ISO 9001:2015 - NQA
ISO 9001:2015QUALITY MANAGEMENT IMPLEMENTATION GUIDE50,000CERTIFICATESGLOBALLYTRANSPARENT90
ISO 9001:2015IMPLEMENTATION GUIDE2*UK and ISOIreland9001:2015onlyIMPLEMENTATION GUIDE
ContentsIntroduction to the standardP04Benefits of implementationP06PDCA cycleP07Risk based thinking / auditsP08Process based thinking / auditP09Annex SLP10SECTION 1: ScopeP11SECTION 2: Normative referencesP12SECTION 3: Terms and definitionsP13SECTION 4: Context of the organizationP14SECTION 5: LeadershipP16SECTION 6: PlanningP17SECTION 7: SupportP18SECTION 8: OperationP20SECTION 9: Performance evaluationP22SECTION 10: ImprovementP24Get the most from your managementP26Westbury and ISO 9001:2015 case studyP27Next steps once implementedP28Quality management trainingP29Useful linksP32ISO 9001:2015 IMPLEMENTATION GUIDE3
INTRODUCTIONTO THE STANDARDISO 9001 is one of the most widely adopted International Standards in the world. Withover 1 million certificates issued worldwide, it spans all sectors of commerce and industry.ISO 9000 was first published by ISO in 1987 having evolved from the BS 5750 series ofstandards. These standards themselves had been influenced by Government and militaryprocurement standards which had become necessary to ensure the quality of products andservices purchased and distributed.Part of the familyISO 9001 belongs to the ISO 9000 family of standards. Some of these documents are intended for certification,others for guidance. The most commonly referred to of these, apart from ISO 9001, is ISO 9000 whichdescribes the fundamental concepts and vocabulary of the quality management standards.ISO 9000 also describes the 7 quality management principles:CUSTOMER FOCUSthis applies to both internal and externalcustomers. Customer focus is the primaryfocus of quality management and seeks to meetcustomer needs and to strive to exceed theirexpectations. Customer focus aims to createvalue for the customer.LEADERSHIPeffective leadership creates a unity of purposeand direction. Strong direction ensures allactivities within the organization are aligned tostrategies, polices and processes to collectivelyachieve planned objectives.ENGAGEMENT OF PEOPLEinvolving people means ensuring they arecompetent, empowered and engaged. Effectiveengagement of people gives the organization thetools to achieve its aims.PROCESS APPROACHthis has been a staple of quality managementstandards for many years. Knowing your inputs,actions and intended outputs makes day-to-dayoperations predictable and repeatable. Effectivelymanaging processes ensures resources are usedefficiently and highlights areas for improvement.4ISO 9001:2015 IMPLEMENTATION GUIDEIMPROVEMENTImprovement is not about an admission ofweakness or fault, but simply a desire to dobetter and keep doing better for the benefit ofall involved.EVIDENCEbased decision making – how many of us haveever made an impulse purchase? Do we reallybelieve that businesses don’t also make thatsame mistake sometimes? Of course they do!But, by applying evidence-based decisionmaking, decisions can be based on knownrequirements and the planned outcomes,direction and purpose of the organization, havinginvolved the customers and people and withimprovement in mind.RELATIONSHIP MANAGEMENTthis applies to all relationships of theorganization. Often it pays to know yourcompetitors as closely as you know yourcustomers. Building networks, engaging thegeneral public, reaching your target audience, allof these things are essential to achieve the aimsof a profitable enterprise.
Regular reviewsand updatesISO standards are subject toregular reviews; usually aroundevery 5 years but the process ofreviewing and updating can take avery long time.The most recent update to theISO 9001 standard brought aboutsome significant changes.The main changes were in thefollowing areas: Adoption of the Annex SL structure.This now provides a commonstructure as well as terms anddefinitions across a range of ISOstandards including ISO 14001(Environmental), ISO 27001(Information Security) and therecently published ISO 45001 (Healthand Safety). This makes it easier tostreamline your system if you havemultiple standards in place. The switch from ‘preventive action’to ‘risk-based thinking’. This is reallythe same thing but preventive actionused to be considered as somethingto do after an unwanted outcome hadoccurred (to prevent it happeningagain!). Now, the focus is very muchfrom the outset. Risk-based thinkingencourages true preventive actionand continuous improvement byputting it at the forefront of theprocess approach. The leadership element requires topmanagement to fully engage withthe quality management system,not just delegate it to a QualityManager or Quality Team. The QualityManagement System should align withthe overall organizational objectives. The emphasis on organizationalcontext looks at quality managementfrom a big-picture perspective.Understanding why the organizationexists, who it interacts with andother constraints within which itmust operate, such as legal andregulatory frameworks, helps tounderstand the resources, monitoringand measurement required fromoperational processes.ISO 9001:2015 IMPLEMENTATION GUIDE5
BENEFITS OFIMPLEMENTATIONThe benefits of implementing a Quality Management System which is compliant withISO 9001 can be far-reaching. Simply adopting a process approach to operations canimmediately highlight areas for improvement. Documenting processes in a meaningfulway can also help with communicating quality actions and strategy to people at all levels.Inductions and training are linked directly to business objectives and people within theorganization are clear on their contribution to overall performance and success.Adopting a customer focus adds value for customers andis likely to enhance their satisfaction and loyalty. Repeatbusiness is less costly to achieve than new business so it paysto keep your current customers happy.Not only can a Quality Management System (QMS) enhanceyour customers’ satisfaction, it will also have a positive impacton your reputation. Being able to demonstrate a formalcommitment to quality is often a pre-requisite for formaltendering procedures, in particular for public sector contracts.Having a certified QMS can open doors to a range of contractopportunities and therefore potentially boost your revenue andmarket share.Implementing a QMS can also help you to be moreefficient. Using resources, this includes people, materials,time, money and external partners and suppliers, aseffectively and efficiently as possible has a direct positiveimpact on profitability.Involving the people within your business fosters deeperengagement with operations. This can lead to reducedturnover of staff, better productivity, enhanced trust andcollaboration and a skilled and happy workforce.Consistent and predictable outcomes lead to greaterunderstanding of capability and capacity. Understandingorganizational capability and capacity can help you to managegrowth and the associated risks.Focusing on root cause analysis when investigating problemsensures solutions are robust and improvements are effective.Ongoing monitoring and measuring provides evidence ofthe effectiveness of processes and can demonstrate theeffectiveness of previous decisions and actions. (Rememberthe quality principle of evidence-based decision-making.)A QMS also helps you to manage your supply chain.Encouraging strong, effective communication betweenparties ensures expectations and requirements are clearbefore everyone is committed. This leads to improvementopportunities for mutual benefit.6ISO 9001:2015 IMPLEMENTATION GUIDE
PDCA CYCLEISO 9001 is based on the Plan-Do-Check-Act (PDCA) cycle, also known as the Demingwheel or Shewhart cycle. The PDCA cycle can be applied not only to the managementsystem as a whole, but also to each individual element to provide an ongoing focus oncontinuous improvement.In brief:Plan:Do:Check:Act:Establish objectives,resources required,customer andstakeholderrequirements,organizational policiesand identify risks andopportunities.Implement whatwas planned.Monitor and measureprocesses to establishperformance againstpolicies, objectives,requirements andplanned activities andreport the results.Take action to improveperformance, asnecessary.PDCA model ISO 9001:2015QUALITY MANAGEMENT SYSTEM (4)ORGANIZATIONAND S ANDEXPECTATIONSOF RELEVANTINTERESTEDPARTIES (4)DoLEADERSHIP(5)PERFORMANCEEVALUATION(9)RESULTS OFTHE QMSCheckIMPROVEMENT(10)PRODUCTSAND SERVICESPlan-Do-Check-Act is an example of a closed-loop system. This ensures the learning from the ‘do’ and ‘check’ stages areused to inform the ‘act’ and subsequent ‘plan’ stages. In theory this is cyclical, however it’s more of an upward spiral as thelearning moves you on each time you go through the process.ISO 9001:2015 IMPLEMENTATION GUIDE7
RISK BASEDTHINKING/AUDITSAudits are a systematic, evidence-based, process approach to evaluation of yourQuality Management System. They are undertaken internally and externally to verify theeffectiveness of the QMS. Audits are a brilliant example of how risk-based thinking isadopted within quality management.1st Party Audits– Internal AuditsInternal audits are a great opportunity for learning withinyour organization. They provide time to focus on a particularprocess or department in order to truly assess its performance.The purpose of an internal audit is to ensure adherence topolicies, procedures and processes as determined by you, theorganization, and to confirm compliance with the requirementsof ISO 9001.Second party audits are usually carried out by customers orby others on their behalf, or you may carry them out on yourexternal providers. 2nd party audits can also be carried out byregulators or any other external party that has a formal interestin an organization.You may have little control over the timing and frequency ofthese audits, however establishing your own QMS will ensureyou are well prepared for their arrival.Audit Planning3rd Party – Certification AuditsDevising an audit schedule can sound like a complicatedexercise. Depending on the scale and complexity of youroperations, you may schedule internal audits anywhere fromevery month to once a year. There’s more detail on this insection 9 – performance evaluation.Third party audits are carried out by external bodies, usuallyUKAS accredited certification bodies such as NQA.Risk-based ThinkingThe best way to consider frequency of audits is to look at therisks involved in the process or business area to be audited.Any process which is high risk, either because it has a highpotential to go wrong or because the consequences wouldbe severe if it did go wrong, then you will want to audit thatprocess more frequently than a low risk process.How you assess risk is entirely up to you. ISO 9001 doesn’tdictate any particular method of risk assessment or riskmanagement. You may wish to review ISO 31000 for moreinformation on risk management.82nd Party – External AuditsISO 9001:2015 IMPLEMENTATION GUIDEThe certification body will assess conformance to the ISO9001:2015 standard. This involves a representative of thecertification body visiting the organization and assessing therelevant system and its processes. Maintaining certificationalso involves periodic reassessments.Certification demonstrates to customers that you have acommitment to quality.CERTIFICATION ASSURES: regular assessment to continually monitorand improve processes. credibility that the system can achieveits intended outcomes. reduced risk and uncertainty and increasemarket opportunities. consistency in the outputs designed to meetstakeholder expectations.
PROCESS BASEDTHINKING/AUDITA process is the transformation of inputs to outputs, which takes place as a series ofsteps or activities which result in the planned objective(s). Often the output of one processbecomes an input to another subsequent process. Very few processes operate in isolationfrom any other.“Process: set of interrelated or interactingactivities that use inputs to deliver anintended result.”ISO 9000:2015 Fundamentals and VocabularyEven an audit has a process approach. It begins withidentifying the scope and criteria, establishes a clear courseof action to achieve the outcome and has a defined output(the audit report). Using the process approach to auditing alsoensures the correct time and skills are allocated to the audit.This makes it an effective evaluation of the performance of theQMS.“Consistent and predictable results are achieved moreeffectively and efficiently when activities are understood andmanaged as interrelated processes that function as acoherent system.”ISO 9000:2015 Fundamentalsand VocabularyUnderstanding how processes interrelate and produceresults can help you to identify opportunities for improvementand thus optimise overall performance. This also applieswhere processes, or parts of processes, are outsourced.Understanding exactly how this affects or could affect theoutcome and communicating this clearly to the businesspartner (providing the outsourced product or service) ensuresclarity and accountability in the process.The final process step is to review the outcome of the auditand ensure the information obtained is put to good use. Aformal Management Review is the opportunity to reflect onthe performance of the QMS and to make decisions on howand where to improve. The Management Review process iscovered in more depth in Section 9 – performance evaluation. ISO 9001:2015 IMPLEMENTATION GUIDE9
ANNEX SLOne of the major changes introduced into the 2015 revision of ISO 9001 was the adoptionof Annex SL for the clause structure of the revised standard. Annex SL (previously knownas ISO Guide 83) was used within ISO by standards writers to provide a common corestructure for management system standards.ISO 27001 (Information Security Management SystemStandard) adopted this structure during its 2013 revision. ISO14001 (Environmental Management System Standard) alsoadopted this structure during its 2015 revision. The newlypublished ISO 45001 (Health and Safety Management SystemStandard) also follows this same common structure.Prior to the adoption of Annex SL there were many differencesbetween the clause structures, requirements and terms anddefinitions used across the various management systemstandards. This made it difficult for organizations to integratethe implementation and management of multiple standards;Environment, Quality, Health and Safety and InformationSecurity being among the most common.High Level StructureAnnex SL consists of 10 core clauses:1. Scope2. Normative references3. Terms and definitions4. Context of the organization5. Leadership6. Planning7. Support8. Operation9. Performance evaluation10. ImprovementOf these clauses, the common terms and coredefinitions cannot be changed. Requirements maynot be removed or altered, however discipline-specificrequirements and recommendations may be added.All management systems require a consideration ofthe context of the organization (more on this in section4); a set of objectives relevant to the discipline, in thiscase quality, and aligned with the strategic directionof the organization; a documented policy to supportthe management system and its aims; internal auditsand management review. Where multiple managementsystems are in place, many of these elements can becombined to address more than one standard.10ISO 9001:2015 IMPLEMENTATION GUIDE
SECTION 1:SCOPEA Quality Management System is primarilyintended to enhance customer satisfaction.It does this through the application of theprocesses determined by you as necessaryfor your operations, as well as theprocesses determined by the standard asnecessary for continuous improvement.A QMS aims to assure conformity tocustomer requirements and applicablelegal requirements.The intention is for all requirements (clauses) of the standardto be applicable irrespective of the size and nature of theorganization implementing the QMS. Whether you provide aproduct or a service, or a combination of both.There are times when certain clauses may become notapplicable. For example, where you do not carry out anydesign and development activities or where measurementtraceability, or any subsequent calibration of equipment, is notpart of your product or service. These have previously beenreferred to as ‘exclusions’ however the expectation here is thata justification will be made as to why the clause is deemed tobe not-applicable rather than simply being excluded fromthe QMS.ISO 9001:2015 IMPLEMENTATION GUIDE11
SECTION 2:NORMATIVEREFERENCES‘Normative references’ simply means any other documents which are referenced within themanagement system standard. In the case of ISO 9001:2015, there are many referencesmade to ISO 9000:2015 – Quality management systems - Fundamentals and vocabulary.This document explains the key concepts and defines the coreterminology used in ISO 9001:2015. Whilst it is not mandatoryto purchase ISO 9000:2015 alongside ISO 9001:2015, it can bevaluable in fully understanding the purpose of a QMS and increation and implementation of your unique system.There is an assumption throughout the standard that eachterm used is understood according to its definition describedin ISO 9000:2015.12ISO 9001:2015 IMPLEMENTATION GUIDE
SECTION 3:TERMS ANDDEFINITIONSThe terms and definitions used in ISO 9001:2015 are taken directly from ISO 9000:2015 –Quality management systems - Fundamentals and vocabulary.The key terms used throughout the standard are:‘Documented information’‘Product’– is any document, record or other information which isnecessary for the operation of processes or is required bythe quality management system. It can include photographs,diagrams, videos, process maps, standard operatingprocedures and can be on any medium i.e. paperor electronic.– this is the result of a process and may include servicesor advice. This is essentially what you provide toa customer.‘Process’– is a set of interrelated or interacting activities which usesinputs to deliver outputs. Processes are how you operate ona daily basis.‘Interested party’– is a person or organization that can affect, be affectedby or perceive themselves to be affected by your decisionsor activities.‘Audit’– is a systematic evaluation of whether or not processes areadhered to and whether or not those processes meet therequirements of the standard.‘Preventive action’‘Risk’– is action taken to prevent a potential non-conformity or otherundesired effect. This is usually a big part of the planningprocess and is helped along by activities such as processmapping, SWOT analysis and risk assessment.– is the effect of uncertainty. This can apply to any area ofoperations not just financial risks.‘Corrective action’‘Risk-based thinking’– is action taken to correct a mistake, or non-conformity,and to deal with any consequences. It should also preventrecurrence of the issue or any other potential issues.– is about planning your objectives and actions taking intoaccount the known risks and their potential effects. Theideal situation is to minimise the likelihood or impact ofunwanted outcomes.‘Objective’– is the result to be achieved. Objectives must be SMART –Specific, Measurable, Achievable, Realistic and Timely.‘External provider’– is any provider of external processes, products or services.This includes not only your direct suppliers of materials butalso anyone to whom you outsource processes or partsof processes. For example, an outsourced customercontact service.When you write your qualitymanagement system documentation,you don’t have to use these exactterms. However, it does help to clarifythe meaning and intention if youcan define the terms you have used.Providing a glossary within yoursystem documentation may be useful.ISO 9001:2015 IMPLEMENTATION GUIDE13 p
ISO 9001 belongs to the ISO 9000 family of standards. Some of these documents are intended for certification, others for guidance. The most commonly referred to of these, apart from ISO 9001, is ISO 9000 which describes the fundamental concepts and vocabulary of the quality management standards.
ISO 9001:2015 QMS and ISO 14001:2015 EMS and ISO 45001:2018 Internal audit 6. Principals of Quality Management System-ISO 9001:2015 7. ISO 9001 and 14001 and ISO 45001:2018 EQHSMS audit records 8. Table of Documented information Summary against ISO 9001:2015 and ISO 14001:2015 require
NQA-1-2000 NQA-1-2004 NQA-1-2008 processes to detect and correct quality problems. processes to detect and correct quality problems. detect and correct quality problems. (b) The program shall provide for indo
10CFR830.122/DOE O 414.1B NQA-1-1989 V/S NQA-1- 2000 REQUIREMENTS MATRIX 1 DOE O 414.1B/CFR 830.122 NQA-1-1989 NQA-1-2000 . The capabilities of a candidate for certification shall be initially determined by a suitable evaluation of the candidate's education, experience, training, and either test results or
ISO 9001.2015 & ISO 14001.2015 Gap Analysis Checklists* ISO 9001.2015 & ISO 14001.2015 Internal Audit Checklists* ISO 9001 & ISO 14001 Employee Newsletters *Sample Included. ISO 9001:2015 QUALITY MANAGEMENT SYSTEM ***** ISO 14001:2015 ENVIRONMENTAL MANAGEMENT SYSTEM ***** QMS - EMS MANUAL Your Company Name
ISO 9001:2015 QMS and ISO 14001:2015 EMS and OHSAS 18001 Internal audit 6. Principals of Quality Management System-ISO 9001:2015 7. ISO 9001 and 14001 and OHSAS 18001 EQHSMS audit records 8. Tables Table - 1 Documented information Summary against ISO 9001:2015 and ISO 14001:2015 requirements 9. Chemical Chart
ISO 9001:2015 vs ISO 9001:2008 Description: This document is provided by American System Registrar. It shows relevant clauses, side-by-side, of ISO 9001:2008 standard and the ISO 9001:2015 standard. Purpose / Usage: The purpose of the document is to highlight the changes between the new and old standard. Use this document to better understand
ISO 9001 requirements 2. A mapping between Quality Management System (QMS) requirements in ISO 9001:2008 and ISO 9001:2015 where the requirement is essentially the same 3. "Documented Information" has been adopted. Consequently, the The reverse mapping Table 1 will help if you are considering a transition project from ISO 9001:2008 to the .
ISO 9001:2015 Checklist with 9001:2008 Comparisons Ref. Questions from 9001:2015 . verified during the audit. This is a great list to take with you when each process is visited, audited. ISO 9001:2015 Checklist with 9001:2008 Comparisons Ref. Questions from 9001:2015
