1. INTRODUCTION TO ISO 9001:2015 FOR IMPLEMENTATION Varinder Kumar CISA, ISO27001 LA, ISO 9001 LA, ITIL, CEH, MEPGP IT, Certificate course in PII & Privacy Management, Twitter: ISOGeek varinder@auditgaps.com

2. Disclaimer The information in this presentation represents my personal opinions and interpretation and has not been formally endorsed by ISO or any of its subcommittee or any of the ISO representatives or my current employer.

3. Agenda What prompted revision to ISO 9001:2008 Objectives of Revision What’s new ? Structure of ISO 9001:2015 ISO 9001:2015 Clauses – brief

4. What prompted revision of ISO 9001:2008 ? Business and industry has evolved drastically in last ten years due to technology adoption and innovations. Greater diversity of ISO 9001 implementation not just in manufacturing but in service industry too. To bring in ease of alignment with other ISO standards adopted by industries such as 27001, 20000, 22000 etc. To lower to documentation burden and minimizing it to absolutely necessary with more focus on records and production efficiency. Addition of Risk Management (identification, assessment, mitigation, acceptance) to achieve objectives Achieve value for stakeholders by including external and internal issues.

5. Objectives of Revision Enhance an organization’s ability to satisfy customers and stakeholders. Provide integrated approach to organizational management to achieve its objectives and integrate with other management systems. Greater emphasis on leadership engagement Reflect needs of all external and internal stakeholders Enhance organization’s ability to address risks as well as pursue opportunities. Lay a consistent foundation for next 10 years.

6. New Structure Of ISO 9001:2015 0. Introduction 1. Scope 2. Normative reference 3. Terms and definitions 4. Context of the organisation 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement

7. ISO 9001:2015 - Clauses at a Glance Below are the clauses in the revised ISO 9001 standards: 4.0 Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the quality management system 4.4 Quality management system and its processes

8. ISO 9001:2015 - Clauses at a Glance 5. Leadership 5.1 Leadership and commitment 5.2 Policy 5.3 Organizational roles, responsibilities and authorities 6. Planning 6.1 Actions to address risks and opportunities 6.2 Quality objectives and planning to achieve them 6.3 Planning of changes 7. Support 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information

9. ISO 9001:2015 - Clauses at a Glance 8. Operation 8.1 Operational planning and control 8.2 Requirements for products and services 8.3 Design and development of products and services 8.4 Control of externally provided processes, products and services 8.5 Production and service provision 8.6 Release of products and services 8.7 Control of nonconforming outputs 9. Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 9.3 Management review

10. ISO 9001:2015 - Clauses at a Glance 10. Improvement 10.1 General 10.2 Nonconformity and corrective action 10.3 Continual improvement

11. Points to consider during Implementation Determine the context of the organization – business operations and processes and how these are influenced by external and internal issues such as strategic decisions, regulations, political changes etc. A good way is to conduct PEST Analysis Determine Interested parties - for example employees, customers, regulatory bodies, local authorities etc. and understand their needs and expectations. Also understand how these can be affected by the organization activities and can thus impact organization objectives. Engage Leadership – Leadership or the top management must get involved and support the QMS. They must align the QMS policy to organizations strategy, mission and vision. Leadership should also ensure that not only roles and responsibilities but authorities are also delegated to respective to roles. Consider Risks and Opportunities – The new standard demands that organizations consider risks which can impact the achievement of objectives as well as should consider opportunities while pursuing a risk.

12. Points to consider during Implementation External Communication – Communicating the stakeholders and interested parties is another requirement in the new standard. Organization must authorize a role to communicate its key decisions or any adverse incidents, risk materializations which can impact the interested parties. Knowledge Management – The standard considers knowledge as a resource and expects that organization should managed this resource. This will help the organization to control the quality and consistency of goods and services. Organization may need to develop an appropriate system for learning from experience and an approach for knowledge retention including mentoring, documenting experiences, learning etc. Such measures can help the organization in becoming independent of person and sustaining quality and service delivery even in absence of the person managing that operation. Organizations are expected to manage their Intellectual property, formulas and patents etc under this requirement.

13. Points to consider during Implementation Documented Information – All documentation and records are now covered under documented information. Organization must ensure all documented information is easily accessible, retrievable and should implement measures for protection against loss of confidentiality, integrity and availability. Loss of confidentiality is very important in outsourced manufacturing for example a pharma company manufacturing a drug as outsourced partner for another company owning the patent. Similarly loss of document or damage to document containing some specific instructions during manufacturing can lead to chaos if the person managing day to day operations is not available. Outsourcing Control – Organizations must have controls on outsourced processes by way of contractual requirements, audits, SLA monitoring, quality testing etc. The term supplier has been used for goods and service suppliers.

14. Need Help ? Contact me for : 1. Implementation Projects: ISO 9001, ISO 27001, ISO 27018, ISO 29100, ISO 20000, ISO 22301, ISO 31000, ISO 13485 and ISO 55001 2. Documentation Review & Improvements 3. Internal Audit 4. Internal Auditor Training Course 5. Second Party / Supplier Audits for above standards www.auditgaps.com No consultation charges for NGO’s and Charity Organizations.