9001:2015 version sets forth the requirements for change planning of an organization’s QMS.  The requirements of the old ISO 9001:2008 version 5.4.2 are contained in the new version with a more detailed explanation of the required components.
Planning of Changes (Section 6.3)

o   All changes must be carried out in a planned manner
o   Considerations of planning:
§  Purpose of the change(s)
§  QMS health/viability
§  Resources
§  Allocation of resources

Change management is a systematic process for dealing with change, accounting for the considerations of both an organization and an individual. Management of change compels an organization to consider change in three contexts; adapting to change, controlling change, and change affects an organization’s QMS. A proactive approach to dealing with change is at the core of all three aspects. An organization must be able to define a specific change or change need, and implement procedures /processes to handle changes it is presented with on a daily basis.

Net Addition #4:

Actions addressing risk and opportunities – 6.1
Why do we assess for Risk? To provide confidence in an organization’s ability to consistently provide customers with conforming goods and services and to enhance customer satisfaction.
·         Required for establishment, implementation, maintenance and continual improvement of the Quality Management System (QMS).
    What is Risk-Based thinking?
o   Always been present (but not at the forefront) in ISO 9001
o   Always part of the “process approach” to QMS
o   Does more than “replace” preventative actions-it makes prevention a part of the routine associated with processes
o   DON’T FORGET opportunities – risk can and should help an organization identify these
      What is the Risk-Based Approach requirement?
o   Organizations need to be aware and understand the context of their organization
o   Clause 6.1 – Risks and opportunities are defined and determined
o   Prevention/preventative action is controlled and a direct result of risk-based thinking and management of risks and opportunities (6.1)

·         Planning (Section 6.1.1 & 6.1.2)
o   Organization must plan actions to address/recognize risks and opportunities
o   Plan must allow for integration/implementation actions addressing risk
§  These actions MUST be evaluated for effectiveness
o   CAVEAT:  As with most of the ISO 9001:2015 standard, no FORMAL risk management program is required – but an organization must be able to provide evidence that risk has been planned for and actions taken to mitigate same – a formalized (documented) program/process would only make sense for best business practices.

Net Addition #5:

Section 8.5.1 Control of production and service provision
·         The organization shall implement production and service provision under controlled conditions.
·         Controlled conditions shall include, as applicable:
o   (g) the implementation of action to prevent human error;
              How could such an all encompassing statement (yet vague, nonetheless) be accomplished –the prevention of human error in a production setting?  Think Poka-Yoke, or the mistake proofing of a production line, team or individual. Think of the adage “safety first”.  Remember the new mandate of Section 6.1 – an organization must address risk and opportunities in everything they do.

               Think about: Reducing the number of steps of a process, “idiot proofing” instruments or tools for safer and more efficient use.  Think about a hotel key card – only ONE way to correctly use it – all other avenues of use will fail.  Rethink your organization’s training platform or matrix to include new management skill sets and training for efficiency of results – not simply results themselves.

Monday, February 22, 2016


Let’s summarize the principles of a good CAPA system. It’s really quite simple: 

     1.  The first principle is to keep non-conformances (nc’s) and capa separate. There is a reason why they have been kept separate in ISO 9001 (8.3 and 8.5). With nc’s, we are solving (dispositioning) problems with the product and service that we are providing. With capa, we are solving problems with the process(es) that produce the product. Among several reasons for keeping them separate is that dispositioning every single nc is a must. CAPA, on the other hand, is discretionary, and depends on the severity of the nc. Some large customers give vendors forms that combine the two. What they are implying is that they consider the problem identified as serious enough to prevent in the future; and therefore they require both dispositioning and corrective actions. 

     2.  The second principle is that there must be a high level of discipline in handling nc’s as well as capa’s. In the heat of battle in most business environments, the temptation to cut corners can be strong, and sometimes leads to costly errors. 

     3.  The third principle is that records must be kept. This may sound bureaucratic, but there is a very good systems reason for disciplined record keeping. The reason is that good and detailed records provide data, and the intelligence upon which to make informed and smart decisions. 

     4.  The fourth principle is that the system must be simple to use, so that people will use it, and use it faithfully. This is what will make the system really effective. 

The above is all very well and good. The problem is that principle number 4, the secret to effectiveness, goes against principles number 1, 2, and 3. The good news is that there could be a solution. That solution is to use a computer assisted system. We need the power of the computer to eliminate the paper-work, the bureaucracy and the drudgery. This can be done by analyzing quality processes into two components—the necessary overhead, and the value adding component. Let’s have the computer do the overhead piece, and smart humans do the value adding piece. A good computer assisted system will follow the work-flow required of a good Quality Management System (QMS), and ensure through a system of alerts, reminders and escalations. It will also ensure that all required steps are completed in a systematic manner, with proper vetting, and then finally keep records. The computer assistance will also make the job of analysis of all relevant data much simpler, faster, and therefore most likely to be done right. The following are typical steps taken for the sake of doing a good CAPA with an eye on compliance, without a computer based (electronic) system: 

     1.  Reporting Recurring Nonconforming Products/processes in CAPA form, filling out the CAPA form. 
     2.  Printing out at least 2 copies for Supervisor/Quality manager to review and a self copy 
     3.  Using the company interoffice mail, e-mail or walk it to the supervisors. 
     4.  Supervisors QM Approves/rejects CAPA based on merit and sign off on the approved CAPA form. 
     5.  Notify personnel if CAPA is not approved. 
     6.  Print a copy and send it to the someone to do the Root Cause Evaluation through company mail or walking. 
     7.  Assigned personnel reviews the CAPA and write their finding and propose Action(s) and send it back to QM through company mail or walking. 
     8.  Supervisors/ QM Approves/rejects the finding of the CAPA based on merit and sign off on the approved CAPA form. 
     9.  If rejected, send it back to the Assigned person to do it again. 
     10.  If approved, print another copy, assign someone to do the implementation of the proposed plan to stop recurrence/ occurrence of the Problem. 
     11.  Assigned personnel reviews the CAPA, Implement the process and write implementation notes once completed and send it back to QM thru company mail/ e-mail or walking. 
     12.  Supervisors/ QM approves/rejects the implementation of the CAPA based on merit and sign off on the approved CAPA form. 
     13.  If rejected, send it back to the Assigned person to do it again. 
     14.  If approved, print another copy, assign someone to do the verification of the Implementation to see effectiveness. 
     15.  Assigned personnel reviews the CAPA, conduct the verification based on implementation notes and send it back to QM thru company mail or walking. 
     16.  QM finally closes the CAPA and Notify the Originating Person. 
     17.  Enter data into an excel or some other data base so as to be able to monitor the effectiveness of the CAPA system, and look for further opportunities for continual improvement 

The steps shown above are typical of a small-medium sized manufacturing company with a combination paper/ electronic system. For the sake of estimating the increase in efficiency of personnel, use the single asterisks to estimate that the time taken will be reduced to half. Those with double asterisks will be eliminated entirely. 

But, the big benefit is in having a system that is much more effective!! The benefit of that is of course, priceless! 

To see such a solution, click on the following link, and see at least presentations # 1 and #3. www.qi-a.com