Risk and opportunities

New aspects in ISO 9001:2015 which does not specifically required in ISO 9001:2008

Risks and Opportunities

1. Clause 4.4.1 (f) of ISO 9001:2015: address the risks and opportunities as determined
2. Clause 5.1.2 of ISO 9001:2015: Top management to demonstrate leadership to ensure focusing on customer through determining the risk and opportunity
3. Clause 6.1.1 & 6.1.2 of ISO 9001:2015: Action to address risk and opportunities
4. Clause 9.1.3 (e )  of ISO 9001:2015: Analysis and evaluation of effectiveness of action addressing risks and opportunities
5. Clause 9.3.2 of ISO 9001:2015: Input of management review on effectiveness of action on risks and opportunities.
6. Clause 10.2.1 of ISO 9001:2015: to update risks and opportunities when there is an occurrence of nonconformity

Contact us now to get further info

Read More

Transition Period

Certification Transfer process for ISO 9001:2008 certified company

According to ISO

Recommendation for process steps.

1. Company to determine suitable date (current certificate will only valid until Sep 2018)
2. Readiness review
3. Liaise with certification body
4. Transfer audit (re-certification) based from IAF table
5. New full certificate with 3 years validity

We able to assist you for step 2, 3 and 4. Contact us now at HERE or email us at admin@osh-isis.com

Read More

Feedback Form

Please do feel free to contact us via online form below. Then, let's begin our partnership for your QMS implementation

Name:
Company Name:
Company address
Email Address:
no. tel
Status of QMS implementation	ISO 9001 certified In progress of upgrading to 2015 version Uncertified but implementing ISO9001 Not certify but has intention to develop QMS
Interested on;	Package 1 Package 2 Package 3 Package 4 Package 5 See this LINK to know further on products
Request for;	Quotation Further info (email) Further info (phone call) QMS Product Demo In-house training

Put a website form like this on your site.

Read More

Package

If you have an enquiry, please do feel free to fill up the Feedback Form or email to us at admin@osh-isis.com  

Read More

Interactive Quality Manual

New version of ISO 9001 has released by focusing on the effectiveness of operation with simplifying the fulfilment of requirement as now to be understood easily and more practical in application.

Therefore, it brought into the great idea for generating the QMS documentation which to be more user-friendly, simple and straight-forward. This is a new concept of documentation where the integration of all aspects required by the standard has been formatted in one platform for better accessibility.

As noted, new released standard does not published with stand alone ISO 9001:2015 requirement. They came with few sets of reference documents for complimenting the element addressed in the standard such as Annex A and ISO 9000:2015. Therefore, it demands for the user to seek a creativity on how to familiarize with the standard requirement to match against references document.

Why it called as an Interactive Quality Manual?

1. Documentation approach provides solution of any questionable issues in the requirement.
2.  Interactive Quality Manual adopted the same concept of e-book, where the important terms and phrases to be hyperlinked with original reference.
3. Integration of QMS documentation between standard requirement, Quality Manual and procedures to be established in one source
4. Reduce timing for searching and 'flipping' the documents.

Documents features

1. It consists Quality Manual, procedures, ISO 9001 Standard Requirement, Annex A and ISO 9000 formatted in the QMS documentation
2. It demonstrates interaction between all abovementioned documents.
3. Master Copy should be in soft copy.
4. Applicable for all type of industries.
5. Sample of manual is available in this blog

Grab this opportunity if your company has an intention to convert their system from ISO 9001:2008 to ISO 9001:2015.
Contact admin@osh-isis.com for product demo.

Click HERE to find the sample of the Quality Manual depicted into flow process mapping. It makes your learning process of new ISO9001 version to be more interesting and practical for its application 

Read More

Main Changes of ISO 9001:2015

The transition of ISO 9001:2008 to ISO 9001:2015 is mainly to emphasize on the following subjects;
 

High level structure and core text from „annex SL“

The new format of ISO 9001 standard is providing identical structure, text and common terms to be applied to the system user. It consist 10 elements of the requirement to simplify and to be easily understood by the system implementer (see details of ISO 9001:2015 Standard Requirement)

There is also explanatory item to clarify the new structure, terminology and concepts of this ISO 9001. It addressed as per Annex A of the standard.

Besides, ISO 9000:2015 specifies the terms and definitions that apply to all quality management and quality management system standards developed. It provides the answer of the term that repeatedly being used in ISO 9001:2015 Standard Requirement and Annex A.
 

Increased requirements for top management commitment and involvement.

It has been defined specifically in the section 5 of the standard. This requires involvement of top management to ensure maintenance of the QMS. It can be realized through demonstrates of leadership and commitment (clause 5.1.1),  lead to the team in focusing on customer requirement (clause 5.1.2), Generation of Quality Policy (clause 5.2.1) and assigning the right person to manage the organization's QMS (clause 5.3).
Top management also must take part in reviewing and evaluating the effectiveness of their QMS through Management Review process (clause 9.3)

Emphasis on risk-based thinking

Details explanation of risk based thinking has been elaborated in A.4 of Annex A.
The concept of risk based thinking is also being part of responsibility of top management for promoting them in the operation (see clause 5.1.1 of ISO 9001:2015)

Increased emphasis on achieving value for the organization and its customers (“output matters”)

'Internal customer' requirement should be respected for assuring good output to be produced. It has been explained in clause 4.4.1 of the standard.
Proactive measures can be seen in the new version of standard where the control of nonconforming products is now used the phrase of controlling the nonconforming output to emphasize effective implementation and preventing the defect to be generated in the operation (see clause 8.7.1 of the standard)

Need to understand the context of the organization and the needs and expectations of interested parties

The new standard emphasizes for organization to look potential issues that may effected to product conformity besides it hall meet with customer requirement. That is including legal requirement aspect, internal and external issue that may influence the smoothness of company's activities.
Broader views has put into the attention for company to identify, manage and maintain as it was addressed in the standard requirement in clause 4.1, 4.2, 6.1.1 and 6.1.2.
Most of the system users interpret this new requirement are replacing the clause of preventive action in ISO 9001:2008. However, the scope and coverage of the risk management in new standard are comprehensively described in wider range than focusing on product quality only.

Increased flexibility on the use of documentation

The used of documented information to integrate the terminology of procedure, document and record under one application without significant change being shown. This aspect has been specifically explain in A.6 of Annex A.

Read More

ISO 9001:2015 Standard (clause-by-clause)

NOTE: This chapter provides an index of standard requirement for the reader to acknowledge on each of clause of ISO 9001:2015. The input of the content is just extracted from the header or sub-header of the element addressed by the standard.

The user is just only need to click on the respective clause and the requirement of the standard will appear by opening with new window.

Anyway, the full sets of requirement can be referred through this LINK.

 

4. context of the organization

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of interested parties

4.3 Determining the scope of the quality management system

4.4 Quality management system and its processes

• 4.4.1 System establishment..

• 4.4.2 Necessity..

5. Leadership

5.1 Leadership and Commitment

• 5.1.1 General

• 5.1.2 Customer focus

5.2 Policy

• 5.2.1 Developing the quality policy

• 5.2.2 Communicating the quality policy

5.3 Organizational Roles, Responsibility and Authorities

6. Planning

6.1 Action to address risks and opportunities

• 6.1.1 When planning for the quality management system, the organization shall..

• 6.1.2 The organization shall plan..

6.2 Quality Objectives and planning to achieve them

• 6.2.1 The organization shall establish..

• 6.2.2 When planning how to achieve..

6.3 Planning of changes

7. Support

7.1 Resources

• 7.1.1 General

• 7.1.2 People

• 7.1.3 Infrastructure

• 7.1.4 Environment for the operation of processes

• 7.1.5 Monitoring and measuring resources

• 7.1.6 Organizational knowledge

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented Information

• 7.5.1 General

• 7.5.2 Creating and updating

• 7.5.3 Control of documented information

8. Operation

8.1 Operational planning and control

8.2. Requirement for products and services

• 8.2.1 Customer communication

• 8.2.2 Determining the requirements related to products and services

• 8.2.3 Review of requirements related to products and services

• 8.2.4 Changes to requirements for products and services

8.3 Design and development of products and services

• 8.3.1 General

• 8.3.2 Design and development planning

• 8.3.3 Design and development inputs

• 8.3.4 Design and development controls

• 8.3.5 Design and development outputs

• 8.3.6 Design and development changes

8.4 Control of externally provided processes, products and services

• 8.4.1 General

• 8.4.2 Type and extent of control

• 8.4.3 Information for external providers

8.5 Production and service Provision

• 8.5.1 Control of production and service provision

• 8.5.2 Identification and traceability

• 8.5.3 Property belonging to customers or external providers

• 8.5.4 Preservation

• 8.5.5 Post-delivery activities

• 8.5.6 Control of changes

8.6 Release of products and services

8.7 Control of nonconforming outputs

• 8.7.1 The organization shall ensure that outputs that do not conform..

• 8.7.2 Retain documented information

9. Performance Evaluation

9.1 Monitoring, measurement, analysis and evaluation

• 9.1.1 General

• 9.1.2 Customer satisfaction

• 9.1.3 Analysis and evaluation

9.2 Internal Audit

• 9.2.1 Performing an internal audit..

• 9.2.2 Execution of internal audit

9.3 Management Review

• 9.3.1 General

• 9.3.2 Management review inputs

• 9.3.3 Management review outputs

10. Improvement

10.1 General

10.2 Nonconformity and corrective action

• 10.2.1 When a nonconformities occurs..

• 10.2.2 Retain documented information

10.3 Continual Improvement

Read More

Internal Audit Procedure

GENERAL REQUIREMENT

This procedure provides guideline to extent information explained in clause Internal Audit of the Quality Manual.

The requirement is also enable to provide conformity to clause 9.2.2 (Internal Audit) of ISO 9001:2015 Standard Requirement.

COMMON DEFINITION USED

The definitions addressed are mainly refer to IS0 9000:2015

RESPONSIBILITY AND AUTHORITY

SELECTION OF AUDITORS

1. QMR shall nominate an Internal Auditor;
2. Selected auditor should be complied with one of the following criteria
• a) Experienced and/or trained in ISO 9001.
• b) Third party appointed and recognized by the Top Management with proven of competency qualification.
• c) Where necessary, training will be arranged for internal auditor to assure their competency. The process shall follow as per 7.2 Competence of the Quality Manual

PRE-AUDIT ACTIVITY

1. Lead auditor will prepare the Audit Plan.
2. The Audit Plan should define the audit criteria, scope and process need to be audited.
3. Determination of audit intensity
• a. All active projects shall be audited.
• b. If there is no active project is running, scope of audit may focus on adequacy of QMS process (such as Organizational Context of company, Leadership and commitment, Management of Risks and Quality Objectives, section 7 Support, section 9. Performance Evaluation and section 10. Improvement, or,
• c. If QMR identified that there is no project is running and no change in QMS implementation, he has authority to decide the necessity of internal audit to be conducted due with circumstances reason should be determined.
4. Lead Auditor has to ensure the selection of auditors is meeting the objectivity and impartiality of the audit process.
5. Lead auditor will organize the auditors which not audit their own work.
6. Audit Plan will be distribute to the auditor prior assessment conducted

DURING AUDIT ACTIVITY

1. Auditor will conduct audit as per Audit Plan
2. Audit tools need to be used;
• a. Audit Checklist
• b. ISO 9001 Standard, where necessary
3. Audit Method
• a. Based from records (It shall consistently meet with Documented Information Control Procedure
• b. Cross reference with the procedure and work instruction (It shall consistently maintained as per clause 8. Operation of Quality Manual)
• c. Observation of process to meet with clause 8. Operation of Quality Manual.
• d. Interview to the process owner to obtain input for justifying the effectiveness of process defined in Quality Manual in clause 7 Support, 7.1 Resource, 7.2 Competence, 7.3 Awareness and 7.4 Communication.
4. All findings should be recorded down to the Audit Checklist.
5. Classification of findings;
• a. Comply and fulfil with the ISO 9001 Requirement Standard and company QMS established (Quality Manual and procedures).
• b. Observation or OFI
• c. NC: Non-compliance with the with the ISO 9001 Requirement  and company QMS established (Quality Manual and procedures)
6. Next to do for the findings;
• a. All OFI should be listed in the Audit Summary for Lead Auditor take further action
• b. Any NC, Auditor should follow action determined in the Corrective Action Procedure and submit to Lead Auditor

POST-AUDIT ACTIVITIES

1. Lead Auditor compile the OFI and keep as an input for management review to meet with clause 9.3 Management Review of Quality Manual.
2. CAR  form will issue to the respective parties and should follow with Corrective Action Procedure.

Read More

Corrective Action Procedure

GENERAL REQUIREMENT

This procedure provides guideline to extent information explained in clause 10.2 Nonconformity and corrective action of the Quality Manual.

The requirement requirement is also enable to provide conformity to clause 10.2 Nonconformity and corrective action of ISO 9001:2015 Standard Requirement.

COMMON DEFINITION USED

The definitions addressed are mainly refer to IS0 9000:2015

RESPONSIBILITY AND AUTHORITY

IDENTIFICATION OF NON-CONFORMITY OCCURRENCE

1. 1 Identification of non-conformity can be defined as following inputs;
• a) Nonconformity of output in the project occurred as per Control of Non-Conformity Output Procedure
• b) Nonconformity raised during Internal Audit as per Internal Audit Procedure
• c) Customer complaint through evidence from documented information as in clause 8.5 Provision of construction project management of Quality Manual. E.g. Work Progress Report, Inspection Report etc.
• d) Valid feedback received from interested parties associated with the risk to the project conformity defined as per clause 6.1 Risk Management of the Quality Manual.
2. 2 All nonconformity received shall be validated first before further measure can be taken.

CORRECTIVE ACTION

1. Whenever nonconformity is confirmed, QMR shall verify and record the nonconformity in the form.
2. Where required, he shall than call respective person and arrange for meeting. Input of meeting then will be used in determining root caused and measures need to be taken.
3. The root cause of the problem shall be determined and a suitable solution to the nonconformity shall be initiated.
4. Evaluations of the nonconformities shall indicate what corrective actions to take to eliminate the root causes of the nonconformities or potential nonconformities.
5. The personnel responsible in providing and implementing the corrective action shall complete the with the following information :-
• Action Proposed to prevent recurrence so as action taken to rectify the problem.
• Date which the corrective action shall be completed.
• Where appropriate, analysis and support data is necessary to address the potential occurrence of problem.
6. QMR shall verify that the corrective actions are taken and are effective.
7. Where come into situation of corrective action taken being reported other than such as PQP, CAR format from customer etc., the tracking of documented information shall be demonstrated. 
8. If the action taken is not effective in resolving the problem, QMR shall bring it to the attention of the relevant party concerned and another corrective action plan may be initiated.
9. If there any is unable to close within the dateline given, QMR should get feedback from the relevant parties and stating the valid reason of unclosed issue.
10. At time, the action implemented may result in changes of affected documents; any amendment of document shall follow according to Documented Information Control Procedure.
11. The trends in nonconformities and corrective actions shall be reviewed by top management of Company as it required by clause 9.3 Management Review of the Quality Manual

Read More

Control of Nonconforming Output Procedure

GENERAL REQUIREMENT

This procedure provides guideline to extent information explained in clause 8.7 Control of Nonconforming output of the Quality Manual.

The requirement is also enable to provide conformity to clause 8.7.1 and 8.7.2 of Control of nonconforming outputs of ISO 9001:2015 Standard Requirement.

COMMON DEFINITION USED

The definitions addressed are mainly refer to IS0 9000:2015

• Complaint
• Correction
• Quality
• Defect
• Concession
• Supplier
• Release
• Corrective action
• Conformity
• Verification
• Requirement
• Nonconformity

RESPONSIBILITY AND AUTHORITY

IDENTIFICATION OF NON-CONFORMITY

Nonconformity of output in the [scope of activity] activity can be identified throughout one or combination of following occurrence;

1. Inappropriate planning as described in clause 8.1 Project Planning of this Quality Manual
2. Defect detected by the personnel during construction where it does not meet with specification as defined in clause 8.5.1 Project management control of this Quality Manual
3. Absence of competent person if it is required by the clause 7.2 Competence of this Quality Manual
4. Defective purchased material or out of specification material as defined in clause 8.4 Control of externally provided processes, products and services of this Quality Manual caused by supplier.
5. Other potential undesired consequences associated with services (example; measurement faulty caused by unfit measurement instrument as per clause 7.1.5 Monitoring and measuring resources of Quality Manual)
6. Customer complaint
7. Complaint received during warranty period

CONTROL OF NONCONFORMITY

1. Whenever nonconformity is detected;
• Nonconformity with regard to the facility or material or physical property, the On-Hold tag must be placed to the defect unit accordingly.
•  If related to the human resources, proceed to the clause 7.2 Competence of Quality Manual.
• Review possibility of occurrence due to weaknesses of communication factor as described in clause 7.4 Communication of Quality Manual
2. The nonconformity shall be reviewed by for disposition, which may be any of the following;
• Hold or must not to be used, or
• Concession by authorized person
3. The concession of nonconformity is not accepted for concession if high impact to the quality issues or jeopardize the company reputation as defined in Risk Analysis.
4.  Results of the review shall be recorded by on the CPAR form
5. The shall be responsible to review the nature and seriousness of nonconformity.
6. For nonconforming condition that have been accepted by concession when regulatory requirements are met. The record of the identity of the person(s) authorizing the concession shall be maintained.
7. If action will be taken other than decision stated in #2, the non-conformity shall be corrected. will verify the measures taken before release non-conformance status.
8. Designated person will decide whether the issuance of CAR form, the nonconformity need further investigation throughout the Corrective Action Procedure or used as record purpose only.
9. For purchased material/part which are found defective or out of specification, [designated person] shall arrange to return the item to the supplier for replacement or further action. CPAR form should be issued.
10. Any defective purchased material requested for concession, the process should follow step as described in the #9.
11. Top management will decide for necessity to inform the nonconformity depends on the severity of the issues.
12. QMR shall maintain CPAR status log.
13.  Status of CAR shall be highlighted for management review meeting.

Read More

Documented Information Control Procedure

GENERAL REQUIREMENT

This procedure provides guideline to extent information explained in clause 7.5 Documented Information of the Quality Manual.

The requirement requirement is also enable to provide conformity to clause 7.5 Documented Information of ISO 9001:2015 Standard Requirement. (Clause 7.5.1, 7.5.2 and 7.5.3)

Type of Documented information applied in Company is as follows;

• a) Information type 1: Instruction or guideline document such as manual, procedure, work instruction, flow chart and others.
• b) Information type 2: Blank format
• c) Information type 3: Filled-up document such as record.

COMMON DEFINITION USED

The definitions addressed are mainly refer to IS0 9000:2015 RESPONSIBILITY AND

INFORMATION CONTROL PROCESS

New Creation of Document

1. Document that required to be controlled is as defined in clause clause 7.5 Documented Information of the Quality Manual. It applies to documented information type 1 and type 2.
2. Any new document proposal must be approved by QMR. Endorsement will be made Managing Director where necessary
3. Approved document shall be listed in the Document Master List
4. Revision history should be determined through;
1. Revision history table at front page of document (e.g. procedure or work instruction)
2. Address in the footer of the document in case of form, checklist or other similar type of document
5. Document will consider as official once being formated in PDF version and retained by QMR.
6. Document shall be controlled as section Management of Controlled Document of this procedure

Amendment of Existing Document

1. Any proposal of revision to the existing document must through QMR. It applies to documented information type 1 and type 2.
2. Those changes made for the form, old version of document need to be cleared first before use of revised document. Where applicable, Document Controller or QMR has authority to stop the usage of old document if reflected to the quality service conformity.
3. Revision history as determined in #4 of section New Creation of Document shall be updated

Management of Controlled Document

1. Control requirement for document is covered for internal and external document.
2. Master Copy shall be in soft copy, protected in PDF file and retained by QMR.
3. Copy of document is allowed but shall obtain approval from QMR before issuance.
4. Original soft copy only kept by the Document Controller for reference or to be used upon requires for changed.
5. Maintenance of soft copy should be in appropriate manner and back-up system should be activated through external hard disc or USB drive or other appropriate methods
6. No hard copy is allowed. However, QMR will justify the method of distribution if hard copy of controlled document is really need and does not against MISB‘s integrity of quality management system.
7. Distributed copies shall be indicated with CONTROLLED in red on the first page of Revision History. 8 Any controlled document need to be distributed to the third party, it shall be approved by QMR and indicated with UNCONTROLLED

Management of Controlled Records

This section is applied to documented information type 3.

Identification and traceability of Records

1. All records shall be filed in sequence and/or dated to allow easy identification and retrieval.
2. Unique identification of the version used is generated as described in #3 and #4 of section New Creation of Document of this procedure.
3. Unique identification for referring to the product, services or output of Company can refer to clause 8.5.2 Identification and traceability of the Quality Manual
4. QMR shall be responsible to maintain the List of Records. If any changes to the list of their records, the list shall be updated accordingly.
5. Records should be kept at the designated location to ensure the traceability and person in charge is defined

Storage, Protection and Retention

1. All records shall be stored and maintained and retrievable by the respective functions.
2. Record’s legibility must be preserved.
3. Records shall be stored in hard copy and/or soft copy as appropriate. For non-critical records, storage in normal file cabinet is sufficient. For critical records, if any, the records shall be protected from potential fire, theft, unauthorized removal and other damage.
4. Also, critical records on electronic media shall be secured from inadvertent deletion, computer viruses and corruption of files; hard copies shall be produced and kept at a different location / area.
5. Records on soft copy shall be backed-up and back-up records shall be protected accordingly from damage or loss.
6. All records shall be retained for a minimum period as specified in the List of Records. Designated person shall be responsible to establish the retention period.

Retrieval and Disposal

1. All records shall be made available for inspection by management committee or as requested by the interested parties.
2. The records shall be stored in such a way that they are readily retrievable for review. For any request for records by external parties,
3. Records only can be disposed once obtained approval from QMR
4. Records shall be disposed-off by any suitable means. Confidential records shall be disposed-off by shredding.

Read More

Verification

Verification

Verification is a process. It uses objective evidence to confirm that specified requirements have been met. Whenever specified requirements have been met, a verified status is achieved. There are many ways to verify that requirements have been met.

For example you could inspect something, you could do tests, you could carry out alternative calculations, or you could examine documents before you issue them.

Read More

Validation

Validation

Validation is a process. It uses objective evidence to confirm that the requirements which define an intended use or application have been met. Whenever all requirements have been met, a validated status is established.

Validation can be carried out under realistic use conditions or within a simulated use environment. There are several ways to confirm that the requirements which define an intended use or application have been met. For example you could do tests, you could carry out alternative calculations, or you could examine documents before you issue them.

Read More

Traceability

Traceability

Traceability is the ability to identify and trace the history, distribution, location, and application of products, parts, materials, and services.

A traceability system records and follows the trail as products, parts, materials, and services come from suppliers and are processed and ultimately distributed as final products and services.

Read More

Top management

Top management

The term top management normally refers to the people at the top of an organization. It refers to the people who provide resources and delegate authority and who coordinate, direct, and control organizations.

However, if the scope of a management system covers only part of an organization, then the term top management refers, instead, to the people who direct and control that part of the organization.

Read More

System

System

A system is defined as a set of interrelated or interacting elements. A management system is one type of system. It is a set of interrelated or interacting elements that organizations use to formulate policies and objectives and to establish the processes that are needed to ensure that policies are followed and objectives are achieved.

Read More

Supplier

Supplier

A supplier is a person or an organization that provides products or services. Suppliers can be either internal or external to an organization. Internal suppliers provide products or services to people within their own organization while external suppliers provide products or services to other organizations.

Examples of suppliers include organizations and people who produce, distribute, or market products, provide services, or publish information. While ISO still includes a definition for this term, the new ISO 9001 2015 standard no longer actually uses it. It prefers, instead, to use the term external provider.

Read More

Strategy

Strategy

A strategy is a plan for achieving an objective.

Read More

Statutory requirement

Statutory requirement

A statutory requirement is defined by a legislative body and is obligatory.

 

Read More

Service

Service

A service is an intangible output and is the result of a process that includes at least one activity that is carried out at the interface between the supplier (provider) and the customer.

Service provision can take many forms. Service can be provided to support an organization’s own products (e.g. warranty service or the serving of meals). Conversely, it can be provided for a product supplied by a customer (e.g. a repair service or a delivery service). It can also involve the provision of an intangible thing to a customer (e.g. entertainment, ambience, transportation, or advice).

Read More

Risk-based thinking

Risk-based thinking

Risk-based thinking refers to a coordinated set of activities and methods that organizations use to manage and control the many risks that affect its ability to achieve objectives.

Risk-based thinking replaces what the old standard used to call preventive action. While risk-based thinking is now an essential part of the new standard, it does not actually expect you to implement a formal risk management process nor does it expect you to document your organization’s risk-based approach.

Read More

Risk

Risk

According to ISO 9000, risk is the “effect of uncertainty on an expected result” and an effect is a positive or negative deviation from what is expected. The following two paragraphs will explain what this means.

This definition recognizes that all of us operate in an uncertain world. Whenever we try to achieve something, there’s always the chance that things will not go according to plan. Sometimes we get positive results and sometimes we get negative results and occasionally we get both. Because of this, we need to reduce uncertainty as much as possible. Uncertainty (or lack of certainty) is a state or condition that involves a deficiency of information and leads to inadequate or incomplete knowledge or understanding.

In the context of risk management, uncertainty exists whenever the knowledge or understanding of an event, consequence, or likelihood is inadequate or incomplete. While this definition argues that risk can be positive as well as negative, a note acknowledges that "the term risk is sometimes used when there is only the possibility of negative consequences".

Read More

Review

Review

A review is an activity. Its purpose is to figure out how well the thing being reviewed is capable of achieving established objectives.
Reviews ask the following question: is the subject (or object) of the review a suitable, adequate, effective, and efficient way of achieving established objectives? There are many kinds of reviews. Some of these include management reviews, design and development reviews, customer requirement reviews, nonconformity reviews, and peer reviews.

Read More

Requirement

Requirement

A requirement is a need, expectation, or obligation. It can be stated or implied by an organization, its customers, or other interested parties.

A specified requirement is one that has been stated (in a document for example), whereas an implied requirement is a need, expectation, or obligation that is common practice or customary. There are many types of requirements.

Some of these include customer requirements, quality requirements, quality management requirements, management requirements, product requirements, service requirements, contractual requirements, statutory requirements, and regulatory requirements.

Read More

Release

Release

To release means to grant permission to proceed to the next stage of a process. The term release is also used to refer to a version of software or documented information.

Read More

Regulatory requirement

Regulatory requirement

A regulatory requirement is an obligation that is specified by an authority which gets its mandate from a legislative body.

Read More

Quality policy

Quality policy

A quality policy should express top management's commitment to the quality management system (QMS) and should allow managers to set quality objectives.

It should be based on ISO’s quality management principles and should be compatible with your organization’s other policies and be consistent with its vision and mission. ISO's quality management principles ask you to focus on customers and interested parties, to provide leadership, to engage and involve people, to use a process approach, to encourage improvement, to use evidence to make decisions, and to manage corporate relationships.

Read More

Quality objective

Quality objective

A quality objective is a quality result that you intend to achieve. Quality objectives are based on or derived from an organization’s quality policy and must be consistent with it. They are usually formulated at all relevant levels within the organization and for all relevant functions. The adjective quality applies to objects and refers to the degree to which a set of inherent characteristics fulfills a set of requirements; and an object is any entity that is either conceivable or perceivable. Therefore, a quality objective can be set for any kind of object.

Read More

Quality management system

Quality management system

A quality management system (QMS) is a set of interrelated or interacting elements that organizations use to formulate quality policies and quality objectives and to establish the processes that are needed to ensure that policies are followed and objectives are achieved.

These elements include structures, programs, practices, procedures, plans, rules, roles, responsibilities, relationships, contracts, agreements, documents, records, methods, tools, techniques, technologies, and resources.

Read More

Quality management

Quality management

Quality management includes all the activities that organizations use to direct, control, and coordinate quality. These activities include formulating a quality policy and setting quality objectives.

They also include quality planning, quality control, quality assurance, and quality improvement.

Read More

Quality

Quality

The adjective quality applies to objects and refers to the degree to which a set of inherent characteristics fulfills a set of requirements.

An object is any entity that is either conceivable or perceivable and an inherent characteristic is a feature that exists in an object. The quality of an object can be determined by comparing a set of inherent characteristics against a set of requirements. If those characteristics meet all requirements, high or excellent quality is achieved but if those characteristics do not meet all requirements, a low or poor level of quality is achieved. So the quality of an object depends on a set of characteristics and a set of requirements and how well the former complies with the latter.

Read More

Provider

Provider

A provider is a person or an organization that supplies or provides products or services. Providers can be either internal or external to the organization. Internal providers supply products or services to people within their own organization while external providers supply products or services to other organizations.

Read More

Product

Product

A product is a tangible or intangible output that is the result of a process that does not include activities that are performed at the interface between the supplier (provider) and the customer. Products can be tangible or intangible.

According to a note to this definition, there are three generic product categories: hardware, processed materials, and software.

Many products combine several of these categories. For example, an automobile (a product) combines hardware (e.g. tires), software (e.g. engine control algorithms), and processed materials (e.g. lubricants).

Read More

Process-based quality management system

Process-based quality management system

A process-based quality management system uses a process approach to manage and control how its quality policy is implemented and how its quality objectives are achieved. A process-based QMS is a network of interrelated and interconnected processes.

Each process uses resources to transform inputs into outputs. Since the output of one process becomes the input of another process, processes interact and are interrelated by means of such input-output relationships. These process interactions create a single integrated process-based QMS.

Read More

Process approach

Process approach

The process approach is a management strategy. When managers use a process approach, it means that they manage and control the processes that make up their organization, the interaction between these processes, and the inputs and outputs that tie these processes together.

Read More

Process

Process

A process is a set of activities that are interrelated or that interact with one another. Processes use resources to transform inputs into outputs.

Processes are interconnected because the output from one process often becomes the input for another process. While processes usually transform inputs into outputs, this is not always the case. Sometimes inputs become outputs without transformation.

Organizational processes should be planned and carried out under controlled conditions. An effective process is one that realizes planned activities and achieves planned results.

Read More

Policy

Policy

A policy is a general commitment, direction, or intention and is formally stated by top management. A quality policy statement should express top management's commitment to the implementation and improvement of its quality management system and should allow managers to set quality objectives.

Read More

Performance indicator

Performance indicator

A performance indicator (metric) is a characteristic that is used to measure customer satisfaction and how well outputs are realized.

Read More

Performance

Performance

According to ISO, the term performance refers to a measurable result. It refers to the measurable results that activities, processes, products, services, systems and organizations are able to achieve. Whenever they perform well it means that acceptable results are being achieved and whenever they perform poorly, unacceptable results are achieved.

Read More

Outsource

Outsource

When an organization makes an arrangement with an outside organization to perform part of a function or process, it is referred to as outsourcing.

To outsource means to ask an external organization to perform part of a function or process normally done inhouse. While an outsourced organization is beyond the scope of your QMS, the outsourced process or function itself falls within your scope.

Read More

Output

Output

An output is the result of a process. Outputs can be either tangible or intangible. The output from one process is often the input for another process.

ISO 9001 lists four generic output categories: services, software, hardware, and processed materials. Outputs often combine several of these categories. For example, an automobile (an output) combines hardware (e.g. tires), software (e.g. engine control algorithms), and processed materials (e.g. lubricants).

Read More

Organization

Organization

An organization can be a single person or a group that achieves its objectives by using its own functions, responsibilities, authorities, and relationships. It can be a company, corporation, enterprise, firm, partnership, charity, association, or institution and can be either incorporated or unincorporated and be either privately or publicly owned. It can also be an operating unit that is part of a larger entity.

Read More

Objective evidence

Objective evidence

Objective evidence is data that shows or proves that something exists or is true. Objective evidence can be collected by performing observations, measurements, tests, or using other suitable methods.

Read More

Objective audit evidence

Objective audit evidence

Objective audit evidence is information that is verifiable and generally consists of records and other statements of fact that are relevant to the audit criteria being used.

Read More

Objective

Objective

An objective is a result you intend to achieve. Objectives can be strategic, tactical, or operational and can apply to an organization as a whole or to a system, process, project, product, or service.

Objectives may also be referred to as targets, aims, goals, or intended outcomes. Quality objectives are generally based on or derived from an organization’s quality policy and must be consistent with it.

Read More

Object

Object

An object is any entity that is either conceivable or perceivable. Objects can be real or imaginary and could be material or immaterial. Examples include products, services, systems, organizations, people, practices, procedures, processes, plans, ideas, documents, records, methods, tools, machines, technologies, techniques, and resources.

Read More

Nonconformity

Nonconformity

Nonconformity is a nonfulfillment or failure to meet a requirement.

A requirement is a need, expectation, or obligation. It can be stated or implied by an organization or interested parties.

Read More

Monitoring

Monitoring

To monitor means to determine the status of an activity, process, or system at different stages or at different times. In order to determine status, you need to supervise and to continually check and critically observe the activity, process, or system that is being monitored.

Read More

Measuring equipment

Measuring equipment

Measuring equipment includes all the things needed to carry out a measurement process. Accordingly, measuring equipment includes instruments and apparatuses as well as all the associated software, standards, and reference materials.

Read More

Measurement

Measurement

Measurement is a process that is used to determine a value. In most cases this value will be a quantity.

Read More

Management system

Management system

A management system is a set of interrelated or interacting elements that organizations use to formulate policies and objectives and to establish the processes that are needed to ensure that policies are followed and objectives are achieved.

These elements include structures, programs, procedures, practices, plans, rules, roles, responsibilities, relationships, contracts, agreements, documents, records, methods, tools, techniques, technologies, and resources.

There are many types of management systems. Some of these include quality management systems, environmental management systems, financial management systems, information security management systems, business continuity management systems, emergency management systems, disaster management systems, food safety management systems, risk management systems, and occupational health and safety management systems.

The scope or focus of a management system could be restricted to a specific function or section of an organization or it could include the entire organization. It could even include a function that cuts across several organizations.

Read More

Management

Management

The term management refers to all the activities that are used to coordinate, direct, and control organizations. These activities include developing policies, setting objectives, and establishing processes to achieve these objectives.

In this context, the term management does not refer to people. It refers to what managers do.

Read More

Knowledge

Knowledge

Knowledge is a collection of information and a justified belief that this information is true with a high level of certainty.

Read More

Involvement

Involvement

Involvement occurs when people share objectives and are actively engaged in and contribute to their achievement.

Read More

Interested party

Interested party

An interested party is anyone who can affect, be affected by, or believe that they are affected by a decision or activity. An interested party is a person, group, or organization that has an interest or a stake in a decision or activity.

Read More

Innovation

Innovation

Innovation is a process that results in a new or substantially changed object.
An object is any entity that is either conceivable or perceivable. Objects can be real or imaginary and could be material or immaterial. Examples include products, services, systems, organizations, people, practices, procedures, processes, plans, ideas, documents, records, methods, machines, tools, technologies, techniques, and resources.

Read More

Infrastructure

Infrastructure

The term infrastructure refers to the entire system of facilities, equipment, and support services that organizations need in order to function.

According to ISO 9001, section 7.1.3, the term infrastructure can include buildings, equipment, utilities, and technologies (both hardware and software).

Read More

Information system

Information system

In the context of this ISO 9001 standard, an information system is a network of communication channels used within an organization.

Read More

Information

Information

Information is “meaningful data”. While it's not entirely clear what the word “meaningful” is supposed to mean in this context, dictionaries tend to say that something is meaningful if it is significant, relevant, material, valid, or important.

Read More

Improvement

Improvement

Improvement is a set of activities that organizations carry out in order to enhance performance (get better results). Improvement can be achieved by means of a single activity or by means of a recurring set of activities.

Read More

Function

Function

A function is a role that is performed by a unit of an organization.

Read More

Feedback

Feedback

The term feedback is used to refer to a comment or an opinion expressed about a product or service or an interest expressed in a product or a service. It may also be used to refer to the customer complaints-handling process itself.

Read More

Effectiveness

Effectiveness

Effectiveness refers to the degree to which a planned effect is achieved. Planned activities are effective if these activities are actually carried out and planned results are effective if these results are actually achieved.

Read More

Documented information

Documented information

The term documented information refers to information that must be controlled and maintained and its supporting medium.

Documented information can be in any format and on any medium and can come from any source. Documented information includes information about the management system and related processes.

It also includes all the information that organizations need to operate and all the information that they use to document the results that they achieve (aka records).

Read More

Determination

Determination

To determine means to find or to identify the value of a characteristic.

Read More

Design and development

Design and development

Design and development is a process (or a set of processes) that uses resources to transform general input requirements for an object into specific output requirements. An object is any entity that is either conceivable or perceivable.

Objects can be real or imaginary and could be material or immaterial. Examples include products, services, systems, organizations, people, practices, procedures, processes, plans, ideas, documents, records, methods, tools, machines, technologies, techniques, and resources.

Read More

Defect

Defect

A defect is a type of nonconformity. It occurs when a product or service fails to meet specified or intended use requirements.

Read More

Data

Data

The term data is defined as any facts about an object.

Read More

Customer satisfaction

Customer satisfaction

Customer satisfaction is a perception. It's also a question of degree. It can vary from high satisfaction to low satisfaction. If customers believe that you've met their requirements, they experience high satisfaction. If they believe that you've not met their requirements, they experience low satisfaction. Since satisfaction is a perception, customers may not be satisfied even though you’ve met all contractual requirements. Just because you haven’t received any complaints doesn’t mean that customers are satisfied. There are many ways to monitor and measure customer satisfaction. You can use customer satisfaction and opinion surveys; you can collect product quality data (post delivery), track warranty claims, examine dealer reports, study customer compliments and criticisms, and analyze lost business opportunities.

Read More

Customer

Customer

A customer is anyone who receives products or services (outputs) from a supplier. Customers can be either people or organizations and can be either external or internal to the supplier organization. Examples of customers include clients, consumers, users, guests, patients, purchasers, and beneficiaries.

Read More