SQC

Introduction to
ISO 9001:2015
Presented By STARK INDUSTRIES
 SQC
Contents

Section A • ISO 9000 Background

• MODELS OF ISO 9000 & Its

Section B CERTIFICATION

Section C • ISO 9001:2015 Element

Section D • Risk Based Thinking

 SQC

Section A
ISO 9001 Background
 SQC
What is ISO?
International Organization for Standardization

World’s most popular and commonly used standard for management

system

Headquarter- Located in Geneva, Switzerland

Word derived from Greek ISOS
Meaning “EQUAL”
 SQC
About ISO
More than 18,000 standards developed.
Economic, environmental and social.

Examples :
ISO 9001 – Quality Management System (QMS)
ISO 14001 – Environmental Management System (EMS)
 SQC
Member of ISO
• Is a worldwide federation of national standard bodies from more than
162
• One from each country.
• Representative from Malaysia - Department of Standards Malaysia
(Standards Malaysia).
• Since 1969, Malaysia became the member of ISO.
 SQC
ISO Technical Committee
250 technical committee

Note: ISO 9000 QMS is designed by ISO/ TC/ 176

 SQC
How does ISO 9001 works?
What requirements you must meet
How you meet the requirements
Flexibility
Management to stay in the driving seat
 SQC
Revision of ISO 9001 Standards

ISO
ISO 9001:2015
9001:2008 Context
ISO Process Risk /
9001:2000 Approach & Opportunity
ISO Process PDCA
9001:1994 Approach &
Say what PDCA
you do & do
ISO what you say
9001:1987
Procedure
 SQC

Section B
Model of Iso 9000 and Its Certification
 SQC
ISO 9000 Series
IMPLEMENTATION OF ISO 9001 SQC
COMPLYING TO STANDARD
ISO 9001:2008 version
Say / write what you do:
(Mission, responsibilities, goals, process steps, processes or work descriptions, etc.)

Do what you say / wrote:

(Perform to the point to obtain desired results, document and implement processes and record the
results.)

Prove it, show evidences & records:

(Show the documented processes and recorded results.)
ISO 9001:2015 version
More flexible structure. Any format can be accepted as long as you can show them as documented
information
 SQC
Accreditation body & Certification body
International e.g. Pacific Accreditation Cooperation(PAC),
Accreditation Forum (IAF) Europe Accreditation Cooperation(EA),
Inter-American Accreditation Cooperation (IAAC)
ISO/IEC 17011:2004 ISO/IEC Guide 61

Accreditation Body e.g. DSM, UKAS, JAB, DAR, SCC, RAB ...

ISO/IEC 17021:2015
e.g. SIRIM ,GCL , BSI, SGS, Lyods, TUV
Certification Body
ISO 9001:2015

Companies
 SQC
Accreditation body
Responsibility for
accrediting
Certification Bodies
to perform
assessments and
award certifications
against the
International
Standard.
 SQC
Certification body
An impartial body, government or non-government, processing the necessary competence and
reliability to operate a certification system and in which those with an interest in the process of
certification are represented without any single interest predominating.

LOCAL Certification Body:

• Sirim QAS Sdn Bhd

NON-LOCAL Certification Body Operate in M’sia:

• TUV
• INTERTEK
• LLOYDS
• SGS
• BSI
SQC
 SQC

Section C
ISO 9001:2015 ELEMENT DESCRIPTIONS
 SQC
Customer
Focus
Leadership

Engagement of Relationship
People Management

Evidence-
Process based
Approach Decision
Making

Improvement
 Complexity
SQC
and interaction
of processes

Objectives Competency

Quality
Management
System
Size &
Risks organisational
structure

Customer’s/ Type of
relevant products/
parties’ needs services
SQC
 Act – Plan the process SQC

Interaction with other process

incorporate (depends on RISK)
4.4.1 Interaction with other improvement
as necessary
process

Do – Carry out
Input Output
process

Check – monitor/
measure process
performance
SQC
SQC
SQC
SQC
 SQC
ISO 9001:2015 - PLAN
Introduction 5.Leadership
1.Scope 5.1 Leadership and commitment
2.Normative references
5.1.1. General
3.Terms and definitions
4.Context of the organization 5.1.2. Customer focus
4.1 Understanding the organization and its 5.2 Policy
context 5.2.1 Developing the quality
4.2 Understanding the needs and expectations policy
of interested parties
5.2.2 Communicating the quality
4.3 Determining the scope of the quality
management system policy
4.4 Quality Management System and its 5.3 Organizational roles, responsibilities
processes and authorities
 SQC
ISO 9001:2015 - PLAN
6.Planning 7.1.4 Environment for the operation of processes
6.1 Actions to address risks and opportunities 7.1.5 Monitoring and measuring resources
6.2 Quality objectives and planning to achieve 7.1.6 Organizational knowledge
them
6.3 Planning of changes 7.2 Competence
7.3 Awareness
7. Support 7.4 Communication
7.1 Resources 7.5 Documented information
7.1.1 General 7.5.1 General
7.1.2 People 7.5.2 Creating and updating
7.1.3 Infrastructure 7.5.3 Control of documented information
 SQC
ISO 9001:2015 - DO
8. Operation 8.4 Control of externally provided products and services
8.1 Operational planning and control 8.4.1 General
8.2 Requirements for products and services 8.4.2 Type and extent of control
8.2.1 Customer communication 8.4.3 Information for external providers
8.2.2 Determining the requirements related to products 8.5 Production and service provision
and services
8.5.1 Control of production and service provision
8.2.3 Review of requirements related to products and
services 8.5.2 Identification and traceability

8.2.4 Changes to requirements for products and services 8.5.3 Property belonging to customers or external providers

8.3 Design and development or products and services 8.5.4 Preservation

8.3.1 General 8.5.5 Post-delivery activities

8.3.2 Design and development planning 8.5.6 Control of changes

8.3.3 Design and development inputs 8.6 Release of products and services

8.3.4 Design and development controls 8.7 Control of nonconforming outputs

8.3.5 Design and development outputs

8.3.6 Design and development changes
 SQC
ISO 9001:2015 – CHECK & ACT
9. Performance evaluation 10. Improvement
9.1 Monitoring, measurement, analysis &
evaluation
10.1 General
9.1.1 General 10.2 Nonconformity and
9.1.2 Customer satisfaction corrective action
9.1.3 Analysis and evaluation 10.3 Continual Improvement
9.2 Internal audit
9.3 Management review
9.3.1 General
9.3.2 Management review inputs
9.3.3 Management review outputs
DOCUMENTED INFORMATION (7.5)
1. Scope
2. Documented information to support operation ,eg quality plan
SQC
3. Documented information to prove processes are carried out as planned
4. Quality Policy
5. Quality objective
6. Documented information of fitness of purpose of monitoring and measuring equipment, eg calibration

7. Documented information of evidence of competence, eg training

8. Documented information to show conformity of products/ services, eg testing
9. Results of review of requirements, any new or changed requirements for products/ services, change of sales order

10. Documented information (Design meets requirements)

11. Documented information resulting from design and development process
12. Design and development changes
DOCUMENTED INFORMATION
13. Evaluation, monitoring and re-evaluation of external provider
14. Documented information that defined the characteristics products and services, eg , product spec
SQC
15. Documented information necessary to maintain traceability (if traceability is required), bar code, serial no.

16. Documented information describing the results of review of changes in provision of products/ services, personnel
authorising the change, and any necessary actions ,eg, design engineer

17. Documented information providing traceability to the person authorising release of products/ services, eg, QC
inspector

18. Action taken on nonconforming process outputs, products and services, including concessions, person who made the
decision, QA, NCR & CAR

19. Monitoring and measuring activities, eg, Inspection and testing

20. Documented information as evidence of implementation of audit program and audit results, IQA , audit program

21. Results of management review

 SQC

Clause 4
Context of the organization
 SQC
4.1 Understanding the 4.2 Understanding the
Organisation and its Needs and Expectations
Context (External & of Interested Parties-
Internal Issues) monitor and review

Context of
the
Organisation

4.3 Determining the 4.4 Quality Management

Scope of Quality System and its Processes
Management System
4.1 Understanding the Organisation and SQC
its Context

Review
Determine
What is the information
internal and
purpose of the Monitoring about
external
organisation? external and
issues( SWOT)
internal issues
4.1 Understanding the Organisation and SQC
its Context
Internal External
• Values • Legal
• Culture • Technology
• Performance • Competition
• Market
• Cultural
• Social and economic
environment
• External Communication
4.2 Understanding the Needs and SQC
Expectations of Interested Parties
Who are the interested parties?
Person/ organization that can affect, be affected by, or perceive
themselves to be affected by a decision or activity

EXAMPLE:
Determine
interested party

Determine their
requirements Owner,
Society e/g:
Business Employee
competitor
Customer Supplier Banker
Monitor and review Partner
 SQC
4.3 Determining the Scope of QMS

Internal and
External Issues
Scope, Boundaries
& applicability Requirements of
Interested
Parties

Products and
Services
4.4 Quality Management System and its SQC
Processes
P1 Performance
Resources
Indicator

P2 Customer
Monitoring,
INPUT measuring & OUT-PUT Satisfaction
evaluation method

P3
Responsibility Risk, opportunity,
& Authority P4 planning &
implementation

Sequence & Interaction

 SQC

Clause 5
Leadership
 SQC

5.1 Leadership and Commitment

 SQC
5.1.1 Leadership and Commitment for QMS
Establishing quality
policy and objective in
Integration of QMS in Promoting awareness of
line with strategic
business processes process approach
direction and context of
organisation

Support other
Promote continual management roles to
Risk based thinking
improvement demonstrate their
leadership
 SQC
5.1.2 Customer Focus
Determine and address risks
Determine customer , and opportunities that can
statutory, regulatory affect conformity of
requirements product/ services
CUSTOMER
FOCUS

Enhancing customer
satisfaction
 SQC

5.2 Quality Policy

 SQC
1 Appropriate to purpose and context of organisation

2 Framework for setting and reviewing quality objectives

Include commitment to satisfy applicable requirements and

3 continual improvement to QMS

4 Available as documented information

5 Communicated, understood and applied

6 Available to interested party

 SQC

5.3 Organizational Roles,

Responsibilities and Authorities
 SQC
Roles, Responsibilities & Authorities

1 2 3 4 5
Ensure QMS Ensure Report on the Ensure Ensure
conform to process performanc promotion integrity of
ISO 9001 deliver e of QMS of customer QMS after
intended focus change
output
 SQC

Clause 6
PLANNING FOR THE QMS
6.1 Action to Address Risks and SQC
Opportunities
PLANNING OF QMS

Internal & External Requirements of

Issues Interested Parties
RISKS & OPPORTUNITIES

Plan action Implement Evaluate effectiveness Continual improv

 6.2 Quality Objective and Planning to SQC
Achieve them

Relevant to
In line with product/ service
Consistent with
Measurable applicable conformity &
quality policy
requirements customer
satisfaction

Be communicated Be updated as
Be monitored
to appropriate
6.2 Quality Objective and Planning to SQC
Achieve them
Who ?
What When&
Resources? where ?

Achieve How to
Which ? Quality evaluate
Objective the results?
 SQC
6.3 Planning of Changes

Purpose of change and Integrity of quality

potential consequences management system
Planning for
Changes
Responsibilities &
Availability of resources authorities
 SQC

Clause 7
Support
 SQC
7.1 Resources

Consider capability and

7.1.1 General constraints of external
processes

7.1.2 People Ensure adequate resources

 SQC
7.1 Resources

• Building & associated utilities

• Equipment (hardware &
7.1.3 software)
• Transportation
Infrastructure • Information & communication
technology
 SQC
7.1 Resources

7.1.4 • Combination of human and physical

factors

Environment • Social – non discriminatory, calm, non

confrontation
• Psychological,eg stress,burnout

for operation prevention,

• emotionally protected

of processes
• Physical-temperature, heat, light, air flow
 SQC
7.1 Resources
7.1.5
• Ensure valid & reliable results
Monitoring & • If traceability required, verified/ calibrated,
measuring identified (status), safeguarded
resources

7.1.5.2 • Current & new knowledge

• Internal (lesson learnt from failure, experience)
Organizational • External (Standards, conferences, )
Knowledge
 SQC
Determine the necessary Ensure competence (education,
competence training, experience)

7.2 Competence

Take action to acquire

competence (training, Retain documented evidence of
mentoring, etc) and evaluate competence
effectiveness
 SQC
Quality
Policy

Quality 7.3 Contribution

Objective
Awareness
to QMS

Implicatio
n of non-
conformity
 SQC

WITH
WHAT WHEN WHO HOW
WHOM

7.4 Communication (Internal & External)

 SQC
7.5 Documented Information
7.5.2 Creating & Updating

7.5.1 7.5.3 Control of Documented

Note: Information
Storage &
1)Size Identification
& Description
preservation
2) Complexity
Distribution,
3) Competence
access, retrieval
Format & & use Retention &
Media Disposition

Review & Control of

Control of external
Approval
changes documented
information
 SQC

Clause 8
Operation
 SQC
8.1 Operational Planning & Control
Determine requirements of product/ service
1

Establish criteria for the processes and acceptance of products/ services

2

Determine resources needed and ensure outsourced processes are controlled.

3

Implement control of the process against criteria

4
Retain documented information (evidence that processes are carried out as planned and
5 evidence of conformity)
Control planned changes & review consequences of unintended changes, take action to mitigate
6 adverse effects
8.2 Determination of Requirements for SQC
Products and Services
Products/
services
information

Enquiries,
Handling of
8.2.1 contracts/
customer
orders &
property Customer changes
Communication

Customer’s
Contingency
views and
action (when
perceptions,
relevant)
complaints
8.2 Determination of Requirements for SQC
Products and Services
8.2.2 Determination of
Requirements Related to Products
and Services & applicable statutory
& regulatory requirement

8.2.3 Review of the requirements

for products and services
 SQC
8.3 Design and Development of Products and
Services
8.3.2 Design and
Development
8.3.1 General – 8.3.3 Design and
Planning – Duration
implement, Inputs – functional
of design activities,
establish, design and and performance,
internal and external
maintain design information.
resources,
responsibilities

8.3.6 Design and 8.3.4 Design and

8.3.5 Design and
Development Development
Development
Changes – Control – Verification
Outputs – Meet the
Documented and validation,
input requirements.
information changes. conduct review.
 SQC
8.3 Design and Development of Products and
Services
Clearly
defined
results

Validation

Design &
Development
Control

Review of
design & Verification
development Action taken
on problems
during
review,
verification
and
validation
 SQC
8.3 Design and Development of Products and
Services

Meet requirements Fit for intended purpose

8.3.5 Design &

Development
Outputs
Monitoring & measuring
Adequate for subsequent requirements, acceptance
process criteria

Retain documented information

 SQC
8.4Control of Externally Provided Products & Services

Products/ services from external provide Products/

incorporate into organization’ products/ services provided Outsource
services directly to
customer

Establish criteria for evaluation, selection,

monitoring of performance, re-evaluation
 SQC
8.5 Production and Service Provision
Product/
service
release,
delivery, post
Documented delivery Validation &
info of Product/
periodic Re-
Service
validation
Characteristic

Documented
8.5.1
info on
activities
Controlled Competence

Conditions
Monitoring &
Suitable M &
Measuring
M resources
Activities
Suitable
infrastructure
&
Environment
 SQC
8.5.2 Identification & Traceability
Process Output

Results of any activities which are ready for

delivery to the organisation’s customer or internal
customer (e/g: Products, services, intermediate
parts, components, etc)
 SQC
8.5.3 Property • Identify, verify, protect and safeguards.
belonging to customer • Materials, components, tools and equipment,
or external provider premises, intellectual property and personal data

• Identification, handling, contamination control,

8.5.4 Preservation packaging, storage, transmission or transportation
and protection
 Statutory &
SQC
regulatory
requirements

8.5.5
Product and
services Post Customer
feedback
risks
Delivery
Activities
Nature,
use &
lifetime of
products/
services
 SQC
8.6 Release of Products and Services

Retain evidence of
conformity &
Plan arrangement for
Implement documented info of
verification
person authorized
release
 SQC
Segregation, containment, return or
Correction suspension
8.7 Nonconforming Process
Outputs, Products, Services

Obtaining authorization for use as is , release,

Informing the Customer continuation or re-provision, acceptance
under concession

Retain documented
Correction Verification
information
 SQC

Clause 9
Performance Evaluation
9.1 Monitoring, Measurement, Analysis &
SQC
Evaluation

WHEN WHEN
MONITOR &
WHAT? METHOD? HOW TO ANALYSE &
MEASURE? EVALUATE?

RETAIN DOCUMENTED INFORMATION AS EVIDENCE OF

RESULTS

Evaluate quality performance and effectiveness of QMS

 SQC
9.1.2 Customer Satisfaction

Monitor customer’s perceptions of the degree meets

their needs and expectation

Determine the method of measurement

Eg, survey, feedback on delivered products and

services, meetings with clients, market share ,
compliments, warranty claims, dealer reports, etc
 SQC
9.1.3 ANALYSIS AND EVALUATION
Output of analysis and evaluation

1 • Demonstrate conformity to product and service requirements

2 • Access and enhance customer satisfaction
3 • Ensure conformity and effectiveness of quality management system
4 • Demonstrate that planning has been successfully implemented
5 • Assess the performance of processes
6 • Assess the performance of external provider(s)
7 • Determine the need or opportunities for improvements
8 • Input to management review
 SQC
9.2 Internal Audit
Audit program (quality objectives, importance of process, customer
feedback, changes, results of audit) , audit criteria, scope

Select auditor

Carry out audit and report audit results to management

Take correction and corrective action

Retain documented information

 SQC
Status of action Non-conformity and corrective
from previous action
MR
1

M & M results
2
Effectiveness of New potential
action taken to 9.3 opportunities Audit results
address risk & Management 3
opportunities
Review Customer satisfaction
4
Issues concerning external
5 provider, interested parties
Changes in Information on
internal and quality
external issues performance Adequacy of resources
6
Process performance &
7 conformity of product & service
OUTPUT: Continual improvement opportunities, any need for
changes and resource needs
 SQC

Clause 10
Improvement
 SQC
10.2 Nonconformity and Corrective Action

React to NC (take Evaluate need for action (review,

action / deal with determine cause, determine Implement action
consequence) similar NC)

Retain documented
information (nature of NC, Review effectiveness of CA
action and results)
 SQC
10.3 Continual Improvement

outputs from management review

Output of analysis and evaluation,
Improve
processes

Improve
products
and
services

Improve
QMS results
 SQC

Section D
Risk Based Thinking
 SQC
Risk Based Thinking
What is RISK?

• Effect of uncertainty on an expected results.

• The chance of that harm occur
 SQC
Risk Based Thinking
Why Risk-based thinking?

• Risk-based thinking enables an organization to

determine the factors that could cause its processes
and its quality management system to deviate from
the planned results, to put in place preventive controls
• to minimize negative effects and to make maximum
use of opportunities as they arise
 SQC
Risk Based Thinking
ISO 9001:2015
REQUIREMENTS

ISO 9001:2015 requires for the

organization to determine the risks
and opportunities based on the knowledge of
the organization’s context (4.1 & 4.2)
 SQC
Risk Based Thinking
ISO 9001:2015
6.1.1 When planning for the quality management
system, the organization shall consider the issues
REQUIREMENTS
referred to in 4.1 and the requirements referred to in
4.2 and determine the risks and opportunities that
need to be addressed to:
a) give assurance that the quality management
system can achieve its intended result(s);
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.
 SQC
Favorable
Condition
Prevent negative
effects
Risk-based
thinking Improve
productivity

Positive deviation
 SQC
Managing Risk
Step 5:
Step 1 :
Monitor
Identify
and review
the risk
the risk

Step 4: Step 2:
Treat the Analyse
risk the risk

Step 3:
Evaluate
the risk
 SQC
Risk Level / Risk Score
Calculated as -
potential severity of harm
(the consequence – or damage)

x
likelihood of event occurring
 SQC
Risk Level / Risk Score

How likely?

How bad?
SQC
 SQC
Low risk, L A risk identified as LOW may be considered as acceptable and further
(1-2) reduction may not be necessary. However, if the risk can be resolved quickly
and efficiently, control measures should be implemented and recorded.
Medium risk, M A MEDIUM risk requires a planned approach to controlling the threat /
(3-4) potential risk and applies temporary measure if required. Actions taken must
be documented on the risk assessment form including date for completion.

High risk, H A HIGH risk requires immediate action to control the threat / potential risk.
(6-9) Actions taken must be documented on the risk assessment form including
date for completion.
 SQC
Risk Assessment Template
 SQC
Strategy in Managing Risks
• activities with a high likelihood of loss and large
financial impact. The best response is to avoid
the activity

• if cost-benefit analysis determines the cost to

mitigate risk is higher than cost to bear the risk,
then the best response is to accept and
continually monitor the risk.

• activities with low probability of occurring, but with a

large financial impact. The best response is to • activities with a high likelihood of occurring, but
transfer a portion or all of the risk to a third party by financial impact is small. The best response is to
purchasing insurance, hedging, outsourcing, or use management control systems to reduce the
entering into partnerships. risk of potential loss
SQC
SQC