9001:2015 guidance document for approved companies · pdf file9001:2015 guidance document for...
TRANSCRIPT
National Security Inspectorate
Sentinel House,
5 Reform Road
Maidenhead
SL6 8BY
Website: nsi.org.uk
Page 1 of 29
NSI 2016
9001:2015 Guidance document for
approved companies
June 2016
9001:2015 Guidance document for approved companies
June 2016 Page 2 of 29
NSI 2016
Contents
Introduction................................................................................................................................................................ 3
Basic principles of 9001:2015 .............................................................................................................................. 3
Risk based thinking ................................................................................................................................................. 4
Understanding context .......................................................................................................................................... 4
Increase in leaders involvement ........................................................................................................................ 5
Understanding needs & expectations of interested parties .................................................................... 6
Process approach ..................................................................................................................................................... 7
Documentation requirements ............................................................................................................................. 8
What do I do now? ............................................................................................................................................... 10
Step by step ............................................................................................................................................................ 11
New clauses ............................................................................................................................................................. 12
Appendix A: ISO 9001:2015 transition checklist ........................................................................................ 14
Instructions for use ........................................................................................................................................................................... 14
Part 1: ISO 9001:2015 requirements .......................................................................................................................................... 15
Appendix B: 9001: 2015 list of records required ....................................................................................... 24
Appendix C: 9001: 2015 documented information required ................................................................ 26
9001:2015 Guidance document for approved companies
June 2016 Page 3 of 29
NSI 2016
Introduction
As an approved company you are already used to working to written procedures and
processes. The revised 9001 doesnt change this but places emphasis on risk management and
there is less prescriptive requirements for documented procedures.
You may decide that you will keep your current quality management system and simply amend
it where necessary. Some of you may take this as an opportunity for a complete revamp. Either
course of action is entirely reasonable and this guidance document is simply going to walk
you through what the essential elements are that you need to address in order to take you
through to becoming 9001:2015 compliant.
First you need to understand what has changed and what this means to you.
Basic principles of 9001:2015
Plan Do Check Act is carried over as the main principle of 9001:2008 with amended
elements feeding into this. Some are new and some are enhanced ways of dealing with a
process approach.
There is less demand for prescriptive procedures but more expectations that companies will
determine their own documentation requirements.
Plan
Do
Check
Act
Risk Based Thinking
Context
Interested Parties
Leadership
Process Approach
Documentation Requirements
9001:2015 Guidance document for approved companies
June 2016 Page 4 of 29
NSI 2016
Risk based thinking
Implement risk management as part of your Quality Management System.
What does this mean?
There are risks in all processes in each business. Its understanding the impact of these
risks that needs to be considered.
Consider the opportunities that risks present too.
Many organizations will manage risk as part and parcel of their general management. Some
may decide to apply a specific risk model that is applied to each risk they identify. Documented
information needs to be in place to support that organizations have understood and managed
this in line with their business and their processes.
Examples of documented information regarding risk may include: A business plan, risk register,
reports on performance.
Understanding context
Approved companies will need to understand and identify all the influences that affect their
business. They must then ensure that their strategy and direction takes this into consideration,
this could be captured in a business plan.
Identify Risks
Consider Them
Control Them
9001:2015 Guidance document for approved companies
June 2016 Page 5 of 29
NSI 2016
Internal issues: corporate culture, governance, structure, technologies, information
systems, decision-making process.
External issues: cultural, social, political, legal, regulatory, financial, technological,
economic, competitive environment international, national or regional influences.
Process of monitoring: How do you monitor your business? What checks and supervision
are in place?
Impact of changes: How do you manage changes in the business and ensure they do
not have a negative impact.
All organizations will already consider the context. The standard is calling for recognizing this
in a wider sense, so that the processes you develop, change and work to have considered all
the above.
How will you evidence this? Through clear processes and documented information that will
demonstrate you have considered the business in this context. There is no requirement for a
specific document. It may be captured in a business plan or strategy document.
Increase in leaders involvement The standard continues to expect management commitment but removes one specific person
having this responsibility. It places greater ownership on the leaders spreading the
responsibility throughout the organization whilst maintaining full overall responsibility.
Internal and
External
Issues
Process of
Monitoring
Impact of
Changes
Understanding
Context and
the
organization
No longer specifies
a management
representative
All
areas/departments
will have
responsibility
Greater Leadership
Commitment
9001:2015 Guidance document for approved companies
June 2016 Page 6 of 29
NSI 2016
Things to consider:
Strategic Direction: Does the business know where its headed = you may produce a
business plan to define this;
Then create a quality policy and objectives that outline your intentions;
Customer Satisfaction being key to a companys success;
Review and define what your strengths and weaknesses are;
Consider the impact on delivery of products and services;
Based on this assign QMS responsibilities and authority;
Promote risk based thinking;
Final accountability.
How will you evidence this? Through documented information (you may already have this) and
processes that will produce evidence.
Understanding needs & expectations of interested parties
Each business will have its own interested parties and approved companies need to be clear
on those that are relevant.
No longer specifies a
management
representative
Groups or
individuals who
can make an
impact
Customers/public
Shareholders/Board
Members
Contractors/Suppliers
Key Concept
Customer Focus and Improvement
9001:2015 Guidance document for approved companies
June 2016 Page 7 of 29
NSI 2016
Organizations will have a number of influences and each will have a varying impact on them.
For example a supplier can significantly affect the ability to deliver on time to a customer. In
this case, a clear supplier agreement process needs to be established at the beginning to
ensure that the risks are understood and well managed.
Note: Refer to Annex A: A step by step guide on how to interpret each clause for more detail.
Process approach
This standard now expects organizations to use a process approach. Each business will have
different processes so they must reflect the business itself and not be generic. What does
process approach mean?
Process = A series of actions you take in order to achieve a result
As an approved company you are already doing this.