Professional Documents
Culture Documents
Draft
Whats Important to Know Now
Prepared by
Rand E Winters, Jr.
Senior ASR Lead Auditor
March 2014
Objective of Revisions
Enhance an organizations ability to
satisfy customers.
Maintain relevance, provide
integrated approach to
organizational management, and
integrate with other management
systems.
Reflect needs of all user groups and
increasingly complex operating
environments.
Whats New?
Risk management is being added with focus on
risk-based thinking. Identification of risk and risk
control now a requirement.
Standardized core text, structure, definitions
enable organizations with multiple management
systems to achieve improved integration &
implementation.
Major focus on achieving value for organization
and its customers.
Revisions allow ISO 9001 to be more applicable
by service-based organizations.
Primary focus remains on Customers!
Structure Re-organized
8. Operation includes planning & control,
determine market needs, interaction w/customers,
planning process, control of external provisions of
goods/services, production of goods, provision of
services, release of goods/services, non-conforming
goods/services
9. Performance Evaluation includes monitoring,
measurement, analysis & evaluation, internal audit,
management review
Structure Outlined
10. Improvement addresses non-conformity &
corrective action, improvement
What Should an
Organization do Now?
Nothing at this time
( well almost
nothing).
Still too early in the 2015 revision process of ISO 9001 to make
any significant changes to an existing QMS.
Some issues drafted may change or disappear in upcoming
drafts or with final version.
Looking aheadexisting registered system documentation
should conform with some small adjustments. In most cases,
existing registered organizations should have enough
documentation and records.
Since risk is documented in most sections of proposed
revision to ISO 9001, consider starting your risk management
Considering Risk
Risk is very detailed in this revision to the
standard as compared to ISO 13485, Food
Safety, or Aerospace.
Think about adding/using words that are
typical in the risk process such as risk
determination, risk control, risk mitigation,
acceptable level of risk.
Next slide outlines the four phases of
managing risk, and maybe helpful as an
organization addresses risk to their
business.
Evaluacin del
OPTION analysis
Implementation of
measures
RESIDUAL RISK evaluation
Overall RISK acceptance
Inforacion
PostProduction
Post-production experience
Review of RISK MANAGEMENT
experience- customer use
Take appropriate actions
Risk Continued
6.3 Planning and Controlling Changes
a) identification of risk and
control measures associated with product
8.4 Control of External Processes or Productsevaluation based on risks and risk control
8.5.1 Design and Development, define c) risk
8.5.3 Implement c) risk control measures
8.6 Execution/Implementation 8.6.1h)
implementation of risk controls
9.3 Management Review b) determined risks