JARO Thermal ISO9001 2015 internal auditor training 20170118

JARO ISO9001:2015

Internal Auditor Training

Ryan Chen

Jan. 16, 2017

Quality is the foundation of any business relationship

Outlines

1. ISO9001:2015 Quality Management System2. The major new of ISO 9001: 20153. Skills for ISO9001:2015 internal Auditor

Quality is the shared responsibility within an organization

Quality is about process

Presenter

Presentation Notes

用过程的观点来审核

Foreword

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organization

5. Leadership

6. Planning

7. Support

8. Operation

9. Performance evaluation

10. Improvement

ISO9001:2015 Quality Management System

Quality is about data

Presenter

Presentation Notes


ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies).

The ISO 9000 family of quality management systems standards is designed to help organizations ensure that they meet the needs of customers and stakeholders while meeting statutory and regulatory requirements related to a product or program.

ISO 9000 deals with the fundamentals of quality management systems, including the seven quality management principles upon which the family of standards is based.

ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill.

This fifth edition (ISO 9001:2015) cancels and replaces the fourth edition (ISO 9001:2008)

ISO9001:2015 Quality Management SystemForeword

It is a strategic decision for an organization to adopt a quality

management system to improve its overall performance and provide a

sound basis for sustainable development initiatives. The potential

benefits are:

a) providing qualified products and services consistently;

b) facilitating opportunities to enhance customer satisfaction;

c) addressing risks and opportunities associated with its context and objectives;

d) demonstrating conformity to specified ISO9001:2015 requirements.

This International Standard employs the process approach, which incorporates

the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking.


Introduction -- General


Introduction -- What is Quality

Quality is meeting the requirements / expectations in service or product that we were committed to.

Other definition:

-- the systematic pursuit of perfect/excellence;

-- doing always better, the right things;

-- do the right thing, by the right way, for right reason, at the first time;

-- what the customer says it is;

-- compliance to a specification;

-- meeting customer requirement;

-- the true value of worth of an entity;


Introduction -- 7 Quality management principles


Introduction -- Process approach

To control the interrelationships and interdependencies among the processes of the system, so that the overall performance of the organization can be enhanced.

The application of the process approach in a QMS enables:a) Understanding and consistency in meeting requirements;b) The consideration of processes in terms of added value;c) The achievement of effective process performance;d) Improvement of processes based on evaluation of data and information.

Management of the processes and the system as a whole can be achieved byusing the PDCA cycle with an overall focus on Risk-based thinking aimed at taking advantage of opportunities and preventing undesirable results.


Introduction -- Process approach


Introduction -- Plan-Do-Check-Act cycle

The PDCA cycle can be applied to all processes and to the quality management system as a whole.

The PDCA cycle can be briefly described as follows:— Plan: establish the objectives of the system and its processes, and the resources needed to deliver results in accordance with customers’ requirements and the organization’s policies, and identify and address risks and opportunities;— Do: implement what was planned;— Check: monitor and (where applicable) measure processes and the resulting products and services against policies, objectives, requirements and planned activities, and report the results;— Act: take actions to improve performance, as necessary.


Introduction -- Plan-Do-Check-Act cycle


Introduction -- Risk-based thinking

Risk-based thinking is something we all do automatically and often sub-consciously.

The concept of risk is more explicit and built into the ISO9001:2015.

Risk-based thinking is already part of the process approach.

Risk – An undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.


Introduction -- Risk-based thinking

Organization needs to plan / implement actions to address risks & opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of QMS, achieving improved results and preventing negative effects.Opportunities can arise as a result of a situation favorable to achieving an intended result, for example, a set of circumstances that allow the organization to attract customers, develop new products and services, reduce waste or improve productivity.

Risk is the effect of uncertainty and any such uncertainty can have positive or negative effects.


1 Scope

The ISO 9001:2015 specifies requirements for a QMS when an organizations:• Need to demonstrate its ability to consistently provide products or services that

meet customer and applicable statutory and regulatory requirements, and • Aims to enhance customer satisfaction through the effective application of the

system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements

2 Normative references

ISO9000:2015 Quality Management Systems – Fundamental and vocabulary


3 Terms and definitions

• ‘Product’ is replaced by Products and Services• ‘Purchased Product’ --- Externally Provided Processes, Products and Services• ‘Work Environment’ --- Environment for the Operation of Processes

Important terms:

audit corrective action management system measurement objective policy

quality customer product service design and development … …



The organization shall determine external and internal issues that are relevant to

its purpose and its strategic direction and that affect its ability to achieve the

intended result(s) of its quality management system.

The organization shall monitor and review information about these external and

internal issues.

Issues can include positive and negative factors or conditions for consideration.

4.1 Understanding the organization and its context

External factors can arise from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local.

Internal factors may be related to values, culture, knowledge and performance of the organization



Due to their effect or potential effect on the organization’s ability to consistently

provide products and services that meet customer and applicable statutory and

regulatory requirements, the organization shall determine:

a) The interested parties that are relevant to the quality management system;

b) The requirements of these interested parties that are relevant to the QMS.

The organization shall monitor and review information about these interested

parties and their relevant requirements.

An ‘interested party’ is any person or organization that can affect, be affected by, or

perceive themselves to be affected by the decisions or activities of organization.

4.2 Understanding the needs and expectations of interested parties

shareholders, employees, contractors, customers, end users, suppliers, regulators, neighbors, Non-Governmental Organization, Parent organizations … etc.



The organization shall determine the boundaries and applicability of the QMS.

When determining this scope, the organization shall consider:

a) The external and internal issues referred to in 4.1;

b) The requirements of relevant interested parties referred to in 4.2;

c) The products and services of the organization.

4.3 Determining the scope of the quality management system

The ‘not applicable’ shall not affect its ability to supply products or services which comply with client requirements, or adversely affect its ability to enhance customer satisfaction.

The scope shall state the types of products and services covered, and provide justification

for any requirement of this International Standard that the organization determines is not

applicable to the scope of its quality management system.

ISO9001:2015 Quality Management System4. Context of the organization

The organization shall establish, implement, maintain and continually improve a QMS, including the processes needed and their interactions.

The organization shall determine the processes needed for the QMS and shall:

a) determine the inputs required and the outputs expected from these processes;

b) determine the sequence and interaction of these processes;

c) determine and apply the criteria and methods (including monitoring, measurements and

performance indicators) needed to ensure the effective operation & control of the processes;

d) determine the resources needed for these processes and ensure their availability;

e) assign the responsibilities and authorities for these processes;

f) address the risks & opportunities as determined in accordance with the requirements of 6.1

g) evaluate these processes and implement any changes needed to ensure that these processes

achieve their intended results;

h) improve the processes and the quality management system.

4.4 Quality management system and its processes

Documented information shall be retained to have confidence that the processes are being carried out as planned.

ISO9001:2015 Quality Management System5. Leadership

Top management shall demonstrate leadership and commitment with respect to the QMS by:

a) taking accountability for the effectiveness of the quality management system;

b) ensuring that the quality policy and quality objectives are established for the QMS and are compatible with the context and strategic direction of the organization;

c) ensuring the integration of the QMS requirements into the organization’s business processes;

d) promoting the use of the process approach and risk-based thinking;

e) ensuring that the resources needed for the quality management system are available;

f) communicating the importance of effective quality management and of conforming to the QMS requirements;

g) ensuring that the quality management system achieves its intended results;

h) engaging, directing and supporting persons to contribute to the effectiveness of the QMS;

i) promoting improvement;

j) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

5.1 Leadership and commitment -- General


Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:

a) customer and applicable statutory and regulatory requirements are

determined, understood and consistently met;

b) the risks & opportunities that can affect the conformity of products & services and the ability to enhance customer satisfaction are determined & addressed;

c) the focus on enhancing customer satisfaction is maintained.

5.1 Leadership and commitment -- Customer focus


Top management shall establish, implement and maintain a quality policy that:

a) is appropriate to the purpose & context of the organization and supports its strategic direction;

b) provides a framework for setting quality objectives;

c) includes a commitment to satisfy applicable requirements;

d) includes a commitment to continual improvement of the quality management system.

5.2 Policy -- Establishing the quality policy

5.2 Policy -- Communicating the quality policy

The quality policy shall:a) be available and be maintained as documented information;b) be communicated, understood and applied within the organization;c) be available to relevant interested parties, as appropriate. (such as available on website)

Quality Policy is an important document because it acts as the driver for the organization. It provides the direction and formally establishes goals and commitment. Top management should ensure the policy is appropriate and compatible with strategic direction.

ISO9001:2015 Quality Management System6. Planning

When planning for the QMS, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

a) give assurance that the QMS can achieve its intended result(s);

b) enhance desirable effects;

c) prevent, or reduce, undesired effects;

d) achieve improvement.

6.1 Actions to address risks and opportunities

The organization shall plan:

a) actions to address these risks and opportunities;

b) how to:

1) integrate and implement the actions into its QMS processes (see 4.4);

2) evaluate the effectiveness of these actions.

Actions shall be proportionate to the potential impact on the conformity of products and services.

Options to address risks can include:• Avoiding risk, • Taking risk in order to pursue an opportunity,• Eliminating the risk source, • Changing the likelihood or consequences, • Sharing the risk, • Retaining risk by informed decision.

Risk registers is a well-established approach to manage risks and opportunities across the organization.

Need consider both its ‘context’ & ‘interested parties’ to integratethe QMS into its business


The organization shall establish quality objectives at relevant functions, levels and processes

needed for the quality management system, the quality objectives shall:

a) be consistent with the quality policy;

b) be measurable;

c) take into account applicable requirements;

d) be relevant to conformity of products & services and to enhancing of customer satisfaction;

e) be monitored;

f) be communicated;

g) be updated as appropriate.

6.2 Quality objectives and planning to achieve them

When planning how to achieve its quality objectives, the organization shall determine:

a) what will be done; b) what resources will be required; c) who will be responsible;

d) when it will be completed; e) how the results will be evaluated.

Organizations will have to demonstrate that the personnel to whom responsibility for quality objectives has been given are aware of what their responsibilities are and have been given the resources to achieve those objectives.


When the organization determines the need for changes to the QMS, the changes shall be carried out in a planned manner (see 4.4).

The organization shall consider:

a) the purpose of the changes and their potential consequences;

b) the integrity of the quality management system;

c) the availability of resources;

d) the allocation or reallocation of responsibilities and authorities.

6.3 Planning of changes

ISO9001:2015 Quality Management System7. Support

The organization shall determine and provide the resources needed for the

establishment, implementation, maintenance and continual improvement of

the QMS. The organization shall consider:

a) The capabilities of, and constraints on, existing internal resources;

b) What needs to be obtained from external providers.

7.1 Resources -- 7.1.1 General

The organization shall determine & provide the persons necessary for the effective

implementation of its QMS and for the operation and control of its processes.

7.1 Resources -- 7.1.2 People

The organization needs to take into account both internal & external resource requirements & capabilities.


The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services. Infrastructure can include:

a) Buildings and associated utilities;

b) Equipment, including hardware and software;

c) Transportation resources;

d) Information and communication technology.

7.1 Resources -- 7.1.3 Infrastructure


The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services.

A suitable environment can be a combination of human and physical factors, such as:

a) Social (e.g. non-discriminatory, calm, non-confrontational);

b) Psychological (e.g. stress-reducing, burnout prevention, emotionally protective);

c) Physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise).

These factors can differ substantially depending on the products and services provided.

7.1 Resources -- 7.1.4 Environment for the operation of processes


The organization shall determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements.

7.1 Resources -- 7.1.5 Monitoring and measuring resources -- General

The organization shall ensure that the resources provided are

a) suitable for the specific type of monitoring & measurement activities being undertaken;

b) maintained to ensure their continuing fitness for their purpose.

The organization shall retain appropriate documented information as evidence of fitness for purpose of the monitoring and measurement resources.

There is now a greater emphasis on monitoring and measuring ‘resources’ rather than just equipment. In this context, resources would include personnel, training, workplace environment, etc.

ISO9001:2015 Quality Management System7. Support7.1 Resources -- 7.1.5 Monitoring and measuring resources

-- Measurement traceabilityWhen measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in the validity of measurement results, measuring equipment shall be:

a) Calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; (when no such standards

exist, the basis used for calibration or verification shall be retained as documented information);

b) Identified in order to determine their status;

c) Safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results.

The organization shall determine if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose, and shall take appropriate action as necessary.


7.1 Resources -- 7.1.6 Organizational knowledgeThe organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.

This knowledge shall be maintained and be made available to the extent necessary.

When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates.

NOTE 1 Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization’s objectives.

NOTE 2 Organizational knowledge can be based on:

a) Internal sources (e.g. intellectual property; knowledge gained from experience; lessons learned from failures and successful projects; capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products and services);

b) External sources ( e.g. standards; academia; conferences; gathering knowledge from customers or external providers).


The organization shall:

a) Determine the necessary competence of person(s) doing work under its control that

affects the performance and effectiveness of the QMS;

b) Ensure that these persons are competent on the basis of appropriate education,

training, or experience;

c) Where applicable, take actions to acquire the necessary competence, and evaluate the

effectiveness of the actions taken;

d) Retain appropriate documented information as evidence of competence.

Applicable actions can include -- the provision of training to, the mentoring of, or the reassignment of currently employed persons; or the hiring or contracting of competent persons

7.2 Competence

Now this apply to all/any personnel ‘under its control’ that affect the organization's performance. This will include any sub-contract, as well as anyone undertaking outsourced processes and functions.


The organization shall ensure that persons doing work under the organization’s control are aware of:

a) The quality policy;

b) Relevant quality objectives;

c) Their contribution to the effectiveness of the QMS, including the benefits of improved

performance;

d) The implications of not conforming with the QMS requirements.

7.3 Awareness

‘Under the organization’s control’ means including any sub-contract, as well as anyone undertaking outsourced processes and functions.


The organization shall determine the internal and external communications relevant to the quality management system, including:

a) on what it will communicate;

b) when to communicate;

c) with whom to communicate;

d) how to communicate;

e) who communicates.

7.4 Communication

Changes in the QMS should be communicated appropriately to interested parties and should identify appropriate levels of re-training.

Mechanisms for communication could include; meetings, notice boards, in-house publications, awareness raising seminars, toolbox talks, intranet, email, etc.


The organization’s quality management system shall include:a) Documented information required by this International Standard;

b) Documented information determined by the organization.

7.5 Documented information -- 7.5.1 General

When creating & updating documented information, the organization shall ensure appropriate

a) Identification and description (e.g. a title, date, author, or reference number);

b) Format (e.g. language, software version, graphics) and media (e.g. paper, electronic);

c) Review and approval for suitability and adequacy.

7.5 Documented information -- 7.5.2 Creating and updating

The extent of documented information for a QMS can differ from one organization to another due to:— the size of organization and its type of activities, processes, products and services;— the complexity of processes and their interactions;— the competence of persons.

“documented information” now replaces the previously used terms “documented procedure” & “records”.


Documented information required by shall be controlled to ensure:

a) It is available and suitable for use, where and when it is needed;

b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5 Documented information -- 7.5.3 Control of documented information

At the same time, the organization shall address the following activities, as applicable:

a) distribution, access, retrieval and use;

b) storage and preservation, including preservation of legibility;

c) control of changes (e.g. version control);

d) retention and disposition.

Documented information of external origin needed shall be identified as appropriate, and be controlled.

Documented information retained as evidence of conformity shall be protected from unintended alterations.

Access can imply -- the permission to view the documented information only, or to view and change it.

ISO9001:2015 Quality Management System8. Operation

Shall plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6, by:

a) Determining the requirements for the products and services;

b) Establishing criteria for:

1) the processes; 2) the acceptance of products and services;

c) Determining the resources needed to achieve conformity to the product & service requirements;

d) Implementing control of the processes in accordance with the criteria;

e) Determining, maintaining and retaining documented information to the extent necessary:

1) to have confidence that the processes have been carried out as planned;

2) to demonstrate the conformity of products and services to their requirements.

8.1 Operational planning and control

The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary, and shall ensure that outsourced processes are controlled

The processes mentioned here include the outsourced processes.


Communication with customers shall include:

a) Providing information relating to products and services;

b) Handling enquiries, contracts or orders, including changes;

c) Obtaining customer feedback relating to products and services, including customer complaints;

d) Handling or controlling customer property;

e) Establishing specific requirements for contingency actions, when relevant.

8.2 Requirements for products and services

- 8.2.1 Customer communication

Organizations will need to demonstrate that they have a controlled methodology in place for communicating with clients and that these processes are systematically and consistently carried out.


When determining the requirements for the products and services to be offered

to customers, the organization shall ensure that:

a) The requirements for the products and services are defined, including:

1) any applicable statutory and regulatory requirements;

2) those considered necessary by the organization;

b) The organization can meet the claims for the products and services it offers.

8.2 Requirements for products and services- 8.2.2 Determining the requirements for products and services

Any claims made about products and services shall can be proved or demonstrated, and the claim includes direct communication with clients, technical product information, marketing materials, etc.


Shall ensure that it has the ability to meet the requirements for products & services, and shall conduct a review before committing to supply products & services, to include:

a) Requirements specified by the customer, including for delivery and post-delivery

b) Requirements not stated by the customer, but necessary for the specified or intended use, when known;

c) Requirements specified by the organization;

d) Statutory and regulatory requirements applicable to the products and services;

e) Contract or order requirements differing from those previously expressed.

8.2 Requirements for products and services- 8.2.3 Review of the requirements for products and services

*Shall ensure that contract or order requirements differing from those previously defined are resolved.

*The customer’s requirements shall be confirmed by the organization before acceptance, when thecustomer does not provide a documented statement of their requirements.

The organization shall retain documented information, as applicable:a) on the results of the review; b) on any new requirements for the products and services.

ISO9001:2015 Quality Management System8. Operation8.2 Requirements for products and services

- 8.2.4 Changes to requirements for products and services

The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.

The details of changes to requirements and review of those changes has to be retained as documented information

ISO9001:2015 Quality Management System8. Operation8.3 Design and development of products and servicesThe organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services

- 8.3.2 Design and development planning

In determining the stages & controls for design & development, organization shall consider:a) The nature, duration and complexity of the design and development activities;b) The required process stages, including applicable design and development reviews;c) The required design and development verification and validation activities;d) The responsibilities and authorities involved in the design and development process;e) The internal and external resource needs for the design and development of products and services;f) The need to control interfaces between persons involved in the design and development process;g) The need for involvement of customers and users in the design and development process;h) The requirements for subsequent provision of products and services;i) The level of control expected for the design & development process by customers and other parties;j) The documented information needed to demonstrate meeting design & development requirements.

- 8.3.1 General

ISO9001:2015 Quality Management System8. Operation8.3 Design and development of products and services- 8.3.3 Design and development inputs

Shall determine the requirements essential for the specific types of products and services to be designed and developed. The organization shall consider:a) Functional and performance requirements;b) Information derived from previous similar design and development activities;c) Statutory and regulatory requirements;;d) Standards or codes of practice that the organization has committed to implement;e) Potential consequences of failure due to the nature of the products and services.* Inputs shall be adequate for design & development purposes, complete & unambiguous.* Conflicting design and development inputs shall be resolved.* Shall retain documented information on design and development inputs.

ISO9001:2015 Quality Management System8. Operation8.3 Design and development of products and services- 8.3.4 Design and development controls

Shall apply controls to the design and development process to ensure that:a) The results to be achieved are defined;b) Reviews are conducted to evaluate the ability of the results of design and development

to meet requirements;c) Verification activities are conducted to ensure that the design and development

outputs meet the input requirements;d) Validation activities are conducted to ensure that the resulting products and services

meet the requirements for the specified application or intended use;e) Any necessary actions are taken on problems determined during the reviews, or

verification and validation activities;f) Documented information of these activities is retained.

Design & development reviews, verification & validation have distinct purposes. They can be conducted separately or in any combination, as is suitable for the products and services of the organization.

ISO9001:2015 Quality Management System8. Operation8.3 Design and development of products and services- 8.3.5 Design and development outputs

The organization shall ensure that design and development outputs:a) Meet the input requirements;b) Are adequate for the subsequent processes for the provision of products and services;c) Include or reference monitoring and measuring requirements, as appropriate, and

acceptance criteria;d) Specify the characteristics of the products and services that are essential for their

intended purpose and their safe and proper provision.The organization shall retain documented information on design and development outputs.

ISO9001:2015 Quality Management System8. Operation8.3 Design and development of products and services- 8.3.6 Design and development changes

The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.

The organization shall retain documented information on:a) Design and development changes;b) The results of reviews;c) The authorization of the changes;d) The actions taken to prevent adverse impacts.

ISO9001:2015 Quality Management System8. Operation8.4 Control of externally provided processes, products and services

Shall ensure that externally provided processes, products & services conform to requirements.Shall determine the controls to be applied to externally provided processes, products & services when:a) Products and services from external providers are intended for incorporation into the

organization’s own products and services;b) Products and services are provided directly to the customer(s) by external providers on

behalf of the organization;c) A process, or part of a process, is provided by an external provider as a result of a decision

by the organization.

- 8.4.1 General

The organization shall determine and apply criteria for the evaluation, selection, monitoring ofperformance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements. The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.


The organization shall ensure that externally provided processes, products and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers.The organization shall:a) Ensure that externally provided processes remain within the control of its QMS;b) Define both the controls that it intends to apply to an external provider and those it intends

to apply to the resulting output;c) Take into consideration:

1) the potential impact of the externally provided processes, products and services on theorganization’s ability to consistently meet customer and applicable legal requirements;

2) the effectiveness of the controls applied by the external provider;d) Determine the verification, or other activities, necessary to ensure that the externally

provided processes, products and services meet requirements.

- 8.4.2 Type and extent of control

Not all external providers have the same impact on the final product/service


The organization shall ensure the adequacy of requirements prior to their communication to the external provider.The organization shall communicate to external providers its requirements for:a) The processes, products and services to be provided;b) The approval of:

1) products and services;2) methods, processes and equipment;3) the release of products and services;

c) Competence, including any required qualification of persons;d) The external providers’ interactions with the organization;e) Control & monitoring of the external providers’ performance to be applied by the

organization;f) Verification or validation activities that the organization, or its customer, intends to perform

at the external providers’ premises.

- 8.4.3 Information for external providers

ISO9001:2015 Quality Management System8. Operation8.5 Production and service provision

The organization shall implement production and service provision under controlled conditions. Controlled conditions shall include, as applicable:a) The availability of documented information that defines:

1) the characteristics of the products to be produced, the services to be provided, or the activities to be performed;

2) the results to be achieved;b) The availability and use of suitable monitoring and measuring resources;c) The implementation of monitoring and measurement activities at appropriate stages to

verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met;

d) The use of suitable infrastructure and environment for the operation of processes;e) The appointment of competent persons, including any required qualification;

- 8.5.1 Control of production and service provision


…, Controlled conditions shall include, as applicable:f) The validation, and periodic revalidation, of the ability to achieve planned results of the

processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement;

g) The implementation of actions to prevent human error;h) The implementation of release, delivery and post-delivery activities.

- 8.5.1 Control of production and service provision

- 8.5.2 Identification and traceability

The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services. The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability.


• The organization shall exercise care with property belonging to customers or external providers while it is under the organization’s control or being used by the organization.

• The organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products and services.

• When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred.

- 8.5.3 Property belonging to customers or external providers

- 8.5.4 PreservationThe organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements.Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.

Include materials, components, tools & equipment, premises, intellectual property & personal data

ISO9001:2015 Quality Management System8. Operation8.5 Production and service provisionShall meet requirements for post-delivery activities associated with the products & services.In determining the post-delivery activities that are required, the organization shall consider:a) statutory and regulatory requirements;b) the potential undesired consequences associated with its products and services;c) the nature, use and intended lifetime of its products and services;d) customer requirements;e) customer feedback.

- 8.5.5 Post-delivery activities

- 8.5.6 Control of changesThe organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements.Shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

Post-delivery activities can include actions under warranty provisions, contractual obligations suchas maintenance services, and supplementary services such as recycling or final disposal

(in a controlled manner)

ISO9001:2015 Quality Management System8. Operation8.6 Release of products and servicesThe organization shall implement planned arrangements, at appropriate stages, to verifythat the product and service requirements have been met.

The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.

The organization shall retain documented information on the release of products and services. The documented information shall include:

a) Evidence of conformity with the acceptance criteria;b) Traceability to the person(s) authorizing the release.

ISO9001:2015 Quality Management System8. Operation8.7 Control of nonconforming outputsThe organization shall ensure that outputs that do not conform to their requirements areidentified and controlled to prevent their unintended use or delivery.

The organization shall take appropriate action based on the nature of the nonconformityand its effect on the conformity of products and services. This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services.

Shall deal with nonconforming outputs in one or more of the following ways:a) correction;b) segregation, containment, return or suspension of provision of products and services;c) informing the customer;d) obtaining authorization for acceptance under concession.Conformity to requirements shall be verified when nonconforming outputs are corrected.

Options can include scrapping, supplying under concession, alternative uses, product rework or recall

ISO9001:2015 Quality Management System8. Operation8.7 Control of nonconforming outputsThe organization shall retain documented information that:a) Describes the nonconformity;b) Describes the actions taken;c) Describes any concessions obtained;d) Identifies the authority deciding the action in respect of the nonconformity.

ISO9001:2015 Quality Management System9. Performance evaluation9.1 Monitoring, measurement, analysis and evaluationThe organization shall determine:a) What needs to be monitored and measured;b) The methods for monitoring, measurement, analysis and evaluation needed to ensure valid results;c) When the monitoring and measuring shall be performed;d) When the results from monitoring and measurement shall be analyzed and evaluated.

The organization shall evaluate the performance and the effectiveness of the QMS.The organization shall retain appropriate documented information as evidence of the results.

- 9.1.1 General

- 9.1.2 Customer satisfactionThe organization shall monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled. The organization shall determine the methods for obtaining, monitoring and reviewing this information.

Examples can include customer surveys, customer feedback on delivered products and services, meetings with customers, market-share analysis, compliments, warranty claims and dealer reports.

ISO9001:2015 Quality Management System9. Performance evaluation9.1 Monitoring, measurement, analysis and evaluation

The organization shall analyze and evaluate appropriate data and information arising from monitoring and measurement.The results of analysis shall be used to evaluate:

a) Conformity of products and services;b) the degree of customer satisfaction;c) the performance and effectiveness of the quality management system;d) if planning has been implemented effectively;e) the effectiveness of actions taken to address risks and opportunities;f) the performance of external providers;g) the need for improvements to the quality management system.

Methods to analyze data can include statistical techniques

- 9.1.3 Analysis and evaluation

As a minimum, analysis should be performed in relation to customers, product conformance, processes and supplier performance.

ISO9001:2015 Quality Management System9. Performance evaluation9.2 Internal auditShall conduct internal audits at planned intervals to provide information on whether QMS:a) Conforms to:

1) the organization’s own requirements for its quality management system;2) the requirements of this International Standard;

b) is effectively implemented and maintained.

The organization shall:a) plan, establish, implement and maintain an audit programme including the frequency,

methods, responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits;

b) define the audit criteria and scope for each audit;c) select auditors & conduct audits to ensure objectivity & impartiality of the audit process;d) ensure that the results of the audits are reported to relevant management;e) take appropriate correction and corrective actions without undue delay;f) retain documented information as evidence of the implementation and the audit results.

ISO9001:2015 Quality Management System9. Performance evaluation9.3 Management reviewTop management shall review the QMS, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction.The management review inputs shall take into consideration:a) the status of actions from previous management reviews;b) changes in external and internal issues that are relevant to the QMS;c) information on the performance and effectiveness of the QMS, including trends in:

1) customer satisfaction and feedback from relevant interested parties;2) the extent to which quality objectives have been met;3) process performance and conformity of products and services;4) nonconformities and corrective actions;5) monitoring and measurement results;6) audit results;7) the performance of external providers;

d) the adequacy of resources;e) the effectiveness of actions taken to address risks and opportunities (see 6.1);f) opportunities for improvement.

These broader organizational issues (organizational context and actions to address risks & opportunities) shall be integrated into the review process.

ISO9001:2015 Quality Management System9. Performance evaluation9.3 Management reviewThe management review outputs shall include decisions and actions related to:a) opportunities for improvement;b) any need for changes to the quality management system;c) resource needs.Documented information as evidence of the results of management reviews shall be retained

ISO9001:2015 Quality Management System10. Improvement10.1 GeneralThe organization shall determine & select opportunities for improvement and implementany necessary actions to meet customer requirements and enhance customer satisfaction.These shall include:a) Improving products and services to meet requirements as well as to address future

needs and expectations;b) Correcting, preventing or reducing undesired effects;c) Improving the performance and effectiveness of the QMS.

Improvement can include correction, corrective action, continual improvement, breakthrough change, innovation and re-organization.

ISO9001:2015 Quality Management System10. Improvement10.2 Nonconformity and corrective actionWhen a nonconformity occurs, including any arising from complaints, the organization shall:a) React to the nonconformity and, as applicable:

1) take action to control and correct it; 2) deal with the consequences;

b) Evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:1) reviewing and analyzing the nonconformity;2) determining the causes of the nonconformity;3) determining if similar nonconformities exist, or could potentially occur;

c) Implement any action needed;d) Review the effectiveness of any corrective action taken;e) Update risks and opportunities determined during planning, if necessary;f) Make changes to the quality management system, if necessary.

Corrective actions shall be appropriate to the effects of the nonconformities encountered with considering both the type and level of risk

The organization shall retain documented information as evidence of:a) the nature of the nonconformities and any subsequent actions taken;b) the results of any corrective action.

ISO9001:2015 Quality Management System10. Improvement10.3 Continual improvementThe organization shall continually improve the suitability, adequacy and effectiveness of the quality management system.

The organization shall consider the results of analysis and evaluation, and the outputs frommanagement review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.

Improvement does not have to take place in all areas of the business at the same time. Focus should be relevant to risks and benefits. Improvement can be incremental (small changes) or breakthrough (new technology).

The major new of ISO 9001: 2015

1. Adoption of the Annex SL framework and core text.

2. Organization’s ‘context’ and associated internal and external issues

3. Major differences in terminology between ISO 9001:2008 and ISO 9001:2015

4. Highlight/emphasize potential risks and opportunities.

5. Top management need to show the direct leadership in QMS. No ISO M.R.

6. Risk based approach to determine type & extent of control external providers.

7. ‘Documented Information’ – no more Quality Manual, Procedures or Records.

8. Organizational knowledge

Presenter

Presentation Notes


1. Adoption of the Annex SL framework and core text.


Note: other management system have the same Annex SL framework and core text: (ISO14001 Environmental / OHSAS 18001 Occupation Health and Safety …)

Presenter

Presentation Notes



The ‘context’ of the organization refers to the combination of internal and external factors and conditions that can have an effect on an organization's approach to its products and/or services. The design & implementation of QMS will be influenced by its context.

External factors can arise from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local.

Internal factors is related to values, culture, knowledge & performance of the organization


Presenter

Presentation Notes



Internal and External Issues • Key economic and market development which can impact on the organization; your

organization is probably acutely aware of what is happening in its markets but it may be undertaken in a very ad-hoc way

• Technological innovations and developments; this is also an area critical to your business success and is also probably being monitored and discussed at numerous levels

• Regulatory developments; a whole range of external regulations are being monitored by your organization. If you miss them then it could seriously damage your business, or if you capture early intelligence on them, you could realize better opportunities.

• Political and other instabilities; if for example you rely on raw materials from one particular country which experiences major instability, your whole business could be jeopardized; or if there are major ethical concerns regarding a source of materials or goods

• Organizational culture and attitudes; an effective and motivated workforce will give you positive impacts, and many organizations canvas feedback from employees


Presenter

Presentation Notes


3. Major differences in terminology between ISO 9001:2008 and ISO 9001:2015

Risk-based thinkingOrganizational knowledge


Presenter

Presentation Notes


4. Highlight/emphasize potential risks and opportunities

This is a new requirement which obliges organizations to identify those risks and opportunities (considering external and internal issues that are relevant to its context, as

well as the needs of interested parties) that have the potential to impact (negatively or positively) on the operation and performance of their QMS. In order to:

• Ensure that its management system can achieve its intended outcome(s)• Prevent, or reduce, undesired effects• Achieve improvement

Based on the results of this assessment, organizations then have to:

• Take action to address any risks and opportunities identified

• Integrate and implement these actions into their QMS processes

• Evaluate the effectiveness of the actions taken

Note: A well-established approach already implemented by many organizations is the use of risk registers, which if properly managed and implemented can effectively manage risks and opportunities across a wide range of areas and issues.


Presenter

Presentation Notes


4. Highlight/emphasize potential risks and opportunities


Presenter

Presentation Notes


5. Top management need to show the direct leadership in QMS. No ISO M.R.

Top management are now required to demonstrate a greater direct involvement in the organisation’s QMS and remove the need for a ‘Management Representative’;

Top management must show leadership rather than just demonstrate commitment.

Top management can’t just effectively delegate the responsibility for QMS to M.R. The standard is driving the oversight of the QMS to the highest level and making it a key component of the organization and its core business processes and activities.


Presenter

Presentation Notes


6. Risk based approach to determine type & extent of control external providers.

When defining the controls to be applied to external providers themselves and to

the products and services they supply, the organizations shall consider:

• The potential impact of the externally provided processes, products and services on

the organization's ability to …..

• The perceived effectiveness of the controls applied by the external providers themselves.

(Not all suppliers have the same impact on the final product/service)


Presenter

Presentation Notes


7. ‘Documented Information’ – no more Quality Manual, Procedures or Records.

The extent of documented information required is due to:

• The size of organization and its type of activities, processes, products & services

• The complexity of processes and their interactions

• The competence of organizational personnel.

The “documented information” need to be controlled, including adequate protection “...from loss of confidentiality, improper use, or loss of integrity”.

Control of ‘access’ to documented information -- view or view and change.

Organizations need think where documented information is critical for the QMS.


Presenter

Presentation Notes


8. Organizational knowledge.

The organizations need to determine and maintain the knowledge obtained by the organization (including its personnel) to ensure that it can achieve conformity of products and services.

This knowledge needs to be maintained and made available where and when necessary. It is up to the organization to decide how to do this.

When planning changes to its QMS or operational activities, an organization is required to assess whether its existing organizational knowledge is sufficient to satisfactorily manage these changes or if it needs to obtain additional knowledge and take steps to get it if necessary.


Presenter

Presentation Notes


Concepts and Principles

Processes of Audit

Documents of Audit

Audit Skills

Auditor Tips

Skills for ISO9001:2015 Internal Auditor

A – Achieve / Accurate U – Up to dateD – Diligent (hard working)I – Intelligent / Impartial / Independent

T – Tactful / TransparentO – Objectives / HonestR -- Responsible

Presenter

Presentation Notes



1 . Audit –

A systematic, independent and documented process for obtaining audit

evidence and evaluating it objectively to determine the extent to which

audit criteria are fulfilled.

• First part audit – internal audit

• Second part audit – customer audit

• Third part audit – independent organization audit

(second part audit and third part audit are belong to external audit)


Presenter

Presentation Notes


Conduct audits per audit schedule

Contact appropriate personnel in the area being audited to establish specific date/time and agenda for audit

Review information related to the area being audited

Prepare a checklist of questions to guide the audit process

Collect objective evidence to support audit findings

Report the results of the audit in a timely manner

Organize verification of corrective actions to audit non-conformances

2. Auditor Responsibilities –



Presenter

Presentation Notes


Adequacy – are the requirements of the quality system standard recognized and addressed/understood?

Conformance – are we consistently following our system as defined?

Effectiveness – are we meeting requirements/objectives and satisfying our customers by following our system?

Continual Improvement – are we striving to increase the capability of achieving requirements/objectives of systems towards enhancing customer satisfaction?

3. Four Audit Evaluators –



Presenter

Presentation Notes


Requirement is not being followed

Reactive opportunity to improve the QMS

Audit nonconformance report provides record of current condition to allow comparison after action is taken.

4. Audit nonconformance



Presenter

Presentation Notes


Purpose of process must be clearly understood, (objectives)

Desired outcome from process must be defined, (goals)

Process outcomes must be measured, (results)

Individual processes and their objectives should relate to overall QMS quality objectives.

5. Challenges of Auditing for Effectiveness



Presenter

Presentation Notes


Opening Meeting

Conduct Audit

Auditor Team Meeting

Closing Meeting

Reporting

Follow up after Audit


Processes of Audit

Presenter

Presentation Notes


To confirm:

Audit objectives, scope, criteria, plan,…

Method of reporting

Conditions on which the audit can be terminated

Appeal mechanism


Processes of Audit -- Opening Meeting

Presenter

Presentation Notes


Identify the items/finding that they consider should be reported and check that they have sufficient evidence

Collects and discusses all the nonconformities to be raised

Decides whether major, minor or observation

Checks on conformity and good points

Allocates writing of NCR’s


Processes of Audit -- Auditor Team Meeting

Presenter

Presentation Notes


To reiterate/repeat the audit basis

• Audit objectives, scope, criteria

To report:

• Audit coverage (against plan)

• Audit findings

• Overall comments

• Audit conclusions

To Confirm

• Follow-up agenda


Processes of Audit -- Closing Meeting

Presenter

Presentation Notes


Follow-up audit: to close out audit findings

Verify completion of agreed corrective actions

Verify effectiveness of agreed corrective actions


Processes of Audit -- Follow-up after audit

Presenter

Presentation Notes


Audit Plan

Audit Plan is a detailed time schedule for who will conduct what activities for a single audit

Identify all the key processes and activities and allocate the time to audit

Audit Checklists

Checklists guide the auditor through the audit and to cover all the main points

Useful as a record of the topics covered as auditors can put comments against each point


Documents of Audit

Presenter

Presentation Notes


Audit Report

Audit basis (objective, scope, criteria, time/duration, auditors)

Audit finding

Audit team’s overall comments, including:

Strength/Concerned areas/Areas for further improvement

Audit team’s recommendation

Follow-up agenda


Documents of Audit

Presenter

Presentation Notes


Process Auditing


Audit skill

Presenter

Presentation Notes


Questioning sequence

Who

When

What

Where

How

What if

Why

How good, how frequent

Any correction, any improvement

Audit Skills


Presenter

Presentation Notes


Questioning techniques

Open questions (please describe…)

Closed questions (Do/Have you …; yes or no ?)

Leading questions (is it correct ?)

Hypothetical questions (what if ?)

Repeat questions

Short silence

Audit Skills


Presenter

Presentation Notes


Evidence verification

Fact-finding

Examine all related processes

Evaluate it objectively (against audit criteria)

Weighing of audit findings

Risk Level

Probability of recurrence

Consequence

Audit Skills


Presenter

Presentation Notes


To get effective corrective action

Helps people understand the problem.

Acts as starting point for problem solving.

Formula for documenting Non-conformances Concern – what condition was identified during audit; Requirement – defines “what should be” (based on requirements of

ISO9001, customers, quality manual, procedure, instructions) Evidence – supports non-fulfillment of requirement;

Example:From the STAR system, the technical drawing of XXX could not be linked, as per requirement of XXX, technical drawing shall be linked from STAR.

The Purpose of Writing a Nonconformance

Audit Skills


Presenter

Presentation Notes


Actions taken to eliminate the causes of a detected nonconformance to prevent recurrence.

Manager of the area where nonconformance was identified is responsible for these actions

Fix it, (correction)

Investigate why it happened, (root cause analysis)

Implement actions to prevent it from happening again (prevention)

Evaluate results and verify that actions taken do prevent nonconformance from happening again (effectiveness)

Corrective/Preventive Action

Audit Skills


Presenter

Presentation Notes


Case study - 1

In the audit of a food manufacturer, the auditor noticed 6 cans of an

unknown product in an unmarked box under the production line. The

cans were unmarked and the operator told the auditor that they were

left from the previous shift and he thought they might be reject beans.


Presenter

Presentation Notes


During an audit of internal audits, you are shown internal audit reports

from the last audit. These include a non-conformity report stating that 3

people in the purchasing department had not been trained in the use of

the approved supplier list. The corrective action taken was to train the 3

members of staff. The audit report has been closed. The management

representative tells you that no further investigation was made, as the

corrective action was obvious. The internal auditor had checked the

training records of the staff concerned before closing the reports.

Case study - 2


Presenter

Presentation Notes


In the Purchasing Department the auditor asks how the new

subcontractor for PAF items was selected. The purchasing clerk

explains that the regular supplier could not meet the delivery date and

the order was placed with a subcontractor, which they had never used

before, only because the price quoted was extremely low. The clerk

states that no other evaluation was conducted.

Case study - 3


Presenter

Presentation Notes


During an audit at the packaging area the auditor encountered the

operator not following the procedure OP 18 issue 7 for packing. He

was using different component polythene T2 to those specified in the

instruction and required by the customer specification. T2 made from

cardboard. The operator informed the auditor that he was acting on the

verbal instruction of the supervisor whilst they were temporally out of

that component. The working instruction was issued by the Production

Manager and no amendments had been produced.

Case study - 4


Presenter

Presentation Notes


During an audit management review activities you notice from the minutes

of management review meetings that the meetings are not attended by

any of the top management team. When you query this, the management

representative tells you that management review has evolved into a two-

tier process, as it was proving so difficult to get all of the departmental and

top managers available at the same time. The process is now that

departmental managers meet and conduct the first level of management

review. The management representative prepares a summary report

including actions and recommendations. This is passed round each of the

top management team for comment, and the Managing Director finally

agrees the action plan.

Case study - 5


Presenter

Presentation Notes


JARO Thermal ISO9001 2015 internal auditor training 20170118

Engineering

Transcript of JARO Thermal ISO9001 2015 internal auditor training 20170118