ISO 9001

Process:

Continuous sequence of operations and actions that represent the manner in which something is manufactured or produced. Example: a manufacturing process

Totality of interrelated activities that convert input elements into output elements using resources.

Procedure:

Sequence of operations to be performed to fulfil a specific task and achieve a result.

Specified manner of performing an activity or process (documented or not).

• The structure of the standard has been changed in accordance with the High Level Structure (HLS).
• Organisational context: Inclusion of the point ‘Understanding the organisation and its context’ – the organisation must identify the external and internal challenges relating to its purpose and strategic direction. Identification of risks and opportunities for the organisation.
  
• Leadership: strengthening the role of senior management – the concept of strategic direction is now clearly anchored in the requirements of the standard.
• Interested parties: integration of this concept and determination of the needs and expectations of interested parties; previously, the needs and expectations of customers had to be determined, but this circle has now been expanded to include interested parties such as customers, the group, suppliers, authorities, etc. The organisation must also define the interested parties relevant to it.
• The process-oriented approach: a more prominent feature of the new standard
• The risk-based approach: The organisation must carry out risk and opportunity analyses in order to implement measures. The term ‘preventive measures’ disappears.
  
• The terms ‘document’ and ‘record’ have been replaced by ‘documented information’: The ‘obligation’ to introduce procedures is also no longer required; information can be available in other forms. However, the standard also specifies that organisations do not have to change their terminology just because the definitions have changed.
• More suitable for services than in the past.

• Less focus on documentation.
• More focus on the actual value for the company and its customers.
• More focus on a risk-based approach to achieving objectives.
• The standard must be an effective management tool and provide added value for the company.

It is important to understand the context in order to clearly define the strategic direction. This serves to improve performance and secure future viability.

As far as the standard is concerned, this principle is reflected in the consistency that must exist between the strategic direction, the policy, the strategic objectives, the translation into operational objectives and the measures to achieve them.

All measures must be consistent with each other, otherwise malfunctions may occur.

Risk management:

Methodology for identifying and assessing risks in order to plan measures (this methodology can be formal or informal). This is referred to as risk management.
Risk-based approach:

The risk-based approach enables an organisation to identify the factors that could cause its processes and quality management system to deviate from the expected results, take preventive measures to limit negative effects, and make the most of opportunities when they arise.

Even though this approach was implicitly present before, there were still many companies without clear identification and management of processes; with this version of the standard, this will no longer be possible.

• A formalised identification of processes.
• Identification of the process owner (person responsible for managing the process)
• Identification of related activities and interactions
• Indicators to determine whether the process is effective and achieves the results intended in accordance with policy and strategy.

In a process-oriented approach, interactions are very important, as the output of one process is often the input of the next process, and the next process becomes an internal element. It is not possible to have processes that function independently of each other, as the entirety of the processes determines the efficiency of a system.

The interactions between processes can be defined using process maps and process sheets.

Detailed description of how subcontractors are managed, including risk analysis, evaluation criteria, process control and documented information.

The organisation establishes and applies criteria for the evaluation, selection and re-evaluation of external suppliers based on their ability to deliver goods and services in accordance with the organisation's requirements.

Documented information to be made available to subcontractors (if applicable):

1. The products and services to be supplied or the process to be performed,
2. The requirements for approval or release of products and services, procedures, processes or equipment,
3. Requirements for the qualification of personnel, including the necessary qualifications,
4. Requirements for the QMS,
5. Control and monitoring of the subcontractor by the organisation,
   
6. Any audits that the organisation or its customer intends to carry out at the external supplier's premises, and
7. Requirements for the protection of the subcontractor's property, which shall be communicated to the organisation.

The quality manual is disappearing! The standard contains a number of requirements for documented information, but most of these are records rather than procedures.

Documented procedure:

A document that specifies how an activity or process is to be carried out.

Record:

A document that captures the results achieved or provides evidence that an activity has been carried out.

Input data:
a) Opportunities for improvement. The status of implementation of measures decided upon following previous management reviews;

b) Changes in external and internal requirements relevant to the quality management system;

c) Information about the performance and effectiveness of the quality management system, including trends relating to:

1. Customer satisfaction and feedback from relevant interested parties;
2. Degree of achievement of quality objectives;
3. Process performance and conformity of products and services;
4. Nonconformities and corrective actions;
5. Results of monitoring and measurement;
6. Results of audits; and
7. Performance of external suppliers

d) Adequacy of resources;
e) the effectiveness of measures to address risks and opportunities (see 6.1);
f) opportunities for improvement
Output:
a) opportunities for improvement;
b) necessary changes to the quality management system;
c) resource requirements.

The risk-based approach was already included in earlier versions of the ISO 9001 standard, particularly in the requirements relating to the implementation of preventive measures to eliminate potential non-conformities and the implementation of appropriate and adequate measures to remedy the effects of non-conformities.

This approach was reinforced in the 2015 version of ISO 9001. In the context of this issue, it can be understood on the basis of the following two key points:

• Inclusion of the issue of risks and opportunities (including financial risks, but also all other risks) in the strategic analysis of the organisation, in addition to the analysis of internal and external challenges and the analysis of the requirements of interested parties.
• Consideration of the results of this strategic analysis in the planning, implementation, evaluation and improvement of the management system processes.

Certificates obtained in accordance with ISO 9001:2008 are valid until 17 September 2018. The certificates will lose their validity on this date.

Certification in accordance with ISO 9001:2008 is therefore still possible, but the validity of the certificate will not extend beyond the above date.

ProCert provides advice and support:

• New companies that wish to switch directly to the ISO 9001:2015 version
• Companies that are currently certified according to ISO 9001:2008 to switch to the ISO 9001:2015 version during their next follow-up audit or renewal audit.