ISO 9001:2008: Key changes and transition process Based on the published ISO 9001:2008 DNV Industry, Global MSC, 2008-11-20

Purpose of the presentation Highlight the key changes in ISO 9001:2008 (included detailed text in the last slides) Provide rules for the transition, including: Schedule Certificate handling and practical arrangements Explain expectations to certified customers © Det Norske Veritas AS. All rights reserved 19 April 2017

The ISO 9001 revision process ISO 9001 is by far the most widely used standard for quality management systems: >1.000.000 companies certified in 170 countries Annual increase of ~ 15% worldwide Standards are reviewed and revised periodically because they must be kept up to date with stakeholder’s expectations. Quality Management is a dynamic process and evolves over time. The ISO 9000 “family of documents” is continually reviewed and revised through the Technical Committee TC 176. First Edition – 1987 Second Edition – 1994 Third Edition – 2000 © Det Norske Veritas AS. All rights reserved 19 April 2017

ISO 9001:2008 - Status For ISO 9001:2008, a design specification was developed (in 2005) and balloted. The purpose of the revision was specified to be limited to: Enhance the clarity of ISO 9001:2000, without introducing new requirements Enhance compatibility with ISO 14001:2004. ISO 9001:2008 was published November 15th. Content of the 4th Edition of ISO 9001 (2008): No new requirements introduced Some useful clarifications to existing requirements Mainly editorial changes A few examples of increased compatibility with ISO 14001:2004, but also these mainly editorial. Most substantial change for 8.5.2/8.5.3, see details. © Det Norske Veritas AS. All rights reserved 19 April 2017

The ISO 900X/ISO 1000X - series Also the guidance ISO 9004 “Managing for success” is under revision and scheduled to be published medio 2009. The current draft contains major and useful changes, and will provide useful guidance for improvement of quality management in organisations. The ISO technical committee have also published other guidance documents related to Quality Management Systems (ISO 1000X-series): © Det Norske Veritas AS. All rights reserved 19 April 2017

Schedule of implementation ISO and the International Accreditation Forum (IAF) have jointly issued the following rules for the transition: Twenty four months after publication by ISO of ISO 9001:2008 (i.e. Nov. 15th 2010), any existing certification issued to ISO 9001:2000 shall not be valid. One year after publication of ISO 9001:2008 (i.e. Nov. 15th 2009), all accredited certifications issued (new certifications or recertifications) shall be to ISO 9001:2008. Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after official publication of ISO 9001:2008 (which should take place before the end of 2008) and after a routine surveillance or recertification audit against ISO 9001:2008. Transition can be done during any scheduled re-certification or periodical audit in the 24 months period, but preferrably during a re-certification audit to avoid additional costs. © Det Norske Veritas AS. All rights reserved 19 April 2017

Transition audit and certificate validity If transition is performed during a scheduled periodical audit: Certificate validity will be consistent with validity of ISO 9001:2000 certificate Additional fee for certificate issuance likely to be charged If transition is performed during a scheduled re-certification audit: Certificate validity will be 3 years from expiry date of ISO 9001:2000 certificate No additional certificate fee © Det Norske Veritas AS. All rights reserved 19 April 2017

What is required from our certified customers As there are no new requirements, the transition will not imply major additional efforts and is expected to be easy. For the transition DNV will assess that your organisation are aware of the changes made and have reviewed the quality management system to ensure it still complies after the clarifications made. Additional audit time not deemed needed. Conduct transition during any scheduled audit, but preferrably during a scheduled re-certification audit (if due within the 24 months) to avoid additional costs. © Det Norske Veritas AS. All rights reserved 19 April 2017

Key changes Introduction (0) Explicitly lists “risks” associated with an “organisation’s environment” as an influencing factor of the QMS. Scope (1) In the standard the term “product” is not solely applicable for product intended or required by the customer but also any intended output resulting from the realization process. This broadens the application and include e.g. purchased products, products from intermediate stages in the realization process, as well as products from outsourced processes. “Statutory” requirements applicable to the product have been introduced in addition to the previously used “regulatory” requirements (this is used consistently throughout the document). © Det Norske Veritas AS. All rights reserved 19 April 2017

Key changes General requirements (4.1) Amended text regarding outsourced processes to: Clarify what is an outsourced process Clarify what factors may influence the extent and type of control to be applied Clarify that outsourcing does not absolve the responsibility for the organisation to meet customer, and applicable statutory and regulatory requirements for the product Work environment (6.4) Text amended to provide examples of influencing conditions of work environment which may affect product conformity. © Det Norske Veritas AS. All rights reserved 19 April 2017

Key changes Determination of requirements related to the product (7.2.1) Amended text with examples of possible requirements and contractual obligations related to post-delivery activities, e.g. warranty provisions, maintenance services and requirements related to re-cycling and final disposal post-delivery activities. Design and development outputs (7.3.3) Amended text to clarify that the provision of information for production and service provision also can include information providing details for the preservation of product Customer satisfaction (8.2.1) Amended text to provide examples on relevant input for monitoring of customer perception. © Det Norske Veritas AS. All rights reserved 19 April 2017

Key changes Corrective Action/Preventive action (8.5.2f/8.5.3e) Text amended to include “reviewing the effectiveness of corrective/preventive action taken” which is also consistent with ISO 14001 © Det Norske Veritas AS. All rights reserved 19 April 2017

Changes to the Standard A presentation of all the changes are contained in Annex B of ISO 9001:2008. The consecutive slides shows the wording of the requirement for the clauses containing the listed key changes. The red text text shows the revised wording in the new edition. Remember that information marked “NOTE” in the ISO 9001 Standard is for guidance in understanding or clarifying the associated requirement. The Notes do not constitute requirements. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard INTRODUCTION 0.1 General The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization's quality management system is influenced by its organizational environment, changes in that environment, or risks associated with that environment, its varying needs, its particular objectives, the products it provides, the processes it employs, its size and organizational structure. It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation. Cont’d.. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard Cont’d.. The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked “NOTE” is for guidance in understanding or clarifying the associated requirement. This International Standard can be used by internal and external parties, including certification bodies, to assess the organization's ability to meet customer, statutory and regulatory requirements applicable to the product, and the organization's own requirements. The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration during the development of this International Standard. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 1. SCOPE 1.1 General This International Standard specifies requirements for a quality management system where an organization a) needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and b) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. Cont’d.. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard Cont’d.. NOTE 1 In this International Standard, the term “product” only applies to product intended for, or required by, a customer, any intended output resulting from the product realization processes. NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 4.1 General requirements The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard. The organization shall a) determine the processes needed for the quality management system and their application throughout the organization (see 1.2), b) determine the sequence and interaction of these processes, c) determine criteria and methods needed to ensure that both the operation and control of these processes are effective, d) ensure the availability of resources and information necessary to support the operation and monitoring of these processes, e) monitor, measure (where applicable), and analyze these processes, and f) implement actions necessary to achieve planned results and continual improvement of these processes. These processes shall be managed by the organization in accordance with the requirements of this International Standard. Cont’d.. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard Cont’d… Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system. NOTE 1 Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization and measurement, analysis and improvement. NOTE 2 An outsourced process is identified as one needed for the organization's quality management system but chosen to be performed by a party external to the organization. Cont’d… © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard Cont’d… NOTE 3 Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as a) the potential impact of the outsourced process on the organization's capability to provide product that conforms to requirements, b) the degree to which the control for the process is shared, c) the capability of achieving the necessary control through the application of 7.4. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 6.4 Work environment The organization shall determine and manage the work environment needed to achieve conformity to product requirements. NOTE The term “work environment” relates to those conditions under which work is performed including physical, environmental and other factors (such as noise, temperature, humidity, lighting or weather). © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 7.2.1 Determination of requirements related to the product The organization shall determine a) requirements specified by the customer, including the requirements for delivery and post-delivery activities, b) requirements not stated by the customer but necessary for specified or intended use, where known, c) statutory and regulatory requirements applicable to the product, and d) any additional requirements considered necessary by the organization. NOTE Post-delivery activities include, for example, actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 7.3.3 Design and development outputs The outputs of design and development shall be in a form suitable for verification against the design and development input and shall be approved prior to release. Design and development outputs shall a) meet the input requirements for design and development, b) provide appropriate information for purchasing, production and service provision, c) contain or reference product acceptance criteria, and d) specify the characteristics of the product that are essential for its safe and proper use. NOTE Information for production and service provision can include details for the preservation of product. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 8.2.1 Customer satisfaction As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements. The methods for obtaining and using this information shall be determined. NOTE Monitoring customer perception can include obtaining input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, warranty claims and dealer reports. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 8.5.2 Corrective action The organization shall take action to eliminate the causes of nonconformities in order to prevent recurrence. Corrective actions shall be appropriate to the effects of the nonconformities encountered. A documented procedure shall be established to define requirements for a) reviewing nonconformities (including customer complaints), b) determining the causes of nonconformities, c) evaluating the need for action to ensure that nonconformities do not recur, d) determining and implementing action needed, e) records of the results of action taken (see 4.2.4), and f) reviewing the effectiveness of the corrective action taken. © Det Norske Veritas AS. All rights reserved 19 April 2017

Proposed changes to the Standard 8.5.3 Preventive action The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems. A documented procedure shall be established to define requirements for a) determining potential nonconformities and their causes, b) evaluating the need for action to prevent occurrence of nonconformities, c) determining and implementing action needed, d) records of results of action taken (see 4.2.4), and e) reviewing the effectiveness of the preventive action taken. © Det Norske Veritas AS. All rights reserved 19 April 2017

© Det Norske Veritas AS. All rights reserved 19 April 2017