Introduction

Having “done the business” in clause 8 it is time to check performance. The usual suspects appear here. The organization determines what, how, and when things are to be monitored, measured, analyzed, and evaluated. Add internal audit and management review to the mix and everything expected is addressed. Internal audits provide information on whether the management system conforms to the requirements of the organization and the standard and is effectively implemented and maintained. Management review addresses the question: ‘is the management system suitable, adequate and effective?’ Once again, the auditor should benefit from a consistent set of requirements for checking results against the plan. There is a long list of objective evidence that can be identified and confirmed: metrics, schedules, evaluations, nonconformities and corrective actions, monitoring and measurement results, and audit and management review results.

Clause 9 Performance evaluation has three subclause

• 9.1 Monitoring, measurement, analysis and evaluation
  • 9.1.1 General
  • 9.1.2 Customer satisfaction
  • 9.1.3 Analysis and evaluation
• 9.2 Internal audit
• 9.3 Management Review
  • 9.3.1 General
  • 9.3.2 Management review inputs
  • 9.3.3 Management review outputs

Clause 9.2 Internal audit is a separate article.

9.1 Monitoring, measurement, analysis and evaluation

9.1.1 General

The organization should determine what needs to be monitored and measured. It must also determine the methods for monitoring, measurement, analysis, and evaluation needed to ensure valid results. When the monitoring and measuring must be performed. Also when the results from monitoring and measurement must be analyzed and evaluated. The organization should also evaluate the performance and effectiveness of the quality management system. It must retain appropriate documented information as evidence of the results.

The organization needs to determine what needs to be monitored and measured. The methods were chosen for monitoring, measuring, analysis, and evaluation to ensure valid results; which places a greater emphasis on producing comparable and reproducible results than previously. In addition, the organization should determine when the monitoring and measuring shall be performed, and when the results will be analyzed and evaluated. Note that an organization may have several measurements related to information needs, and these needs may change over time. For example, when a management system is relatively new, it may be important just to monitor the attendance at, say, awareness training. Once the intended rate has been achieved, the organization might look more towards the implementation and quality of the awareness training. It might do this by setting specific awareness objectives and determining the extent to which the attendees have understood what they have learned. Later still, the information need may extend to determine what impact this level of awareness has on performance for the organization (effectiveness). A range of metrics and measurements needs to be developed, collated, and reviewed on a regular basis, and included in the management review process. They need to focus on discipline-specific performance as well as the effectiveness of the management system.

The ISO 9001:2015  goes into more depth and emphasis measuring and evaluating how well an organization’s QMS is performing. A range of metrics and measurements needs to be developed, collated, and reviewed on a regular basis and included in the management review process. In ISO 9001:2008 Clause 8.1  there was a requirement for planning. This has been replaced with the determination of what needs monitoring and measuring, the methods to be used, when performing/analyzing/evaluating. The methods chosen must produce comparable and reproducible results to be considered valid. In addition, the organization should determine when the monitoring and measuring shall be performed, when the results will be analyzed and evaluated.

You must plan and implement processes that monitor, measure, analyze and evaluate the health of your QMS. The focus of these processes must be on product/service conformity, process conformity, and improving QMS effectiveness. Consider using a variety of methods including statistical techniques. In planning what to track and measure, let us review the quality objectives we established and all of the performance indicators we established for each of our QMS processes and activities. You must be careful not to overwhelm your organization with objectives as this may cause more frustration than positive results. Start with objectives that focus on meeting customer requirements and then slowly develop meaningful objectives for key processes and risk-prone processes, as initial targets are achieved. Planning of measurement and data analyses processes must consider the methods and resources such as time, manpower, computer, software, statistical tool, etc needed to collect, organize and analyze product and QMS performance data. Measurement involves physically measuring product characteristics or process parameters against acceptance criteria at predefined intervals and sampling sizes, using predefined measurement devices. Measurement results may not always be fully recorded. Use your organization’s cross-functional knowledge of customer requirements, product, technology, manufacturing processes, etc., to determine what statistical methods to use for each process and to what extent to use them. Include these methods in your quality plan.  Statistical methods to verify product characteristics and process parameters include process capability studies, control charts, Pareto analysis, variation analysis. Define and implement appropriate training and competency requirements for all personnel using statistical methods, tools, and analysis. Monitoring usually involves conducting ongoing periodic checks to determine whether product characteristics or process parameters are within acceptable limits. The frequency of monitoring may vary on the risk and reliability of products and processes. Monitoring is also useful in determining the scope and frequency of product and process measurement. The results of monitoring may or may not be recorded. You must identify and document all processes addressing this clause as part of your QMS. For these processes, you must also identify what specific documents, controls, and resources are needed. You could use a product quality plan, documented procedure, or other combination of specific practices, procedures, documents, and methods. Look at the risks related to your product, processes, and resources in determining the extent of documented controls you need to have. The output of monitoring and measurement methods used within each QMS process provides useful performance indicators for determining the degree of conformity of product and QMS to requirements and whether the QMS has been effectively implemented and maintained. You must also establish methods and indicators to monitor and measure your QMS processes to demonstrate process capability to achieve planned results and identify opportunities to improve the process. Use your organization’s cross-functional knowledge of customer requirements, product, technology, manufacturing processes, etc., to determine process monitoring and measuring indicators and controls. Monitoring and measurement may be done manually or by automated means. Another way to identify useful methods and indicators is to review what problems could occur or have occurred within a particular process. Monitor and measure these occurrences and then analysis and evaluate the data to develop process controls to reduce or eliminate them. Problems or risks can occur with any of the variables in a process for e.g. materials, equipment, facility, methods, technology, personnel, computer hardware or software, etc. By using fishbone analysis or similar tools, you can develop very useful monitoring and measuring methods and process performance indicators. Correction refers to action taken to eliminate a detected nonconformity, i.e. the symptom. There must be a definite plan which determines what characteristics of product/service and process you will monitor and measure. When exactly will you monitor and measure those characteristics? How exactly will you analyze and evaluate the data you obtain from monitoring and measurement. Anywhen you are going to analyze and evaluate. The method you use should give you a valid result. You must also evaluate the performance and effectiveness of your QMS. You must keep a record of your monitoring, measurement, analysis, and evaluation. You must monitor your processes:

• First to determine and establish the capability of new processes to conform to requirements.
• And secondly, to monitor these processes over time to verify ongoing stability and capability to meet requirements.
• And thirdly to determine and achieve levels of continual improvement

To achieve planned results, control methods used for monitoring and measurement should focus on achieving the performance indicators we have identified for each QMS process. The monitoring and measurement techniques, sampling plans, acceptance criteria should be documented or referenced in your quality plan, or you could use a combination of specific practices, procedures, documents, and methods. Look at the risks and benefits in determining the extent of documented controls you need to have. However, the output of monitoring and measurement methods used within each QMS process provides useful performance indicators for determining the effective implementation and maintenance of QMS processes.

 9.1.2  Customer Satisfaction

The organization should monitor customer perceptions of the degree to which their needs and expectations have been fulfilled and must determine the methods for obtaining, monitoring, and using this information. Some of the methods by which monitoring of customer perceptions can include customer surveys, customer feedback on delivered products or services, meetings with customers, market-share analysis, compliments, warranty claims, and dealer reports.

Customer satisfaction is still an important metric and now includes obtaining information on customer’s views; as well as having a structured approach to analyzing and evaluating all the information. Customers are primarily the end-users of your product, but also include intermediaries such as assemblers who may be internal or external and who integrate your product into theirs, and dealers and distributors who market and sell your product or the integrated product. You need to consider feedback from all these customers to determine whether or not you have met their specified and perceived requirements. Customer requirements may relate to the design, manufacture, delivery, servicing, and support of the product, QMS, communication, and financial requirements, etc. you must have controls to identify and meet these requirements Customer feedback or satisfaction is the first tool required by this standard to gauge the health of your QMS. This clause requires you to gather and analyze the information as to what extent you met these requirements, from the customer’s perspective. What is the customer’s evaluation of your performance with regard to their requirements? You must continually gather information about these activities, in a manner capable of being analyzed and evaluated to determine how well you performed them. There are all kinds of performance indicators for design, manufacture, delivery, service, and support, etc. Gather information on these indicators from both the customer as well from internal processes. There are many ways to monitor customer satisfaction feedback both positive as well as negative. These may include customer complaints, direct communications with customers, questionnaires and surveys, subcontracted collection and analysis of performance data, reports from consumer organizations, reports in various media, sectors, and industry studies. You are expected to have a process that defines your customer satisfaction indicators, frequency and method of data collection, summarization, review, and evaluation of data, actions to improve, timeline, responsibility, and follow-up. Many customers routinely provide feedback on some or all of the information indicated above.  You must continuously review this customer feedback to ensure you maintain and improve your customer satisfaction rating. You must monitor trends in customer satisfaction indicators and use these as a baseline for continual improvement. You should consider both external as well as internal customer satisfaction. Note that every internal process is either a customer or a supplier of another process. You must identify and document the process addressing this clause as part of your QMS. For this process, you must also identify what specific documents, controls, and resources are needed. You could use a documented procedure or other combination of specific practices, procedures, documents, and methods. Look at the risks and benefits in determining the extent of documented controls you need to have. Performance indicators to measure the effectiveness of processes that control customer satisfaction may include improvement in customer feedback ratings, reduction in customer complaints, increase in the number of customers providing feedback, increase in feedback that leads to QMS, and product improvement opportunities.

9.1.3 Analysis and Evaluation

The organization should analyze and evaluate appropriate data and information arising from monitoring and measurement. Use the results of the analysis to evaluate the conformity of products and services, the degree of customer satisfaction, the performance and effectiveness of the quality management system. The organization must also evaluate if planning has been effectively implemented and the effectiveness of actions taken to address risks and opportunities. The performance of external providers and the need for improvements within the quality management system must also be evaluated. Methods to analyze data can include statistical techniques.

The Analysis and Evaluation requirements of the new standard are expressed in clause 9.1.3. The related requirements in ISO 9001:2008 are primarily in clause 8.4, Analysis of Data. A new requirement in clause 9.1.3 is to use the results of the analysis to evaluate if planning has been effectively implemented. Clause 8.4 of ISO 9001:2008 doesn’t mention the use of data analysis to evaluate planning. A new requirement in clause 9.1.3 is to evaluate the effectiveness of the actions taken to address risks and opportunities. ISO 9001:2008 does not mention risks or opportunities. Clause 8.4 in ISO 9001:2008 requires data to be analyzed to provide information on customer satisfaction. Clause 9.1.3 requires the analysis and evaluation to be used to evaluate the “degree” of customer satisfaction. Clause 8.4 in ISO 9001:2008 refers to analyzing data to provide information on conformity to product requirements. Clause 9.1.3 requires the results of the analysis to be used to evaluate the conformity of products and “services”.Clause 8.4 of ISO 9001:2008 requires data to be analyzed to “provide information” on “suppliers”. Clause 9.1.3 requires the results of the analysis to be used to evaluate the “performance” of “external providers”. An external provider is a supplier of products or services that is external to the organization. The provider could be a producer, distributor, retailer, or vendor.

You must collect and analyze QMS data that relate to the performance, effectiveness, and efficiency of products, services, QMS processes, production output, external provider (supplier) performance, use of resources, cost of poor quality, customer satisfaction, etc. Do year-over-year trend analysis to determine longer-term progress, identify opportunities for further improvement, or prioritize correction action for negative trends. Many organizations have wonderful systems for collecting data, but do a poor job in sorting, summarizing, and presenting this data for decision-making. You must sort and summarize the data you collect into things gone right and things that have gone wrong and present them separately. Management can then focus on continual improvement of things gone right and take corrective action on things gone wrong.  Your process for data collection and analysis must address the type of data to be collected, how it should be sorted and classified, use of appropriate information systems and data gathering tools and techniques, assignment of responsibility and authority to review and act, competency, and training in the use of tools and data analysis, that the data is gathered, analyzed and acted upon on a timely basis. A summary of QMS performance data must be included in your periodic management review. Compare trends in quality and operational performance against your business plans, competitors, and industry benchmarks, where practical. Focus on key customer-related trends to prioritize prompt solutions to problems, determine longer-term planning for performance improvement, and to enhance customer satisfaction. Performance indicators to measure the effectiveness of processes for data collection and analysis may include a reduction in cycle time to gather and evaluate data, reduction in inaccurate and incomplete data, increase in improvement opportunities obtained from data analysis, etc.

9.3 Management Review

9.3.1 General 

The Top Management of the organization should review the Organization’s QMS at planned intervals to ensure its continuing suitability, adequacy,  effectiveness and it should be aligned with the strategic direction of the organization.

9.3.2 Management review inputs

Plan and carry out management review considering the status of actions from previous management reviews, changes in external and internal issues relevant to QMS, the adequacy of resources, opportunities for improvement, and the effectiveness of actions taken to address risks and opportunities as explained in clause 6.1. The organization must also consider information on quality performance and effectiveness, including trends in non-conformities and corrective actions, customer satisfaction and feedback from relevant interested parties, Monitoring and measurement results, Audit results, the extent to which quality objectives have been met, process performance, conformity of product and services, the performance of  external providers 

9.3.3 Management review outputs

Outputs from the management review must include decisions and actions related to opportunities for improvement, any need for changes to QMS, and resource needs. The organization should retain documented information as evidence of the results of management reviews.

The Management Review requirements of ISO 9001:2015  are now stated in clause 9.3, instead of clause 5.6 as in ISO 9001:2008.  All of the clause 5.6 requirements of ISO 9001:2008 have been retained (except for the reference to preventive action). However, some have been reworded and relocated in a different sequence. For example, “follow-up actions from previous management reviews” was the fifth entry in 5.6.2 review inputs, and is now listed as the first consideration in 9.3.1 when planning and carrying out the management review: “status of actions from previous management reviews”. It makes sense to have “old” business covered first and then followed by “new” business. Clause 5.6.1 of ISO 9001:2008 required the review of any needed changes to the quality policy. The policy is no longer mentioned under Management Review. However, a similar and broader requirement is stated in 9.3.2: “any need for changes to the quality management system”. Clause 5.6.2 of ISO 9001:2008 requires that “information” be included for the listed review inputs. The ISO 9001:2015 standard changes the requirement to consider “information on the performance and effectiveness of QMS, including trends”, for the listed topics. The ISO 9001:2015 also requires you to plan and conduct your management reviews considering the changing business conditions and to align the reviews with your organizational strategies. An input in clause 5.6.2 of ISO 9001:2008 is to review the “status of preventive and corrective actions”. The related requirement in ISO 9001:2015 is to review “nonconformities and corrective actions”. A corrective action is a form of problem management, and preventive action is a form of risk management. Since the draft standard has added requirements on “risks and opportunities”, and is listed as a review topic, the reference to preventive action is no longer needed. Clause 5.6.1 of ISO 9001:2008 included “customer feedback” as a review input. This requirement has been revised in clause 9.3.1 to be “customer satisfaction and feedback from relevant interested parties”. A new requirement has been added as a review consideration, “The effectiveness of actions taken to address risks and opportunities.” It refers the reader to new clause 6.1, Actions to Address Risks and Opportunities, for more information. Clause 6.1 replaces the need for the old clause 8.5.3 on preventive action. Clause 5.6.1 of ISO 9001:2008 included “process performance and product conformity” as a review input. This requirement has been clarified as “process performance and conformity of products and services.”

The purpose of conducting management reviews of the QMS is to gauge the health of the QMS. The review must determine QMS suitability, adequacy, and effectiveness. Are the QMS resources and controls that were planned and implemented suitable and adequate for the QMS to be effective in achieving customer and regulatory requirements; and in achieving quality objectives? Are changes needed to improve products, processes, and use of resources? It would be logical to have a process for management review as it has specific requirements for management review inputs, value-adding review activities, and outputs. The process should address the frequency, schedule, quorum, and agenda for review meetings to be attended by top management. For the management review process itself to be effective, top management must plan the review of all agenda items with some regularity and take timely action to change or improve any part of it, including the quality policy and objectives. To avoid problems on frequency and scope of review, an effective way would be to incorporate QMS agenda items into regular monthly or quarterly operational meetings. Management review input should preferably be in summary form, showing QMS and operational performance measured against the business and quality plans, customer and regulatory objectives, and goals. Appropriate actions must result from such reviews. Review decisions and actions must relate to improving products and processes or even creating new ones, providing more resources or perhaps improving the efficiency of existing resources, improving QMS controls, objectives, improving overall QMS effectiveness and customer satisfaction. Responsibilities and timelines should accompany these decisions and actions. The performance of these actions must be followed up at subsequent management review meetings. Performance indicators to measure the effectiveness of the management review process could include – the achievement of quality objectives and improvement in customer satisfaction rating. You must identify and document the management review process as part of your QMS. You must also identify what specific documents are needed for effective planning, operation, and control of this process. These documents may include – documented information, review on, schedule, agenda and action forms, etc., combined with unwritten practices, procedures, and methods. Management review records must include topics discussed, decisions, responsibilities for corrective or improvement actions and related timelines, provision of resources, and follow-up actions from previous management reviews.

ISO 9001:2015 CLAUSE 6: PLANNING

Introduction

Clause 6 Planning brings risk–based thinking to the front. Once the organization has highlighted risks and opportunities in clause 4, it needs to stipulate how these will be addressed through planning. The planning phase looks at what, who, how, and when these risks must be addressed. This proactive approach replaces preventative action and reduces the need for corrective actions later on. Particular focus is also placed on the objectives of the management system. These should be measurable, monitored, communicated, aligned to the policy of the management system, and updated when needed. After much deliberation, the decision to make risk explicit has been made – here it is in clause 6. Having highlighted the issues and requirements in clause 4, now it is time to address the risks and opportunities the organization faces through planning. How will the organization prevent, or reduce, undesired effects? How will the organization ensure that it can achieve its intended outcomes and continual improvement? It will do it here in planning. Planning will address what, who, how, and when. Not difficult. This proactive approach is easier to understand than preventive action and should reduce the need for correction and corrective action at a later date. The requirements around the Quality objectives have also been made more detailed. They are to be consistent with the Quality policy, measurable (if practicable), monitored, communicated, and updated as appropriate. They have to be established at relevant functions and levels. Clause 6 puts a greater emphasis on the organization’s Planning which is integral to the business. Auditors should be familiar with risk – the consequences of an event and the associated likelihood of occurrence – and how to avoid, eliminate, minimize or mitigate it. They also need to focus on the positive aspect – opportunities for the business and how to optimize them. The risks and opportunities identified will lead to policies and objectives. Auditors should be able to identify and follow a clear path from issues and requirements through risks and opportunities, policies, and objectives.

Planning Process

The “Planning” clause has three sub-clauses ie

• Clause 6.1 Actions to address risks and opportunities
• Clause 6.2 Quality Objectives and Planning to Achieve Them
• Clause 6.3 Planning of Changes.

6.1 Actions to address risks and opportunities
6.1.1

When planning for the quality management system, the organization shall consider the issues referred to in Understanding the organization and its context (4.1) and the requirements referred to in Understanding the needs and expectations of interested parties(4.2) and determine the risks and opportunities that need to be addressed to give assurance that the quality management system can achieve its intended result(s); prevent, or reduce, undesired effects; and to achieve continual improvement.

6.1.2

The organization must plan actions to address the risks and opportunities determined in clause 6.1.1. The organization must also plan on how to integrate and implement the actions into its quality management system processes and evaluate the effectiveness of these actions. Actions taken to address risks and opportunities must be proportionate to the potential impact on the conformity of products and services. Options to address risks can include but not limited to avoiding, risk, taking the risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, retaining risk by informed decision, or implementing standards like ISO 31000. It is the prerogative of the management to adopt any one of the practices. Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using new technology, and other desirable and viable possibilities to address the organization’s or its customer’s needs. 

It is the responsibility of top management to provide direction, authorization and, resources, and review for QMS planning. When developing your QMS process controls for determining customer requirements, design, development, manufacture, delivery, and customer support, you must focus on meeting customer and regulatory requirements as well as the planned QMS objectives established in clause 6.2.  QMS planning requires you to identify all your QMS processes and describe their sequence and interaction. The criteria and methods for planning, operation, and control of these processes come from the rest of the ISO requirements as well as your customer and your own organization.  When planning its QMS, the top management must implement and promote a culture of risk-based thinking throughout the organization to determine and address the risks and opportunities associated with providing assurance that the QMS can achieve its intended result(s); provide conforming products and services, enhance customer satisfaction; promote desirable effects and improvement; and prevent, or mitigate, undesired effects. The organization must integrate the actions to address these risks and opportunities into its QMS processes using the PDCA cycle. Not all processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives and the effects of uncertainty are not the same for all organizations. Each organization is therefore responsible for the extent it applies risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.  Planning also requires monitoring and measuring these actions and gathering, analyzing, and evaluating appropriate data and information to determine the effectiveness of such actions. This planning must be periodically reviewed and updated as necessary when taking corrective actions or at management reviews. These actions must be proportional to the potential impact on the conformity of products and services.  When planning its QMS, the organization must consider the risks and opportunities presented by external and internal issues as well as the needs and expectations of interested parties, relevant to its purpose and strategic direction. Risk Management should be implemented at all levels of an organization, from the strategic to the operational level. The result of risk assessment should be considered in documenting the plans for process operation and risk control.

At the business and QMS planning stage, the organization should:

1. Determine the categories of risk from – strategic, operational, environmental legal, social, and financial points of view that the organization may be exposed to – that could impact its ability to conduct its business operations without disruption and to provide customer satisfaction and achieve sustained success.

2. The risk management methodology must be appropriate to the size and complexity of the organization. Establish a comprehensive list of risks under each of the categories described above, that might influence the achievement of process, product and service objectives;

3. The methodology should include the following steps to:

• Identify each potential risk;
• Describe the potential outcome of the risk;
• Identify the potential cause(s) of risk outcome
• Rate the consequence or severity of the outcome;
• Rate the likelihood of the cause occurring;
• Rate the probability of early detection of the outcome should it occur;
• Establish risk tolerance criteria;
• Categorize each risk into critical, high, medium or low based on using a combination of severity, occurrence, detection ratings, and other relevant factors to establish an overall risk score to all risks listed; Use the risk score to establish priority in addressing identified risks.
• Identify and determine the adequacy of any existing control to address the identified  risk;
• Determining appropriate controls to respond to each identified risk (process control plans). These controls should preferably prevent the potential cause of the risk from occurring and secondly at least be able to detect the cause and/or outcome of the risk.
• Determine compliance with predetermined tolerance criteria for acceptability of risk
• Provide and use risk management information for strategic decision-making and managing operations.

4.) Methods to identify risks

• Look at the past history of performance, lessons learned, current operations and planned future activities to identify potential risks or undesirable outcomes.
• Look at current activities and problems encountered, current and planned future activities – TGW (things going wrong)
• Apply TGW (Things Gone Wrong) for past activities and a contingency or “what if’ approach to identifying current and future risks.
• Apply these approaches to the full spectrum of risk categories listed in 1 above.
• Use various tools such as cross-functional teams, flow charts, checklists, risk analysis diagrams  to brainstorm and facilitate risk identification, analysis, and evaluation
• Ask when, where, why, who and how type questions to identify past, current, and future risks

5.) As indicated earlier the purpose of risk management controls is manifold and could  include:

• Avoiding the risk, where the only option is not to go forward with an activity or to withdraw from it
• Taking the risk, where risks have desirable potential consequences
• Altering  risk, to optimize potential opportunities and minimize threats
• Transferring risk by measures including insurance, contractual arrangements, trade unions, partnerships, and joint ventures
• Retain risk, where no worthwhile controls actions are feasible and the risk is within the organization’s risk tolerance
• Removing the source of the risk by perhaps using alternate or new technology.

Example of Determining Risk and Opportunity:

Issues (internal)	Expected Results	Uncertainty	Risk(-Ve) H/M/L	Opportunities
Availability of reliable, qualified, competent  and multi-skilled workforce	Workforce is Competent	Existing Workforce not all skilled	M	Opportunity to multi-skilled installation teams — impact on installation times
The culture within the organization – work quality	Workforce is motivated	Unacceptable quality of work	H	Opportunity for top Managers to lead.
WorkForce retention- Wage	The workforce is loyal to the organization	Workforce leaving for better-paid work	H	Opportunity to benchmark our Competitors wages

Issues (External)	Expected Results	Uncertainty	Risk (-Ve) H/M/L	Opportunities
Client working environment – other trades working alongside us	Integrated is protected	Damage to our installation	H	Opportunity to place barriers, floor markers,  signs for clear identification
Standardization and certification within the industry – not conforming	Being up to date and informed on standards	Code of practices are changing all the time	L	Opportunity for designers to attend free update the trade body conference (0.5 days)
Client Consideration – bringing expertise in-house	Workforce remain  loyal to the organization	Workforce for managed on-site contracts being employed direct by clients	H	Opportunity for a new contract clause prohibiting employment (time-bound)

Example of template for the procedure of Risk and opportunities

6.2 Quality Objectives and Planning to Achieve Them
6.2.1

The organization must establish quality objectives at relevant functions, levels, and processes. The quality objectives must be consistent with the quality policy. If practicable it must be measurable. It must be based on application requirements. It must be relevant to the conformity of products and services and the enhancement of customer satisfaction. It must be monitored and communicated. It must be updated as appropriate. The organization should maintain a documented information on the quality objectives.

6.2.2

When planning how to achieve the quality objectives, the organization must determine what will be done; what resources will be required; who will be responsible; when it will be completed; how the results will be evaluated.

The purpose of quality objectives is to determine conformity to (customer, regulatory and relevant stakeholders ) requirements, and effective deployment and improvement of the QMS. Clause 6.2 sets out specific requirements for the planning of quality objectives. This  Clause requires you to document it. This Clause also requires you to monitor and measure and evaluate results to your planned objectives. Top management must provide the leadership, organization, and resources to deploy and achieve planned quality objectives. The process and the responsible personnel needed to achieve the Quality objective must be determined.  The quality policy provides the framework for establishing quality objectives in order to be consistent with it and provided examples of such consistency. In this clause, the Organization must ensure that specific quality objectives are established at relevant functions, levels, and processes needed for QMS. The quality objective should be relevant to meeting the requirements of your products and services and enhancing customer satisfaction. Quality objectives are used to measure the performance of products, Service processes, customer satisfaction, suppliers, use of resources, and the overall performance and effectiveness of the QMS. Quality objectives may be established for all QMS processes.

Examples of quality objectives:

• Product – reduction in defect rates, PPM’s (defective parts per million), scrap rates, rework; improvement in on-time delivery.
• Process – objectives generally focus on improving process productivity through the elimination or reduction of variation and waste in process – inputs, outputs, conversion activity and related use of resources.
• Monitor and improve the process – productivity, reduction of cycle time, errors, omissions, and failures; etc. Examples could include objectives for – set-up time, run rates, process cycle time, etc.
• Customers – reduction in # of complaints, improvement in customer satisfaction rating, on-time delivery, service, support, etc,.
• Suppliers – material defects, on-time delivery, no of complaints with supplier.
• Resources include facility, equipment, labour, etc.- objectives could be established based on availability, capability, maintenance, personnel competency, absenteeism, production rates; efficiency; safety; etc.
• For the QMS – customer satisfaction feedback, internal audit results, # of improvement opportunities; etc.

Quality objectives may be set at various functional levels of the organization – top management, departments, processes, functional groups, work cells, project teams, individuals, etc. It would be useful to cover these levels as they add value and contribute to the customer or organizational objectives.  Employees at all of these levels must be made aware of the importance of and how they must contribute to the achievement of these objectives. Quality objectives must be measurable. Measurement can be done quantitatively or qualitatively. Quantitative measures are generally more objective in determining whether conformity or effectiveness has been achieved. In some situations, the use of qualitative measurements may be appropriate.  These quality objectives must be deployed and measured and top management must conduct an effective review of the measurement results. These measurement results must also be used for corrective action and continual improvement. The quality objectives must be achieved within a defined time period to ensure accountability i.e reducing customer complaints by 30% by March 2016. This could be determined by your customer, your management, your head office, regulatory bodies, etc. Your business or quality planning process must establish these time periods and include the communication of objectives and timelines to those responsible for achieving them. Quality objectives may be documented in any or all of these documents such as quality manual, QMS processes, procedures, quality plans, etc. The establishment of quality objectives should be part of the business planning or QMS planning processes. A review of the quality objectives should be part of your management review process. After the review, the Quality objectives may be updated as appropriate.  As document information, your documented statement of objectives must be controlled by 7.5.3 control of documented Information. You must be careful not to overwhelm your organization with too many objectives as this may cause more frustration than positive results. Start with objectives that focus on meeting customer requirements and then slowly develop meaningful objectives for key processes and risk-prone processes, as initial targets are achieved.

6.3 Planning of Changes

Where the organization determines the need for change to the quality management system (from 4.4 g) the change must be carried out in a planned and systematic manner. The organization must consider the purpose of the change and any of its potential consequences; integrity of the quality management system; availability of resources; allocation or reallocation of responsibilities and authorities.

The continuity and effectiveness of your QMS must be substantially maintained in the event of significant changes in your QMS or organization, e.g. management, ownership, relocation, technology, product, the shift in customer base, etc. Changes must be carefully planned so as not to disrupt your organizations’ ongoing capability and responsibility to effectively meet customer and regulatory requirements. In such instances, change control would require:

• careful planning of nature and timeline for the changes;
• determining the impact or outcome of such changes;
• ensuring adequate resources are available to implement the change;
• top management authorization
• change deployment and follow-up
• review of the QMS by top management after changes are affected.

The ISO 9001:2015 requirements provide a strong basis for a management system for business that supports the strategic direction of the organization. Once the organization has identified its context and interested parties and then identified the processes that support this linkage. Once processes are determined, an organization will need to identify the risks and opportunities associated with these processes. To achieve the benefits associated with the determination of risks and opportunities, changes may be needed. These changes can be related to any element of the process, such as inputs, resources, persons, activities, controls, measurements, outputs, etc. Changes are intended to be beneficial to the organization and need to be carried out as determined by the organization. In addition, consideration of newly introduced risks and opportunities needs to be taken into account. There may be changes in QMS due to  Customer feedback, Customer complaint,  Product failure,  Employee feedback, Innovation,  Determined risk,  Determined opportunity,  Internal audit results, Management review results, Identified nonconformity.

The changes may occur in for example Processes, Documented information, Tooling, Equipment, employee training, supplier selection, supplier management, and others. To achieve the benefits associated with changes, the organization should consider all types of changes that may need to occur. The successful management and control of these changes have become a core requirement within the organization’s QMS. Some changes need to be carefully managed while others can be safely ignored. In order to sort through this, the organization should consider a method to prioritize. To determine the priority, the organization should consider a methodology that allows them to take into account:

• Consequences of the change
• Likelihood of the consequence
• Impact on customers
• Impact on interested parties
• Impact on quality objectives
• Effectiveness of processes that are part of the QMS

Steps to implement changes

• Define the specifics of what is to be changed
• Have a plan (tasks, timeline, responsibilities, authorities, budget, resources, needed information, others)
• Engage other people as appropriate in the change process
• Develop a communication plan (appropriate people within the organization, customers, suppliers, interested parties, etc. may need to be informed)
• Use a cross-functional team review the plan to provide feedback related to the plan and associated risks
• Train people
• Measure the effectiveness

Prior to making a change, the organization should consider unintended consequences. After making a change the organization should monitor the change to determine its effectiveness and to identify any additional problems that might be created. Records of some changes may be needed as part of the Quality Management System

Example of change Management procedure

ISO 9001:2015 Clause 5 Leadership

Definition

As per ISO Leadership is defined as ” Leadership is the person or group of people who directs and controls an organization at the highest level. The top management has the power to delegate authority and provide resources within the organization. If the scope of the management system covers only part of an organization, then top management refers to those who direct and control that part of the organization.” Leadership is the ability to motivate groups of people towards a common goal. It is an important skill in today’s business world. Without strong leadership, many otherwise good businesses fail.

Difference between Management and leadership:

Management is mostly about processes. Leadership is mostly about behavior. Management relies heavily on tangible measurable capabilities such as effective planning; the use of organizational systems; and the use of appropriate communications methods. Leadership instead relies most strongly on less tangible and less measurable things like trust, inspiration, attitude, decision-making, and personal character. These are all necessary to motivate an organization to achieve its management systems objectives.

Introduction:

The “Leadership” clause has three sub-clauses ie
Clause 5.1  Leadership and Commitment
Clause 5.2 Policy
Clause 5.3 Organizational roles, responsibilities, and authorities.

The ISO 9001:2015 places particular emphasis on leadership, not just management as set out in previous standards. This means top management now has greater accountability and involvement in the organization’s management system. They need to integrate the requirements of the management system into the organization’s core business process, ensure the management system achieves its intended outcomes, and allocate the necessary resources. Top management is also responsible for communicating the importance of the management system and heighten employee awareness and involvement. At first glance, clause 5 appears to be just a reiteration of what’s gone before –policy, organizational roles, responsibilities, and authorities, etc. However, there is an emphasis on leadership, not just management. On further examination there is more here; top management now has to have greater involvement in the management system. They have to make sure that the requirements of the management system are integrated into the organization’s business processes – the management system is not just a bolt-on. The ‘business’ is whatever activities are at the heart of the organization’s reason for existing. In addition, they have to demonstrate their commitment by making sure that the management system achieves its intended outcome(s) and has adequate resources. Additionally, they have to inform everyone that the management system is important and that everyone should participate in its effective implementation. The involvement of top management in the management system is now explicit and hands-on. The quality policy has also been strengthened. It has to include commitments to satisfy applicable requirements and continually improve the management system. As well as being communicated internally it has to be made available to interested parties.

Clause 5.1 Leadership and commitment

5.1.1 General

The top management has to demonstrate their leadership and commitment to the quality management system. This can be done by taking accountability for the effectiveness of the organization’s quality management system. Top management needs to ensure that the organization’s quality policy and quality objectives are established for the QMS and are compatible with the organization’s overall strategic direction and also with the Organization’s context. Top management shall also ensure that the requirements of the quality management system are an integral part of the organization’s business practices and they should promote the use of risk-based thinking and the use of process approaches throughout their organization. Top management must ensure that the required resources needed for the effective implementation of QMS are available. Top Management must ensure that the importance of effective Quality management is communicated throughout the organization as well as conforming to the QMS requirements. The Top Management must be ensuring that the quality management system achieves its intended outcomes outputs, by engaging, directing, and supporting persons to contribute to the effectiveness of the quality management system and promoting improvement. The Top Management should be supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility. The meaning of “Business” means those activities that are core to the purposes of the organization’s existence, irrespective of the fact whether the organization is for-profit, Not for profit, public or private.

It is the responsibility of top management to provide leadership and direction for quality management within the organization. They must establish strategic quality management policies, directives, and objectives consistent with the purpose and capabilities of the organization. The quality policies and quality objectives are to be established for the quality management systems that are compatible with the strategic direction of the organization. The organization should have clarity in its mission and vision. and policies are to be developed in line with the mission. The objectives are to be in line with the vision of the company. The strategies are to be developed and modified from time to time depending on the situation by keeping the target of achieving the vision. The organization needs to specify the strategies for the year and give yearly targets. This work is to be done by the top management and not to be assigned to people down the line or to an outside consultant. They can take help, but not give up responsibility. They must establish the organizational structure and internal environment that motivates personnel to achieve the organization’s quality management goals and objectives.

Ensuring the integration of the quality management system requirements into the organization’s business processes is the prime responsibility of the top management. If the top management is not committed and taking ad hoc decisions. shortcuts. and unethical means of achieving their interests. the system cannot be implemented effectively. The organization can somehow get certified by the auditors. but cannot achieve stakeholder satisfaction and shall fail in the long run.

Promoting the awareness of the process approach is technical work and the help of an expert is needed to guide the people, including the top management to implement it. However, the responsibility lies with the top management. They need to strive, appoint an expert. get themselves educated, bring the concepts in their routine work, and then insist others to follow. Ensuring that the quality management system achieves its intended outcomes /outputs requires the clear identification of key result areas for achieving the objectives. preparing the action plans, working as per that plan, reviewing the action and results, and taking suitable corrective and preventive actions. The top management is the driving force to educate, guide. coach, remove the obstacles. encourage. review, recognize the performers. modify the goals, and to be a role model in implementing the systems. If the top management is not committed and does not work as per the system, it cannot expect the same to be implemented by others. Hence, engaging, directing, and supporting persons to contribute to the effectiveness of the quality management system become its prime responsibility.

Promoting improvement is the need for a competitive environment, where the customers are dictating the terms and their expectations are changing very fast. This situation is arrived at when there is more production than what the customer needs, and materials remain unsold. Although reducing the production is the logical solution, it is not implemented by the organizations as others try to increase the production and enter in their areas. In the earlier system, when governments were controlling the total production by allocating limits. the industry could make huge profits. but the countries which were not having the initiative for innovation and continual improvements did not develop. So it is the responsibility of the top management to push the organization to innovative approaches not only for developing new products, reducing wastes, improving efficiency, reducing the cost of operations. identifying the unwanted process. and eliminating them but also for improving the aesthetic values of their products and improving their services to the customer and society. Improving the quality of staff is also very important if an organization has to improve. The leadership was taken by the top management in enhancing knowledge. skills and ability of staff are very important for an organization not only to improve but also to survive as others are improving.

They must provide adequate resources to develop, implement, maintain and improve the QMS. They must periodically review QMS performance to determine its suitability, adequacy, and effectiveness. Auditors are expected to review documents and records showing the top management’s role in planning and implementing the processes that apply clause 5 requirements. The processes within your organization that perform these activities must be identified. These processes would typically include – business planning, quality planning, management review, internal communication, organization structure, etc.  Top management would be the process owner of all these processes. Top management must communicate regularly to the organization on the importance of meeting customer and regulatory requirements. The communication process should define what needs to be communicated, to whom, the methods used, the frequency, and the means for determining communication effectiveness. Top management may communicate in any number of ways including meetings, documented policies, memos, directives, email, etc. Effectiveness may be measured by asking – how much of the planned activities did we get done? Or to what extent did we achieve planned results? Clause 5.1 does not require a ‘documented Information’. However, you must identify and document for e.g. process map, process flow diagram, etc. the processes for business planning; quality planning; management review; internal communication; organization structure; etc. as part of your QMS. You must also identify what specific documents are needed for effective planning, operation, and control of these processes. These documents may include a  procedure, business plan, statement of policies and objectives, etc. Look at the risks related to your business, products, processes, and resources in determining the nature and extent of documented controls you need to have for this clause.  Where some of clause 5 activities are performed off-site (e.g. at head-office), your QMS must identify the off-site processes within your QMS and ensure that such processes comply with ISO 9001 requirements.   The expectation is to flow down to the off-site facility, the relevant ISO 9001 requirements that you would have to implement, had you carried out the process at your own facility.

5.1.2 Customer focus

Top management is required to take the lead on demonstrating leadership and commitment to customer focus by ensuring that all applicable statutory, regulatory and customer requirements are determined, well understood by the organization, and are consistently met.  The organization has to determine all the risks and opportunities that can affect the conformity of the product and services or have the ability to affect the enhancement of customer requirements. The associated risk and opportunities must be adequately addressed. At all times the focus of enhancing customer satisfaction should be maintained. 

Organizations depend on their customers. So it is important that customer relationships be effectively managed. Accordingly, you must understand the current and future needs of customers; you must meet their requirements and strive to exceed their expectations.

Customer satisfaction is the aim especially for the people working in a business organization. They strive to achieve the same. but in a number of cases, they fail because of some problems. They are risks in achieving customer satisfaction. The top management needs to facilitate people in identifying those risks in advance and help them to devise alternative solutions to meet customer expectations.  To ensure this you must understand your customer’s specific needs and requirements in terms of products, price, delivery communication, service, and support. You must have an effective communication process between your customer and your organization, for discussion, review, timing, action, and responsibility on the above issues. You must have an effective process for communication and review of the above requirements to relevant personnel or departments within your own organization. It is the top management’s role to provide the leadership and commitment of time and resources to ensure this happens. Auditors will look for evidence of this. Clause  8.2.1 will get in the details of Customer communication and Clause 8.2.2 gets further into the details of understanding and processing customer requirements. Clause 9.1.2 sets requirements for monitoring and measuring customer satisfaction. Clause 5.1.2 provides the top management’s overall responsibility for customer relationship management, while clause 8.2.1 & 8.2.2 provides the front end and clause 9.1.2 provides the back-end, of the underlying and detailed activities of customer relationship management. The requirements of clause 5.1.2 – customer focus can be included in the following processes – business planning; communications; sales and marketing; and customer satisfaction feedback; etc. You must also identify what specific documents may be needed for effective planning, operation, and control of these processes. Examples of such documents may include a business plan, statement of customer-related policies and objectives, etc

The success of a business organization lies in effectively meeting customer requirements. Hence. it is the responsibility of the top management to ensure that customer requirement is understood clearly by all in the organization who are involved in providing the products and services to the customer. Goods and services provided should not be violating any of the legal and regulatory requirements including the safety norms. For example, if any material is being exported to the USA. complying with Customs-Trade Partnership Against Terrorism (C-TPAT) becomes mandatory. where one has control over the packing area ensuring that only specified people are involved in packing, their backgrounds are thoroughly verified, the parking area is under the vigilance of CCTV cameras, and all precautions are taken to meet the statutory requirements.

5.2 Policy

5.2.1 Establishing the Quality Policy

Top management is required to establish, implement and maintain a quality policy that is in line with the purpose and context of the organization while at the same time supporting its strategic direction. It should provide a framework for the organization’s quality objectives and must include a commitment to satisfy applicable requirements and must be the basis on which the continual improvements in the quality management system can be achieved.

5.2.2 Communicating the Quality Policy

The Quality Policy should be applied within the organization by ensuring that it communicated and understood within the organization. The Quality Policy should be maintained as documented information and as appropriate should be made available to relevant Interested parties.

Developing a QMS must be a strategic business decision and therefore top management must provide the necessary direction and leadership, starting with establishing the quality policy and objectives. Your quality policy provides top management’s vision on quality management for the organization. It provides the organization with focused direction, i.e. high-level goals and objectives for quality management. Your quality policy must be consistent with the scope of your QMS and other business, management, and organizational strategies within the organization. Clause 5.2.2 a requires that you document your quality policy and clause 5.1.1c requires that you specify your commitment to ‘satisfy applicable requirements and clause 5.2.1 d ‘continually improve the effectiveness of your QMS’. Clause 4.3 specifies requirements for the scope of your QMS. The wording of the quality policy should preferably specify what requirements are being complied with by the customer, regulatory, ISO 9001, etc. It must also clearly state your commitment to continually improve the effectiveness of the QMS. it may also include other complementary and important policies for business growth, product or manufacturing technology, workforce competence, business flexibility, etc. What you state in your quality policy must lead to establishing quality objectives, e.g. if you state in your quality policy that you will “meet customer requirements”, then from this, you might derive customer-focused objectives for – product defects; customer complaints, and returns; on-time delivery, etc. Similarly, for the phrase -“meet ISO 9001 requirements”; from this, you might derive process objectives for effectively using ISO 9001 requirements to manage, control, and improve all of your QMS processes. Check out the process performance indicators. Stating that you will continually improve the effectiveness of your QMS  in your quality policy – can lead to a number of objectives, as your QMS is composed of many processes and you could have one or more objectives for each process. Therefore, each statement in your quality policy may result in one or more quality objectives. These quality objectives do not need to be stated in your quality policy, but top management must clearly be involved in providing direction, establishing and reviewing these objectives. Leadership needs to establish, review and maintain a policy, but also needs to ensure that it is applied within the organization. As and when required your policy should be made available to the relevant interested parties.  Your internal communication process should cover how the quality policy is communicated throughout the organization. There are many ways of doing this. Personnel must understand the importance and impact of the quality policy on the work they do.  The quality policy is not written in stone. It must be reviewed periodically by top management, for significant changes in your organization, e.g. management, ownership, relocation, product, the shift in customer base, etc. Such changes may result in changes to the quality policy. The establishment of the quality policy should be part of the business planning or QMS planning processes. A review of the quality policy for continuing suitability should be part of your management review process. As a quality document, the quality policy is also controlled by 7.5.3 control of documented Information.

Samples of Quality Policy:

1.Zenith Software Limited, Bangalore. Quality Policy:

We practice continual Improvement to achieve customer delight by providing Customer-Centric, Cost-effective, Timely and Qualitative software solutions.

2. Spectra-Physics Scanning Systems – Quality Policy

We the employees of Spectra-Physics Scanning Systems make the personal commitment to first understand our customer’s expectations then, to meet or exceed our commitment to those expectations by performing the correct tasks defect-free, on time, every time.

3. Divine tooling’s Quality Policy:

Divine toolings are committed to understand, meet & where possible exceed our customer requirements through continual improvement of our process. We dedicate ourselves to deliver high-quality products on time and at the most competitive price.

4. Richardson Electronics Ltd. – Quality Policy

It is the policy of Richardson Electronics Ltd. (REL) to:
1. Provide products and services of the highest possible standards, to satisfy our customer needs, expectations of quality, safety, reliability, and service.
2. Accomplish quality objectives by establishing, implementing and maintaining a documented effective Quality Assurance System which complies with the requirements of ISO 9001:2015.

5. AlliedSignal Aerospace Equipment Systems – Quality Policy

“We will become a Total Quality Company by continuously improving all our work processes to satisfy our internal and external customers.”
Scope Statement:
DESIGN, MANUFACTURE, REPAIR, AND OVERHAUL OF AIRCRAFT STARTERS, CONTROL, AND ACTUATION SYSTEMS, MARINE SYSTEMS, AND SPACE SYSTEMS.

6. CEB QUALITY POLICY STATEMENT

CEB is committed to providing the highest quality voice/data communications repair and refurbishment services to our customers by:

• Consistently meeting or exceeding our customer’s expectations for product quality and performance;
• Timely delivery of products and services to meet our customer’s requirements;
• Continuous improvement of our processes, and systems;
• Ensuring our personnel is properly trained so they are better able to serve our customers.

7. Phelps Dodge Copper Products & Refining Corporation-Quality Policy

QUALITY PLEDGE
We are committed to being very aggressive in our attitude towards quality and customer service, primarily since we want to be ranked as the “best” in our business. Quality is not just another goal, it is our basic strategy for survival and future growth.
PRIORITY
Our customers demand and warrant a high-quality product—it is our responsibility to give them what they want If we don’t, they’ll find someone who can. If customer requirements are unclear, then it is our job to seek out a better understanding of their requirements/specifications. If we fail at any time, then we must determine what went wrong and assure that it doesn’t happen again.
OBJECTIVES
Our quality objectives are to furnish high-quality products, on time, and at the lowest cost. The attainment of such objectives will lead to, customer satisfaction, enhanced copper performance at the application level, and ongoing improvements in process efficiency. Once an objective is achieved, it should be recognized and reset to stimulate further quality improvement. To reach our objectives, we will have to maintain a constant focus on quality with full dedication, commitment, and teamwork.
VISION
Our journey is Total Quality Management–fully satisfying our customer’s requirements through a process of continuous improvement. It’s critical to understand that Total Quality Management is not a short-term program. It’s a long-term commitment aimed at continuously improving the way we work, providing a safe work environment, managing our business processes, and supplier selection/retention. It is our goal to posture our company for market expansion, thereby providing improved job security and quality of life for all.

8. QUALITY FIRST- Quality Policy

It must be clearly understood that we’ll not allow quality to take second place behind cost or schedule. All employees have the right to question their supervisor’s decisions or actions if they feel that quality is being compromised.

9. Autodesk Operations – Quality Policy

Manufacture and deliver quality products efficiently, in a professional and flexible environment, on time and at the right cost to our customers, while driving to become a world-class organization.

10. Argo-Tech Corporation – Quality Policy

To meet or exceed all the requirements agreed to with our customers.

11.C. B. Kaupp & Sons, Inc. – Quality Policy

C. B. Kaupp & Sons, Inc. strives to conduct its business with a total commitment to our customers and their requirements. We define quality as conformance to our Customer’ needs, both internal and external; and conformance to all quality requirements.
In order to achieve this goal, we need the cooperation and effort of the entire C. B. Kaupp & Sons, Inc. workforce. We must function as a team in our efforts to give the customer what they want every time. In an effort to promote Team Work we went to the employees and asked them to help write our company policy. The policy below was written by C. B. Kaupp & Sons, Inc. employees on March 1, 1994. At C. B. Kaupp and Sons, Inc. we are dedicated to achieving the highest degree of Customer (internal and external) satisfaction.  We will achieve this by:

1. Knowing who our Customers are and what they want – through open communication.
2. Understanding the requirements of our jobs and the systems that support us through training and education.
3. Making continuous improvement a part of every day and every job – through the use of team participation and measurements.
4. Ensuring that our Policy and Procedure Manuals reflect what we actually do.
5.  Remembering that we are here because of our Customers! Realizing our customers are the reason we have our jobs, and that through on-time delivery of quality parts at a fair market price is how we will keep them!
6. Helping each other to help ourselves!
7. Understanding how our jobs fit into the overall flow of work at C. B. Kaupp & Sons, Inc.!

C – Continuous Improvement through
A –  Alignment of our Missions and Goals
R – Responsibility and Respect for our job and each other
E – Educating one another

12. Lansdale Warehouse Co., Inc. – Quality Policy

The Lansdale Warehouse Company is a provider of premier warehousing and distribution services to a significant variety of customer needs. We provide a safe and secure environment for customers’ goods at a reasonable cost. Our dedication to excellence is our prime mission. We provide an atmosphere of quality management to our employees that engender an entrepreneurial attitude on their part that ultimately translates into 100% customer satisfaction through a “Zero Defectives” process. We have adopted attitudes towards continuous improvement that will ensure dependable customer service well into the future. Employee participation and honest communication, combined with a clearly defined understanding of our customer’s needs, are the tools that assure success for our process.

13. Connelly Containers, Inc. – Quality Policy

Connelly Containers, Inc. is a global provider of corrugated products with a strong emphasis on the heavy test, multiwall, corrugated board. We are committed to satisfying customer needs by:

• A complete understanding of the requirements.
• Designing according to these requirements.
• Meeting or exceeding the requirements during the production cycle
• Controlling processes with tools and techniques that allow Connelly Containers, Inc. and its suppliers to improve the system and achieve sustainable growth.

We are committed to the preservation of natural resources as an obligation to society and will promote recycling and the use of recycled materials with ourselves, our suppliers, and our customers. The quality management system is to be used by all Connelly Containers, Inc. employees to raise standards, reduce waste, and to make Connelly Containers, Inc. a better place to work. Quality at Connelly containers will continue always to be a consideration in all our internal and external business activities.

14. HK Metalcraft – Quality Policy

The Quality Policy of HK Metalcraft supports our Mission Statement:
Promote a quality-in-all-we-do philosophy with a total company effort and commitment to continuous improvement.
HK Metalcraft is committed to QUALITY, ON-TIME DELIVERY, and COST-EFFECTIVENESS, and will:
1) Provide products and services which meet or exceed customer needs and
expectations:

• Manufacture products which meet customer specifications.
• Strive to meet customer’s target values.
• Monitor customer satisfaction.

2)  Deliver on-time.

• Ship on the date required by the customer.
• Monitor on-time delivery performance.

3) Reduce all costs to the lowest possible level.

• Establish Cost Reduction Programs.
• Monitor the Cost of Quality

To meet our commitment, we must:

• Foster a team approach to defect prevention and problem-solving.
• Emphasize appropriate training for all employees.
• Recognize each employee’s responsibility for quality.
• Empower employees to question processes which appear to produce
  discrepancies.
• Treat fellow employees as both customers and suppliers.
• Acknowledge employee’s self-improvements and contributions to the company.
• Maintain the Quality Department as a partner with Purchasing.
• Exchange expertise with suppliers.
• Use only Selected, Approved, Preferred or Certified suppliers.
• Receive raw materials and outside processed parts only when accompanied by appropriate certifications and inspection documentation.
• Accept only conforming products and services from suppliers.
• Elicit written corrective actions from suppliers.
• Keep the Quality Department independent of, but a partner with, Manufacturing.
• Reduce waste and inefficiency wherever found.
• Seek out technologies for assuring error-free work.
• Continue to implement statistical approaches to reduce variation.
• Draw on customer’s expertise in various areas.
• Strive for a complete understanding of our customers’ application requirements.
• Provide customers with written corrective actions.
• Earn customer recognition of our quality progress.
• Develop and achieve Quality Improvement Goals.
• Practice good housekeeping.
• Never compromise safety.
• Review and renew this Quality Policy on a regular basis

 5.3 Organizational Roles, Responsibilities, and Authorities

Top management must ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization. Top Management must assign the responsibility and authority to ensure that the system conforms to the requirements of ISO 9001 and that the processes are delivering their intended outputs; Top Management must assign the responsibility and authority for the report on the performance of the system, on opportunities for improvement, and on the need for change or innovation, and especially for reporting to top management; Top Management must assign the responsibility and authority to ensure the promotion of customer focus throughout the organization and ensure that integrity of the system is maintained when changes to the system are planned and implemented.

Top management must establish the organization necessary to deploy the QMS. It must define the structure, hierarchy, and lines of reporting. Additionally,  it must ensure that the duties, responsibilities, and authority of all personnel are defined and communicated. All personnel must be clear on their duties, responsibilities, and authority in meeting customer and regulatory requirements. Organization charts, job descriptions, standard operating procedures, work instructions, etc, are some of the many ways that top management may use to define and document this. These must be communicated and deployed, as applicable, throughout the organization. Orientation training, appointment postings, training on procedures and work instructions, etc, are some of the many ways in accomplishing this. The organization structure and lines of reporting; responsibility and authority of managerial functions and departments may be established by top management and the responsibilities and authorities for the rest of the organization may be established by the HR function working with various process owners. Again, this would depend on the size, complexity, and culture of the organization. The effective planning, operation, and control of internal communication processes may be demonstrated through the performance indicators. Some of the roles (responsibilities and authorities including) which the Top management needs to identify but not limited to are:

1. Understanding the company mission, vision, policies, and objectives carefully, and communicating the same in simple language down the line. The role should ensure that people have understood the same and will be able to demonstrate it in their routine activities.
2. Helping Head of the Departments (HODs) in deriving the departmental objectives. policies and goals. considering the company objectives and policies. The concerned HOD is responsible for writing the policy and goals for his/her department and sections.
3. Liasoning with standard bodies and getting the latest applicable national and international standards required for implementing and maintaining ISO 9000 series of standards.
4. Explaining the concepts of ISO 9000 throughout the organization. The help of expert professionals can be obtained in giving training.
5. Communicating the importance of meeting customer as well as regulatory requirements during the training program or on any other occasion found suitable for this purpose. Liasoning with marketing. quality, and production people in understanding the real concerns and requirements of customers and ensure that they are communicated down.
6.  Proactively discussing with the people and ensuring that all have understood the real essence of the quality policy, quality objectives and goals, their role in achieving the goals and in complying with the statutory, legal and regulatory requirements.
7. Identifying the processes required for implementing quality management systems that can help to achieve company goals is a very important step in the implementation of the quality management system.
8. There should be a role for helping the HODs in identifying the controls in processes identified and documented. This should be done by considering the company objectives, goals, requirements of quality management systems. and legal and regulatory requirements
9. Getting the documents, viz., work procedures, work instructions, job descriptions, process parameters, and specifications, etc.. prepared by the concerned personnel and bringing them under control
10. Over a period of time, we see a number of formats are developed in an organization, and some of them may be a duplication of work. Scrutinizing all the formats used in the organization and standardizing them is a very important activity. There must be a role to collect all the forms, list them, index them. discuss them with the concerned people. modify them to reduce the number of forms. and make them more effective and user-friendly.
11.  Maintaining the master list of all documents, records, and forms. and the distribution charts is one of the prime responsibilities of the MR.
12. Interpreting customer requirements and communicating down the line are important activities in any organization.
13. As technology advances and the company adopt new technology and systems, there is a need to amend the procedures and the documents. Making arrangements for adequacy adequate audits in the case of any changes in the system. process. or people.
14. Preparing the procedures. instructions. and manuals and documenting them are not the end of implementation. Everyone needs to read, understand. and implement them in their routine works. Training people to adapt to the systems.
15. We need a team of internal quality auditors to periodically audit the systems throughout the organization. Identifying the potential internal quality auditors and arranging their training programs.
16.  Developing procedures for internal quality audits and training the users for the implementation.
17. Internal audits need to be planned in advance and communicated to the users for the effective implementation of the systems.  Planning internal quality audits and making arrangements for the audits.
18.  Liasoning with the certifying body and top management and getting audits done.
19.  Following up for the closing of non-conformities in time.
20.  Following up with the certifying body in getting the certificate.
21.  Maintaining records for internal quality audits. management review. external audits, auditor’s attendance, and performance, auditor‘s training, trends in performance, follow-up for the actions decided in the management review and the correspondences relating to the implementation of quality management systems.
22. Reporting the progress in the implementation in the quality management systems to the top management from time to time.
23. Getting information proactively on the changes coming in the quality management systems and alarming the people in the organization in time.
24. ensuring the integrity of the management system is maintained when changes are planned and implemented.

Some of the above tasks may be delegated, but it is the management’s responsibility to ensure they are planned, implemented, and achieved.  The implementation and adherence to systems is the responsibility of the top management. Unless the top management drives and follows up, the system cannot be implemented effectively. The above task may be given to one person or to a group of persons depending on the size of the organization.

Definition

As per  ISO 9000, the definition of Context of the Organization is “business environment“, a “combination of internal and external factors and conditions that can have an effect on an organization’s approach to its products, services and investments and interested Parties“. The note states that this concept of Context of Organization is equally applicable to Not-for-profit organizations, public service organizations,s, and governmental organizations. Also in normal language, this concept is also known as the business environment, organizational environment, or ecosystem of an organization.

Introduction

The implementation of QMS  should be the strategic decision of the organization and is influenced by the context of the organization and the changes in that context. The changes in the context can be with respect to its specific objectives, the risks associated with its context and objectives, the needs and expectations of its customers and other relevant interested parties, the products and services it provides, the complexity of processes it employs, and their interactions, the competence of persons within or working on behalf of the organization and its size and organizational structure. The context of an organization will include internal factors such as organizational culture and external factors such as the socio-economic conditions under which it operates. The scope of ISO DIS 9001:2015 states that an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements and aims to enhance customer satisfaction.

Any interested party which is not relevant to the quality management system need not be considered and similarly, any requirement of the interested party not relevant to the quality management system need not be considered. Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. The organization can decide to determine additional needs and expectations that will meet its quality objectives. However, it is at the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this  Standard.

Clause 4 Context of the organization 

These clauses require the organization to determine the issues and requirements that can impact the planning of the quality management system. Interested parties cannot go beyond the scope of ISO 9001. There is no requirement to go beyond interested parties that are relevant to the quality management system. Consider the impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. Organizations can go beyond the minimum requirements to determine additional needs and expectations for interested parties that would not be “relevant” at the discretion of the organization and should be clear in the quality management system. The “Context of Organization” clause has four sub-clauses ie

• Clause 4.1 Understanding the Organization and its context
• Clause 4.2 Understanding the needs and expectations of interested parties
• Clause 4.3 Determining the scope of the quality management  system
• Clause 4.4 Quality management system and its processes

Clause 4.1 Understanding the Organization and its context

The organization should determine external and internal issues for the organization relevant to its purpose, strategic planning and which affect the organization’s ability to achieve its objectives. The Organization should monitor and review the information about external and internal issues. The organization must consider issues related to values, cultural knowledge, and performance of the organization for the understanding of internal issues. The organization must consider issues related to arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local for the understanding of the external context. For considering internal context as well as external factors both positive as well as negative factors must be considered.

Amd 1:2024

The organization must determine whether climate change is a relevant issue.

An organization’s context involves its “operating environment.” The context must be determined both within the organization and external to the organization. It is important to understand the unique context of an organization before starting strategic planning. To establish the context means to define the external and internal factors that the organizations must consider when they manage risks. An organization’s external context includes its outside stakeholders, its local operating environment, as well as any external factors that influence the selection of its objectives (goals and targets) or its ability to meet its goals. An organization’s internal context includes its interested parties, its approach to governance, its contractual relationships with its customers, and its capabilities and culture. An organization’s internal context is the internal environment within which the organization seeks to achieve its sustainability goals. The internal context may include,

• Product and service offerings
• Governance, organizational structure, roles, and accountability
• Regulatory requirements
• Policies and goals, and the strategies that are in place to achieve them,
• Assets (e.g., facilities, property, equipment and technology)
• Capabilities understood in terms of resources and knowledge (e.g., capital, time, people, processes, systems, and technologies)
• Information systems, information flows, and decision-making processes (both formal and informal)
• Relationships of the staff/volunteers/members and the perceptions and values of their internal stakeholders including suppliers and partners
• Organization’s culture
• Standards, guidelines, and models adopted by the organization and
• Form and extent of the organization’s contractual relationships.

Internal context can also be defined as anything within the organization that may influence the way in which the organization manages its internal risks. Once the internal context is understood, one can conduct the macro-environmental external analysis using “PEST” (political, economic, social, and technological) analysis. This analysis determines which factors are can influence how the organization operates. The organization cannot control these factors, but it must seek to adapt to them. The PEST factors can be classified as opportunities and threats in a SWOT (strengths, weaknesses, opportunities, and threats) analysis. Alternatively, some organizations might use Porter’s “Five Forces Model.” These methods are used to review a strategy position or direction of an organization. Completing a pest analysis is simple and helps the individuals involved in the organization to understand and find ways to deal with the context.

Political Factors	Economic Factors
Ecological/Environmental Issues	National economies and trends
Current legislation	General taxation issues
Anticipated future legislation	Taxation to activities, products, services
International legislation (global influences)	Seasonality or other weather issues
Regulatory bodies and processes	Market and trade cycles
Government policies, terms, and change	Specific sector factors
Funding, grants, and initiatives	Customer/end-user drivers
Market lobbying groups	Interest and exchange rates
Wars and conflicts	International trade and monetary issues
Social Factors	Technology Factors
Lifestyle trends	Competing technology development
Demographics	Associated/Dependent technologies
Consumer attitudes and opinions	Replacement technology/Solutions
Media views	Maturity of Technology
Law changes affecting social behaviours	Information and communications
Image of the organization	Consumer buying mechanisms
Consumer buying patterns	Technology legislation
Fashion and role models	Innovation potential
Major events and influences	Technology access, licensing, patents
Buying access and trends	Intellectual property issues
Ethnic/Religious factors	Global communication
Advertising and publicity	Social media use
Ethical issues	Maturity of the organization’s products/ services

Example of PEST Analysis

Example Porter’s “Five Forces Model.”

Although organizations cannot control the macro-environment factors they need to manage them to their advantage. They also need to protect themselves from PEST factors that may increase operational costs or affect their reputation. The external context’s micro-environment consists of the organization’s immediate operations and how they affect its performance and decision-making. These factors have a direct impact on the success of the organization. It is important to have a full analysis of the micro-environment before moving to strategy development. Here are some of the micro-environmental context factors.

• Customers: Organizations must attract and retain customers by offering products and services that meet their needs along with providing excellent customer service
• Employees: There must be the availability of people with the motivation to remain as contributing members of the organization and develop the skills necessary to provide a competitive edge
• Suppliers: Suppliers provide organizations with the resources they need to carry out their activities. If a supplier provides bad service, this affects the way the organization operates. Close supplier relationships are an effective way to remain competitive and secure the resources needed
• Investors: All organizations require investment to grow. They may borrow the money from a bank or have people invest in their work. Relationships with investors need to be managed carefully as problems can detrimentally affect the long-term success of the organization
• Media: Positive media attention can bring success to the organization by maintaining its reputational strength. Managing the media (including the presence in social media) is a challenge.
• Competitors: Members of the organization need to have a sense of belonging. Can the organization offer benefits that are better than those offered by the competitors? Is there a strong value proposition? Competitor analysis and monitoring is crucial if an organization is to maintain or improve its position in the competitive landscape of the community. The organization must always be aware of its competitor’s activities. The landscape can change quickly.

As in the case of the macro-environmental context, the organization cannot always control its micro-environment factors. But they must be carefully managed together and with the internal context understanding. Both internal and external contexts can have influence over the organization.  Customer pressures and complaints can force organizations to change various policies such as product returns and customer and technical support. Technological changes can provide new and more effective ways to handle communications, operations, shipping, and logistics. Cultural and religious differences may hinder product or service entry into certain countries. The government’s regulatory and trade policies can play a significant role in determining how businesses operate, especially in regard to international trade, taxation, and regulations. The media, including social media, can have a huge impact on a company’s image and public relations. A bad news video or news report can go viral pretty fast, and if your organization doesn’t provide an acceptable response, the negative publicity and effects can last a long time. Sociological forces often drive what, where and how consumers buy products and services. There is an increasing trend in the number of consumers purchasing products online and reading reviews before making a purchase. The multinational and multicultural trend in workforce composition can cause significant changes in the hiring and retention of competent human resources. If the response to these situations is unplanned, weak, or untimely, it might have a dramatic impact on the future of the business – loss of customers, serious production interruption or disruption, permanent loss of organizational knowledge, even loss or bankruptcy of the business.  Contextual issues can have a positive impact, as they may present opportunities such as new, improved, or increased availability of previously scarce resources, opening up of or access to new markets, availability of new technologies leading to reduced costs, improved product quality, services, and operational efficiency. Many of these contextual issues can be viewed as variables some changing faster, others slower, depending on whether the organization is fast-paced and leading-edge or in a stable or mature industry. Therefore variability in these issues depicts uncertainty about their future behavior. Such uncertainty can be quite diverse, complex and at times highly unpredictable. This presents a dilemma to organizations in terms of tracking and adapting to changes in these issues. This uncertainty introduces the need for understanding and use of risk evaluation, mitigation, and management. Thus each organizational contextual issue will have its own specific set of uncertainties with different levels of complexity and risk and the need for specific controls to mitigate or eliminate the risk.

Example internal issues could include, but are not limited to:

• Structure of the organization — limited flexibility when dealing with varying demands
• Roles within the organization — Rigid, personnel willing to adapt to demands?
• Availability of reliable qualified and competent workforce — very good (positive)
• Stability of workforce – Wage benchmarking is not consistent with competitors
• Staff retention — very high (positive)
• Impact of unionization – Uncordial
• Staff competency levels– high(positive)
• Contractual arrangements with customer-beneficial
• Payment terms from customers-high credit
• Solvency of customers -etc
• Expansion of customer base-etc
• The overall strength of the business to support funding needs -etc
• Relationship with investors. -etc
• Credit terms available .-etc
• Service level agreements with customers -etc
• The culture within the organization -etc

Example external issues could include, but are not limited to:

• Political, economic, social, technological, legal and regulatory — Laws changing, affecting product conformity, minimum wage changing, evolutions in more efficient machinery affecting the price
• Operating Permits becoming tighter on emission levels — technology demands
• Overall economic performance in the country — above EU norm (positive)
• Competitive environment — overall low-cost of entry into the market
• Economic plans for future -etc
• The nature and impact of the economy on the market -etc
• Customer demographics -etc
• General levels of consumer confidence -etc
• Customer expectation -etc
• Standardization and certification within the industry -etc
• Regulation within the industry generally -etc
• Trade associations and lobbying powers -etc
• Impact on neighbours. -etc

Determining whether climate change is a relevant issue

Determining whether climate change is a relevant issue while identifying external and internal issues relevant to the Quality Management System (QMS) involves systematically evaluating factors that may impact the organization’s ability to achieve its quality objectives. Here’s how an organization can determine the relevance of climate change as an issue during this process:

1. External issues:
   • Market Trends and Regulatory Landscape: Assess how climate change may influence market trends, customer preferences, and regulatory requirements relevant to the organization’s products and services. Consider whether there are emerging regulations related to environmental sustainability, greenhouse gas emissions, energy efficiency, or other climate-related issues.
   • Supply Chain Vulnerability: Evaluate the vulnerability of the organization’s supply chain to climate-related risks, such as disruptions in raw material availability, transportation delays, or changes in supplier reliability. Consider whether climate change impacts on suppliers or transportation routes could affect the organization’s ability to deliver quality products and services.
   • Stakeholder Expectations: Consider the expectations of stakeholders, including customers, suppliers, investors, regulators, and communities, regarding the organization’s response to climate change. Assess whether there is increasing pressure from stakeholders for businesses to address environmental sustainability and climate-related risks.
2. Internal Issues:
   • Operational Impacts: Evaluate how climate change may directly or indirectly affect the organization’s operations, facilities, and resources. Consider whether changes in weather patterns, extreme weather events, or resource constraints (e.g., water scarcity) could impact production processes, quality control measures, or infrastructure resilience.
   • Resource Management: Assess the organization’s resource management practices, including energy usage, waste generation, and water consumption, in the context of climate change. Identify opportunities to improve resource efficiency, reduce greenhouse gas emissions, and enhance environmental sustainability as part of the QMS.
   • Risk Management: Evaluate the organization’s risk management processes to identify and mitigate climate-related risks that could impact product quality, customer satisfaction, or business continuity. Consider whether existing risk assessment methodologies adequately address climate-related hazards and vulnerabilities.
3. Integration with QMS:
   • Alignment with Quality Objectives: Determine whether addressing climate change aligns with the organization’s quality objectives, strategic goals, and commitment to customer satisfaction. Consider whether improvements in environmental sustainability and resilience to climate-related risks can contribute to enhancing overall product and service quality.
   • Documentation and Monitoring: Document the organization’s assessment of climate change as a relevant issue within the context of the QMS. Establish mechanisms for monitoring and measuring performance related to climate-related objectives, targets, and key performance indicators (KPIs) to ensure continuous improvement and compliance with relevant standards.

By systematically evaluating the external and internal factors relevant to the QMS, including climate change considerations, organizations can effectively identify and prioritize issues that may impact their ability to deliver quality products and services while managing associated risks and opportunities.

Clause 4.2 Understanding the needs and expectations of interested parties

The organization shall determine relevant interested parties and relevant requirements of relevant interested parties. Relevant interested parties to be considered are those that could affect or potentially affect the organization’s ability to constantly provide products and services that meet customer and applicable statutory and regulatory requirements. Monitor and review information related to interested parties and relevant requirements.

Amd 1:2024

NOTE Relevant interested parties can have requirements related to climate change.

 Firstly, the organization will need to determine external and internal issues that are relevant to its purpose, i.e. what are the relevant issues, both inside and out, that have an impact on what the organization does, that would affect its ability to achieve the intended outcome(s) of its management system. It should be noted that the term ‘issue’ covers not only problems, which would have been the subject of the preventive action in previous standards, but also important topics for the management system to address, such as any market assurance and governance goals that the organization might set for its management system. Next, the organization has to determine relevant interested parties and relevant requirements of relevant interested parties.

An interested party is a person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity that’s within the scope of the management system. There will be those external interested parties that impose specific legal, regulatory, or contractual requirements in an organization. There may also be requirements specified by internal interested parties, for example, management and staff (permanent and temporary). Typically these would include:

• Shareholders
• Owners
• Management
• Employees
• Trade unions
• Suppliers
• Partners
• Client
• Government agencies
• Media
• Society
• any other person or organization interested in the organization

There is no requirement in this International Standard for the organization to consider interested parties which have been determined by the organization not to be relevant to its quality management system. Similarly, there is no requirement to address a particular requirement of a relevant interested party if the organization considers that the requirement is not relevant. Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. The organization can decide to determine additional needs and expectations that will assist it to meet its quality objectives. However, it is at the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this International Standard.

Interested parties	Requirements
Executive Board	Good  financial performance, legal compliance/ avoidance of fines
Local residents	No complaints relating to noise, parking, health and safety, pollution, waste, employment
Law enforcers/ Regulators	Identification of applicable statutory and regulatory requirements for the products and services provided, understanding of the requirements, the application within the QMS, and update/ maintenance of them
Customers	Value for money, high quality, expectations for design innovation, on time, low-cost, quick response, installation expertise, health and safety/EMS
Bank/Finance	Good financial performance
Employees	Professional development, prompt payment health, and safety, work/ life balance, employment security
Insurers	No claims/prompt payment/risk management
External providers	Prompt payment, health, and safety, work relationship
Trade Unions	Compliance (employment  law)

 Relevant interested parties can have requirements related to climate change.

Relevant interested parties in the context of a Quality Management System (QMS) can indeed have requirements related to climate change. Here are some examples of interested parties whose needs and expectations might involve climate change considerations:

1. Customers: Customers may increasingly prioritize environmentally sustainable products and services. They may expect the organization to demonstrate environmental responsibility by minimizing greenhouse gas emissions, reducing energy consumption, using renewable resources, and implementing eco-friendly practices throughout the product lifecycle. Climate change concerns could influence their purchasing decisions, making it essential for organizations to address these expectations to maintain customer satisfaction.
2. Regulators and Government Agencies: Regulatory bodies may impose requirements related to climate change mitigation, adaptation, and reporting. These requirements could include regulations aimed at reducing greenhouse gas emissions, improving energy efficiency, promoting renewable energy sources, managing waste and emissions, or disclosing environmental performance metrics. Organizations must ensure compliance with relevant regulations and anticipate future regulatory developments related to climate change.
3. Investors and Shareholders: Investors and shareholders may consider climate change risks and opportunities when evaluating the organization’s financial performance and sustainability practices. They may expect transparency and disclosure regarding the organization’s exposure to climate-related risks, its resilience strategies, and its commitment to environmental stewardship. Addressing climate change concerns can enhance investor confidence and support long-term financial sustainability.
4. Suppliers and Business Partners: Suppliers and business partners may be subject to climate-related risks and regulatory requirements that could impact their ability to fulfill contractual obligations. Organizations may need to assess the climate resilience of their supply chain, collaborate with suppliers to mitigate shared risks, and incorporate climate considerations into procurement practices and supplier selection criteria.
5. Employees and Labor Organizations: Employees and labor organizations may have concerns about the organization’s environmental impact, workplace safety, and job security in the context of climate change. They may expect the organization to provide a safe and healthy work environment, support sustainable practices, offer training on climate-related issues, and engage in meaningful dialogue and collaboration on environmental initiatives.
6. Local Communities and Non-Governmental Organizations (NGOs): Local communities and NGOs may advocate for climate action and environmental protection initiatives that affect the organization’s operations and reputation. They may expect the organization to be a responsible corporate citizen, engage in community outreach and partnerships, address environmental concerns, and contribute positively to local sustainability efforts.

In summary, understanding the needs and expectations of interested parties in the context of a QMS requires recognizing the relevance of climate change considerations. Organizations must engage with relevant stakeholders, assess their climate-related requirements, and integrate climate change considerations into their quality objectives, processes, and performance measurement mechanisms to effectively address stakeholder expectations and ensure long-term sustainability.

Clause 4.3 Determining the scope of the quality management  system

The organization must establish the scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1., the requirements of relevant interested parties in 4.2. and the products and services of the organization. Requirements from this International standard that can be applied by the organization shall be applied within the scope of the QMS. Requirements from this International standard that cannot be applied by the organization and which does not affect the organization’s ability or responsibility to provide product and services that meet the conformity of its product and services and enhancement of the customer satisfaction. The organization must make available the scope and must maintain scope as documented information stating the Products and services covered by the QMS and any Justification where a requirement of this International Standard cannot be applied. Relevant interested parties can have requirements related to climate change.

Determining the scope of the Quality Management System (QMS) has been a part of the ISO 9001 requirements for a long time. This scope is a vital part of the QMS, as it defines how far the QMS extends within the company’s operations and details any exclusion from the ISO 9001 requirements and the justification for these. It is through the scope that you define what your Quality Management System covers within your organization. With the release of the new update to the ISO 9001 requirements, ISO 9001:2015, there is some additional clarification on defining the scope of the QMS. These clarifications will help to standardize how companies define the scope of their QMS, even if they choose not to have a quality manual, which is no longer a stated requirement in the standard. Section 4.3 of the standard details the requirements for determining the scope of the Quality Management System. In a note about the QMS, it is stated that the QMS can include the whole organization, specifically identified functions of the organization, specifically identified sections of the organization, or one or more functions across a group of organizations. To start, there are three considerations to be included when determining the scope:

1. External and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
2. Requirements of relevant interested parties
3. The product and service of the organization

In addition, the scope is to include any requirements of the ISO 9001 standard that can be applied, and if a requirement is determined to not apply, the organization will not use this as a reason for not ensuring conformity of product and service. The scope is to state the products and services covered by the QMS, and justification for any instances where the ISO 9001 standard cannot be applied. It is most common that the scope of the QMS covers the entire organization. Some noted exceptions are when your QMS only covers one physical location of a multi-location company, or when your manufacturing or service is distinctly split between industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for automotive and need to have a QMS certified to the ISO/TS 16949 QMS standard for automotive, but you want line 3 to be certified to ISO 9001 since many of the automotive requirements do not apply). So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable if this is relevant. It should be clear enough to identify what your business does, and if not all parts of the business are applicable, it should be easily identified which parts are. Some examples could be:

1. XYZ Manufacturing located in London, England, producing machined components in the aerospace and automotive industry within Europe.
2. XYZ Consultants located in offices in Europe, Asia, and North American provide Information Technology Support to companies in any industry.
3. XYZ Computing provides software development services to companies in the automotive and heavy machinery industries within North and South America.
4. XYZ Industries is a division of XYZ International that operates in Indonesia and provides paper products to the Asian market.

Your scope does not have a size limit and should include enough information to determine what is covered by the processes of the QMS. However, it is important to make it clear what is included and what is not. If it is not clear to you what processes in your company are covered by your QMS, then how will it be clear to an outside auditor or other interested parties? Making your scope statement simple and easy to read can help to focus your QMS efforts and prevent unnecessary questions about activities that you may perform that may not be applicable to your QMS certification.

The scope of ISO 9001 is given in clause 1 Scope and defines the scope of the standard itself. This should not be confused with the scope of the QMS, which is a term commonly used to describe the organization’s processes, products (and /or services), and related sites, departments, divisions, etc., to which the organization applies a formal QMS. (Note, this does not necessarily include all the processes, products, sites, departments, or divisions, etc. of the organization). The scope of the QMS should be based on the nature of the organization’s products and their realization processes, the result of risk assessment, commercial considerations, and contractual, statutory, and regulatory requirements. While ISO 9001 is generic and applies to all organizations (regardless of their type, size, or product category), under certain circumstances, an organization may exclude complying with some specific ISO 9001 requirements, while being permitted to claim conformity to the standard. This is because it has been recognized that not all the requirements in this clause of the standard are relevant to all organizations. ISO 9001 itself makes allowance for such situations. Consequently, the scope of registration/certification encompasses the scope of the QMS, as well as describing any excluded ISO 9001 requirements. As the terms scope of the QMS and scope of registration/certification are often used interchangeably, this can lead to confusion when a customer or end-user is trying to identify what parts of an organization have been registered/certified to ISO 9001, what product lines or processes are covered by the QMS, or what ISO 9001 requirements have been excluded. In order to dissipate such confusion and to enable identification of what has been registered/certified, the scope of registration/certification should clearly define:

1. the scope of the QMS (including details of the product lines and related sites, departments, divisions, etc. that are covered by it).
2. the organization’s main processes for its product realization or service delivery activities (such as design, manufacture, and delivery), for the product lines that are covered,
3. any ISO 9001 requirement that has been excluded
   (It should be noted that the scope of registration/certification is not the same as the certificate that is awarded to the organization after successful demonstration of conformity to ISO 9001. The certificate will usually include a synthesized description of the scope of registration/certification, but not the details of the ISO 9001 requirements that have been excluded; however, it may include a note to refer to the fact that the exclusions are detailed in the organization’s Quality Manual.)

It is essential that a scope of registration/certification be drafted by the organization prior to applying for registration/certification. This should then be analyzed by the CRB during the Stage 1 audit, for appropriate planning of the Stage 2 audit. It is the responsibility of the auditor:

1. to ensure that the final statement of the scope of registration/ certification is not misleading;
2. to verify that this scope only refers to the processes, products, sites, departments, or divisions, etc. of the organization that were assessed during the registration/ certification audit; and
3. to verify that this scope defines any excluded requirements from ISO 9001 and that justification for such exclusions is provided and is reasonable.

As an additional measure to combat potential confusion among customers and end-users, the scope of registration/certification should be clearly defined in the organization’s Quality Manual and any publicly available documents (this includes, for example, promotional and marketing material). However, promotional statements should never be included in the scope of registration/ certification.

An example of how a scope could be derived

Organization’s purpose and strategic direction

Purpose:

“As one of India’s leading Data Communications manufacturers, installers and on-site managed service providers of fiber optic cabling (for Information Technology connectivity): as well as installer and on-site managed service provider of copper cabling and IT cabinets; our reason for ‘being’ is a combination of our vision, mission, and values.“

What is our vision?

“To become the most trusted manufacturer, installer, and service provider of fiber optic/copper cabling (IT cabling) and IT cabinets within India and Europe.“

What is our mission?

“To expand our operations by Consistently  meeting customers’ expectations, and our legal requirements, which includes the  enhancement of customer satisfaction through the effective application of our processes for continual improvement.“

What are our values?

“Sustainable business practices including corporate social responsibility ( social, economic, and environmental), responsible governance, and equal opportunity are all expected values within our organization. These are reinforced through sustainable ethics and workforce integrity throughout all business operations. Co-operation and collaboration are expected norms within the organization’s management, with recognition provided for all through regular appraisals. We encourage and embrace any values which enforce the behaviors that employees cherish.“

Strategic Direction:

“To open two new offices in India, and one new office in Germany, and Spain this year. To implement and gain accredited certification to ISO 9001 and ISO 14001 in these new offices, within a year of the offices opening. To employ a motivated workforce that will embrace the organization’s values, and complement the co-operation and collaboration needed to achieve the effective application of our processes for continual improvement.“

2. Organization’s intended result(s) of its QMS

1. From the Scope of the Standard:

1. To demonstrate its ability to consistently provide products and services that meet customer and applicable regulatory requirements

2. To enhance customer satisfaction through the:

• Effective application of the QMS
• Processes for continual improvement of the QMS
• Assurance of conformity to customer and applicable statutory and regulatory requirements

2. Specific to the organization:

• Reduction in waste, during manufacturing, through reduced rejects, effective corrective action and improvements in process understanding and compliance
• To assist in the creation of an effective knowledge database for the consistent provision of product and service, and for business continuity purposes

External issues

• Contractual arrangements – generally within the sector
• Competitive environment –  overall low cost of entry into the market
• Legislation, e.g. employment  of non-nationals
• Regulation within the industry generally
• Overall competition within the recruitment sector
• The overall economic climate in   the country
• Countries environmental requirements affecting products and service
• Technology advances
• Standardization and  certification within the industry
• Client consideration of bringing expertise in-house
• Client working environment other trades working alongside us,
• Client configuration changes during installation
• Relationships with external interested parties
• Perceptions/values of  external interested parties
• Key drivers and trends
• Workforce culture within the sector and country
• Construction delays
• External inspections/audits
• Competitors cease trading
• Availability of raw materials
• Power cuts in countries
• Availability of external providers – machinery maintenance, etc.

Internal issues

• Structure of the organization
• Roles within the organization
• Availability of reliable, qualified and competent workforce
• Stability of the workforce
• Staff retention
• Staff training levels
• External providers competence and availability
• Availability and quality of candidates to fulfil our vacancies
• The culture within the organization
• Working hours
• Staff morale
• Internal politics
• Governance, Policies, objectives
•  Strategies
• Capabilities
• Resources
• Knowledge
• General competence
• Technologies
• Information systems
• Decision-making processes
• Relationships with interested parties
• Perceptions/values of  interested parties
•  Standards, guidelines, and   models adopted
• Contractual relationships
• Potential conflicts
• Processes for resolving  conflicts
• Social customs
• Management’s abilities
• Priorities
• Database skills
• Root cause analysis abilities
• Improvement tools and abilities to apply
• Ability to motivate the workforce
• Project management expertise – new offices
• Understanding and experience in implementing ISO 9001
• Co-operation of workforce

Interested parties and relevant requirements

INTERESTED PARTIES	REQUIREMENTS
Executive Board	Good  financial performance, legal compliance/ avoidance of fines,  sustainable,  corporate and social responsibility with a suitable governance framework
Local residents	Local employment, a good reputable employer
Law enforcers/ Regulators	Identification of applicable statutory and regulatory requirements for the products and services provided, understanding of the requirements, the application within the QMS, and update/ maintenance of them, Legal compliance, prompt responses to investigations and inquiries
Customers	Value for money, high quality, expectations for design innovation, on time, low-cost, quick response, installation expertise, legal compliance
Bank/Finance	Good financial performance and cash flow
Employees	Professional development, employment security, and good employee working relationships
Insurers	No claims/prompt payment/risk management
External providers	Clear, unambiguous contracts and scope of works, good working relationship
Trade Unions	Compliance (applicable laws) and good working relationships with management

Products and services of the organization

• Fibre optic cable  manufacture – multimode
• Configuring /layout/plans of cable routes within a client building
• Installation of IT cabling   on client site (fiber optic  and copper cabling)
• Installation of IT cabinets  and connect cabling to active IT equipment
• Test connectivity and data performance
• On-site configuration management – moves, and changes
• On-site network incident management
• Provision/management of  on-site IT human resource
• IT client disaster recovery  service and help desk

Determined scope

The production, installation, and on-site managed service of fiber optic cabling (for Information Technology connectivity), and the installation and on-site managed service of copper cabling and IT cabinets, at client sites in India, Germany, and Spain.

Manufacturing sites/Offices:

• India (Manufacturing)
• Germany (Office)
• Spain (Office)

Applicability:

All clause requirements are applicable to the above scope, except for 8.3 (Design and development of products and services). This is because the organization does not design its products and services, but produces fiber cable (and installs IT cabinets, and cabling along routes) according to established/defined standards and industry guidance. Clause 8.3 is therefore not applicable to our Quality Management System.

—————————End of example—————————————

Clause 4.4 Quality management system and its processes

Clause 4.4.1

The organization must establish, implement, maintain and continually improve its quality management system as per the requirement of these standards by determining the process needed and its application throughout the organization. While determining the processes, the organization must determine the inputs required and the outputs expected from these processes, the sequence, and interaction of these processes, The organization must control these processes to ensure its effective operation. The organization must establish the criteria and methods which include monitoring, measurements, and other related performance indicators to ensure the effective operation and control of these processes. The organization must determine and ensure the availability of the resources needed for the effective operation of these processes. The personnel having authority and responsibilities for these processes must be identified. As per clause 6.1, the organization must determine risks and opportunities, analyze them, and must take appropriate action to address them. There must be methods for monitoring, measuring, as appropriate, and evaluating these processes. The organization must make changes in its process if it fails to achieve the intended result. The organization must look for opportunities for improvement for these processes and for the Quality management system as a whole.

Clause 4.4.2

The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned.

The primary focus of clause 4.4.1 requirements is to manage and control all your QMS processes including processes for operations. QMS  includes processes for management(leadership) activities, Planning which includes risk assessment, support processes (such provision of resources, communication, etc), Operation, performance evaluation, and Improvement as part of QMS. Clause 4.4.1 requires the ‘Process Approach’ to be used in defining your QMS. Documentation of QMS processes and the need for and detail of specific process documentation is determined by ISO 9001, customer, regulatory and your own organizational requirements, the complexity of products and processes, effect on quality, the risk of customer dissatisfaction, economic risk, effectiveness and efficiency, the competence of personnel. Clause 4.4.2 requires you to have documents needed to ensure the effective planning, operation, and control for QMS processes.  Based on these factors, you must determine what processes need to be documented and how you will document them. Not all processes need to be documented; your documents must also include a description of the interaction between your QMS processes. A number of different methods can be used to document processes, such as graphical representations, written instructions, checklists, flow charts, visual media, or electronic methods, etc. Process flowcharts or block diagrams can show how policies, objectives, influential factors, job functions,  activities, material, equipment, resources, information, people and decision making interact and/or interrelate in a logical order.  Procedures may be an acceptable way to document processes provided they describe inputs and outputs, appropriate responsibilities, controls, and resources needed to satisfy customer requirements. Regardless of whether or not you document all of your processes, you must provide evidence of effective implementation of all your QMS processes. Such evidence does not necessarily need to be documented.

Clause 4.4 c requires you to determine criteria for effective process operation and control. You could determine criteria to control the inputs, outputs, and resources used. For example, Raw materials as an input to production would have acceptance criteria that they must meet before they can be used.

These criteria (controls) must be established for each QMS process. Note that such controls may also come from the customer, regulatory, or industry bodies. Equally important are the specific methods required for effective operation and control of each process. These may include job travelers; work instructions; in-process inspection sheets; specifications and drawings; SPC charts; set up checklists; machine manuals; etc. Note these control methods may apply to any or all inputs, outputs, or conversion activities.

This clause also requires you to monitor and measure your QMS processes. Clause 9.1 provides requirements to plan and implement these controls for monitoring and measuring conformity to process performance criteria determined above. Ways to monitor and measure QMS processes may include – tracking against process parameters, goals and objectives, using tools and records such as process check-sheets; product acceptance criteria; SPC records; production records; maintenance records; labour records, etc. More details on monitoring and measuring controls are covered in clause 9.1.
Under 4.4.1d,  resources for QMS processes may include facility, material, equipment, labour, supplies, utilities, etc. Every QMS process will require a different combination of resources. Resource details may be identified in specifications, production schedules, bill of materials, production travellers or routers, work instructions, etc. Information for QMS processes will vary from process to process and may include -production schedules, bill of materials, product acceptance and process performance criteria, production traveller or router, work instructions, etc. Use clause 7.5 and other relevant clauses to control process information.

Under 4.4.1 e the organization shall have to ensure that adequate responsibilities and authorities are assigned as per as the requirements given in the clause 5.3.

This promotes the use of risk-based thinking. Risk is defined as the “effect of uncertainty.” Notes in the definition further describe risk as a “deviation from the expected,” either positive or negative. The term “uncertainty” is defined as a lack of information or knowledge about a potential event that can be expressed as a result of the likelihood and consequence of such an event.   A positive deviation arising from risk can provide an opportunity, but not all positive effects of risk result in opportunities. Actions to address opportunities can also include consideration of associated risks. Clause 4.4.1 f requires that when planning its QMS, the top management must implement and promote a culture of risk-based thinking throughout the organization to determine and address the risks and opportunities associated with providing assurance that the QMS can achieve its intended result(s); provide conforming products and services, enhance customer satisfaction; promote desirable effects and improvement; and prevent, or mitigate, undesired effects.

Clause 4.4.1 g requires to evaluate of QMS processes as per the requirement is given in clause 9.1.3  and evaluation may be done through a review of measurement and monitoring records and performance indicators for each process. These reviews must identify opportunities to improve QMS processes, use of resources and product quality. Clause 4.4.1 h calls for improvement in the process as per the requirement is given in clause 10. When process nonconformities occur, then corrective action is required to bring the QMS process under control. Remember, the corrective action process is not just for product related nonconformity. Processes must be continually improved through the setting of incrementally realistic, measurable objectives. Planning for continual improvement requires a review of process data, resources and controls to bring about the desired change.
Clause 4.4.1a – 4.4.1h must be applied to all QMS processes. Note also that many ISO 9001 clauses (e.g. clause 8.2; 8.4; 8.6; etc.), require specific processes to be established within your QMS, These processes must also be identified and controlled in your QMS.

Example of Quality Manual

ISO 9001:2015 Quality Manual

See more

The new ISO 9001:2015 standard introduces the term “knowledge.” As knowledge was not addressed by the previous ISO 9001 standard, the depth of this topic and the approach to it are new. ISO 9001:2015 defines requirements for the handling of organizational knowledge in the following four phases, which are analogous to the PDCA cycle:

1. Determine the knowledge necessary for the operation of processes and for achieving conformity of products and services
2. Maintain knowledge and make it available to the extent necessary
3. Consider the current organizational knowledge and compare it to changing needs and trends
4. Acquire the necessary additional knowledge.

By introducing the term “knowledge,” ISO 9001:2015 aims to raise organizations’ awareness of the management and linking of know-how in order to position them for the future. The four phases that define the requirements for handling organizational knowledge include various focal and starting points that provide guidance for organizations. Establishing knowledge and competence goals at the start of the process, for example, makes good sense. To do so, organizations should, for instance, determine knowledge of customer expectations and requirements and of particular production and service-provision processes. Subsequently, they can plan how they can achieve the identified goals and objectives by means of training, learning on the job, or e-learning. In phase 2, the organizations should determine specific methods to exchange knowledge in-house and to maintain this knowledge. Possibilities include employees passing on their experience from completed projects or failures to their colleagues in the style of “lessons learned.” Employees leaving the company or refusing to share their experience and know-how represent a major risk of loss of knowledge. Organizations wishing to avoid these risks can collect and maintain the available know-how. In phase 3 the organization must evaluate new knowledge, such as that communicated in training, interview employees on their status of knowledge where appropriate, and identify opportunities for improvement. Another major challenge involves monitoring changes in the market or in technology and analyzing the extent to which they influence the knowledge that the organization requires. Once the organization identifies opportunities for improvement in certain areas, targeted measures should be taken in phase four. Depending on the individual situation, companies may further enhance their relations with clients, suppliers, and service providers or improve their mechanisms for keeping their organizational knowledge secure. It may prove a good idea, for example, to renew the validity of functions critical for knowledge or to improve the protection of existing know-how by filing patents. In addition to continued in-house training, organizations can also use external sources including newsletters, specialist magazines, memberships in associations, or important partnerships to expand their knowledge. By introducing the subject of organizational knowledge, the new ISO 9001:2015 standard raises organizations’ awareness of sustainable and future-oriented success factors.

Clause 7.1.6.  Organizational Knowledge

The organization should determine the knowledge necessary for the operation of its processes and achieve conformity of products and services. This knowledge shall be maintained and made available to the extent necessary. When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates. Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization’s objectives. Organizational knowledge can be based on: a) Internal Sources (e.g., intellectual property, the knowledge gained from experience, lessons learned from failures and successful projects, capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products, and services); b) External Sources (e.g., standards, academia, conferences, gathering knowledge from customers or external providers).

The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services. Organizations should have a system for determining, collecting, and making available meaningful data for the operation of its processes to achieve conformity of its products and services. The process for considering and controlling past, existing and additional knowledge needs to take account of the organization’s context, including its size and complexity, the risks and opportunities it needs to address, and the need for accessibility of knowledge. The balance between knowledge held by competent people and knowledge made available by other means is at the discretion of the organization, provided that conformity of products and services can be achieved.  In Annex A.7 of ISO 9001:2015, it is clearly mentioned that there is a need to determine and manage the knowledge maintained by the organization, to ensure that the operation of its processes and can achieve conformity of products and services. Requirements regarding organizational knowledge were introduced so as to  safeguard the organization from loss of knowledge which may occur due to staff turnover; failure to capture and share information; Also the standard wanted to encourage the organization to acquire knowledge by  learning from experience, mentoring,  benchmarking, etc

Firstly we need to realize that this new clause is not a Knowledge Management standard, nor does it require an organization to have Knowledge Management in place as a formal requirement. It is a clause in a Quality standard and requires that sufficient attention is paid to knowledge to ensure the good and consistent quality of goods and services. To comply, however, an organization needs to have many Knowledge Management elements operating (as opposed to planned) as part of the Quality Management system. Thus there has to be an appropriate system for learning from experience, including lesson learning. There has to be an appropriate approach to knowledge retention, including mentoring, tacit knowledge capture, and knowledge sharing; There has to be some form of Organizational knowledge audit, Organizational knowledge benchmarking, and Organizational knowledge strategy, sufficient to identify the critical knowledge needed to deliver quality products and services, and the main knowledge gaps. There has to be a system (roles, processes, and supporting technology) for maintaining knowledge and making it available to the extent necessary.

We do not yet know how clause 7.1.6 will be audited, but the auditors may be looking for evidence that the following are in place: The organization may need to have “determined the knowledge necessary” for the operation of processes and to achieve conformity of products and services. One may, therefore, conduct a knowledge scan of key knowledge topics, and create a critical knowledge list. The knowledge needs to be “maintained”. Each critical knowledge topic can have a topic owner, and an appropriate maintenance procedure. The knowledge needs to be “made available”. There needs at the very least to be an effective way to find the knowledge, such as a good knowledge base and search engine. Even better if the knowledge is “pushed” to those who need it. There can be a strategic knowledge plan, with identified actions to fill knowledge gaps from external sources. There can be an effective system for learning from experience and for lesson learning, including embedded roles, consistent lesson capture processes, a lessons management system, and good governance. This system should also cover lessons from process, product, and service improvements. There should be a Knowledge Retention and Transfer program.

Example of Organizational knowledge

7.1.6 Requirements	Organization: Large 24-hour food retailer Process location: 9 food checkout counters Process:‘Food checkout’
1. What knowledge is necessary here?	Security protocols for handling/retaining customer money in the counter cash box, operation of a bar code reader, operation of moving food belt, suspect theft protocols, getting help, keying in discounts and food codes, customer food packing, abuse/violence protocols, credit/debit card payments, cashback.
2. How is this knowledge maintained within the organization?	All protocols and activities above are maintained in documented information by the Quality Manager with Human Resource (HR) assistance.
3. How is it made available?	Through the organization’s intranet portal, and available to all persons working for it, to the extent necessary. Also contained in hard copy format at each checkout counter (version and distribution controlled). Also made available through the shift managers.
4. Are there any changing needs/trends?	Yes, promotion codes sold by other retailers that add points to a customer’s rewards card (incentives schemes).
5. Is any additional knowledge required for (4.)? How is this to be acquired/ accessed?	Yes, how to scan these codes in to add points to their reward card, and give a rewards discount on purchases made. IT Systems workforce is to train and write instructions to be included in the documented information above.
6 Required updates?	Frequent, as promotion codes change monthly. Suggest a monthly check on changes/knowledge needed.

Example of Organizational knowledge for process “food Checkout”

Knowledge in  Organizational Knowledge

In everyday language, we use knowledge all the time. Sometimes we mean know-how, while other times we are talking about wisdom. On many occasions, we even use it to refer to information. Part of the difficulty of defining knowledge arises from its relationship to two other concepts, namely data and information. These two terms are often regarded as lower denominations of knowledge, but the exact relationship varies greatly from one example to another. Within more technologically oriented disciplines – particularly involving information systems – knowledge is often treated very similarly to information. It is seen as something one can codify and transmit, and where IT plays a pivotal role in knowledge sharing. For instance, the encyclopedia at fact-archive.com defines it as: “information that has a purpose or use.” This kind of simplistic view of knowledge was particularly widespread during the 90s when information technology became increasingly more common. To illustrate, Theirauf defines the three components as follows: data is the lowest point, an unstructured collection of facts and figures; information is the next level, and it is regarded as structured data; finally, knowledge is defined as “information about information”. However, increasingly one sees definitions that treat knowledge as a more complex and personal concept that incorporates more than just information. The Longman online dictionary states “the information, skills, and understanding that you have gained through learning or experience.” Although still closely associated with information, concepts like skills, understanding, and experience begin to surface.

1.) Data

The basic element of information in an organization is in the form of data. Organizations collect, summarise and analyze this data to identify patterns and trends. Most of the data thus collected is associated with the functional processes of the organization. Data are facts and figures which relay something specific, but which are not organized in any way and which provide no further information regarding patterns, context, etc. Thus Data can be defined as “unstructured facts and figures that have the least impact on the typical manager.”

2. Information

Each data element is a component of a transaction and does not provide much information unless it is presented in conjunction with other data elements. The accumulation of data into a meaningful context provides information. For data to become information, it must be contextualized, categorized, calculated, and condensed. The information thus paints a bigger picture; it is data with relevance and purpose. It may convey a trend in the environment, or perhaps indicate a pattern of sales for a given period of time. Essentially information is found “in answers to questions that begin with such words as who, what, where, when, and how many”

3. Analytic

The information gathered in the previous stage, although provides much insight, separating or regrouping this information and analysis extends the value of the information. Applications with analytical processing capabilities provide users with the ability to analyze information and determine relationships, patterns.

4. Knowledge

Knowledge is different from data, information or analytics in that it can be created from any one of those layers or it can be created from existing knowledge using logical inferences. Knowledge is closely linked to doing and implies know-how and understanding. The knowledge possessed by each individual is a product of his experience and encompasses the norms by which he evaluates new inputs from his surroundings.  Knowledge can be defined as “Knowledge is a fluid mix of framed experience, values, contextual information, expert insight, and grounded intuition that provides an environment and framework for evaluating and incorporating new experiences and information. It originates and is applied in the mind of the knowers. In organizations, it often becomes embedded not only in documents or repositories but also in organizational routines, practices, and norms.”

5. Wisdom

Wisdom is the utilization of accumulated knowledge to create a higher level of understanding of the data. An example would help in understanding the distinction better. Mere numerals like 41, 42 are termed as data. This data, if read in the context of temperature would give an indication of the weather in that part of the world. The fact that these numbers indicate the temperature is information. Knowledge refers to the understanding that this temperature indicates summer. The decision to venture out or not in this weather or an understanding of the effects of this weather is wisdom.

Types of knowledge

Within business, two types of knowledge are usually defined, namely explicit and tacit knowledge. The former refers to codified knowledge, such as that found in documents, while the latter refers to noncodified and often personal/experience-based knowledge.  Explicit Knowledge is the type of knowledge that is formalized and codified and is sometimes referred to like know what. It is therefore fairly easy to identify, store, and retrieve. This is the type of knowledge most easily handled by the organization, which is very effective at facilitating the storage, retrieval, and modification of documents and texts. From a managerial perspective, the greatest challenge with explicit knowledge is similar to information. It involves ensuring that people have access to what they need; that important knowledge is stored; and that the knowledge is reviewed, updated, or discarded. Explicit knowledge is found in databases, memos, notes, documents, etc. Tacit Knowledge is the type of knowledge that is sometimes referred to as know-how and refers to intuitive, hard-to-define knowledge that is largely experience-based. Because of this, tacit knowledge is often context-dependent and personal in nature. It is hard to communicate and deeply rooted in action, commitment, and involvement. Tacit knowledge is also regarded as being the most valuable source of knowledge, and the most likely to lead to breakthroughs in the organization. Gamble & Blackwell link the lack of focus on tacit knowledge directly to the reduced capacity for innovation and sustained competitiveness imagine trying to write an article that would accurately convey how one reads facial expressions. It should be quite apparent that it would be near impossible to convey our intuitive understanding gathered from years of experience and practice. Virtually all practitioners rely on this type of knowledge. An IT specialist, for example, will troubleshoot a problem based on his experience and intuition. It would be very difficult for him to codify his knowledge into a document that could convey his know-how to a beginner. This is one reason why experience in a particular field is so highly regarded in the job market. Tacit knowledge is found in the minds of human stakeholders. It includes cultural beliefs, values, attitudes, mental models, etc. as well as skills, capabilities, and expertise.

Modern Authors have classified Knowledge as follows:

Organizational Knowledge Resources

Business knowledge can exist on several different levels:

• Individual: Personal, often tacit knowledge/know-how of some sort. It can also be explicit, but it must be individual in nature, e.g. a private notebook.
• Groups/community: Knowledge held in groups but not shared with the rest of the organization. Companies usually consist of communities (most often informally created) which are linked together by common practice. These communities of practice may share common values, language, procedures, know-how, etc. They are a source of learning and a repository for tacit, explicit, and other types of knowledge.
• Structural: Knowledge found in processes, culture, etc. This may be understood by many or very few members of the organization. E.g. the knowledge in the routines used by the army may not be known by the soldiers who follow these routines. At times, structural knowledge may be the remnant of past, otherwise, long-forgotten lessons, where the knowledge of this lesson exists exclusively in the process itself.

Organizational knowledge is defined as: “all the knowledge resources within an organization that can be realistically tapped by that organization. It can, therefore, reside in individuals and groups, or exist at the organizational level.”

Extra-organizational: Defined here as Knowledge resources existing outside the organization which could be used to enhance the performance of the organization. They include explicit elements like publications, as well as tacit elements found in communities of practice that span beyond the organization’s borders.

Organizational Memory

Traditional memory is associated with the individual’s ability to acquire, retain, and retrieve knowledge. Within business, this concept is extended beyond the individual, and organizational memory, therefore, refers to the collective ability to store and retrieve knowledge and information. So how does one define organizational memory? Any definition would need to span all the different repositories in which a company may store knowledge. This includes more formal records, as well as tacit and embedded knowledge in people, organizational culture, and processes. Walsh and Ungson define a number of stages in the organizational memory process and outline five retention facilities:

1.Acquisition: Organizational memory consists of the accumulated information regarding past decisions. This information is not centrally stored, but rather it is split across different retention facilities. Each time a decision is made and the consequences are evaluated, some information is added to the organizational memory.

2. Retention: Past experiences can be retained in any of the five different repositories:

• Individuals
• Culture: The language and frameworks that exist within an organization and form shared interpretations.
• Transformations: The procedures and formalized systems that the organization employs. These systems reflect the firm’s past experiences and are repositories for embedded knowledge.
• Structures: These link the individual to other individuals and to the environment. Social interaction is conditioned by mutual expectations between individuals based on their roles within the organization. The interaction sequences for a pattern over time and begins to extend to an organizational level. This can take place both through formal and informal structure and it constitutes a social memory which stores information about an organization’s perception of the environment.
• External activities: The surroundings of the organization where knowledge and information can be stored. E.g. former employees, government bodies, competitors, etc.
• Retrieval: This can either be controlled or automatic. The latter refers to the intuitive and essentially effortless process of accessing organizational memory, usually as part of an established sequence of action. Controlled refers to the deliberate attempt to access stored knowledge.

As one can see, the three stages presented here are essential to the learning process of the firm. Much like an individual, the firm must be able to access and use past experiences so as to avoid repeating mistakes and to exploit valuable knowledge. Unlike an individual, however, Organizational knowledge is not centrally stored and resides throughout the firm and even beyond it. The process of retrieving knowledge/information will inevitably vary depending on the retention facility that one is trying to access. For example, written documentation may be accessed through IT while cultural memory is accessed through the understanding and/or application of the norms and procedures of the working environment.

A further distinction regarding the type of knowledge retained in the organization is offered by Ramage and Reif. They separate the documented aspects from the more subtle knowledge that belongs to individuals as a result of their role as members of the organization:

• Artefacts of Cooperation: These are the hard indicators that are visible and can be examined. They include products, records of collaboration, and ideas. The latter refers to minutes of meetings, reports, FAQs, and other items that record common knowledge. These are easily storable and presumably also more easily accessible.
• Knowledge of the Organization: This type of knowledge cannot be stored in the same way as the artefacts of cooperation. It includes knowledge of the political system, of the culture, and of how things are normally done within the firm. It can include the knowledge of who is an expert, of where a particular person is, and who to contact for a specific problem.

This definition is useful as a way of understanding the knowledge categories and the potential management challenge that organizational memory would pose. Furthermore one finds a distinct difference in the way organizational memory is perceived between IT practitioners and business theoreticians. The IT path emphasizes the acquisition and storage of organizational knowledge including data warehousing, document management, and search tools. The organization development (OD) path emphasizes tacit knowledge, coaching, social interactions, and encouraging ad hoc knowledge exchange. IT-based models thus tend to focus on more concrete, definable memory and less on people, culture, and informal structures. Essentially, they focus more on artifacts of cooperation.

Organizational Learning

Learning is the way we create new knowledge and improve ourselves. Botha et al. describe the organizational learning process as follows:

The implications of Organization learning are three-fold:

• One must understand how to create the ideal organizational learning environment
• One must be aware of how and why something has been learned.
• One must try to ensure that the learning that takes place is useful to the organization

Generally speaking, there are two approaches to organizational learning. The first view looks at the firm as a whole and examines learning from a cognitive perspective. The second view looks at learning as community-based, where the firm’s practitioners create knowledge in their own networks called communities of practice

Organizational learning (OL), according to Argrys & Schon is a product of organizational inquiry. This means that whenever the expected outcome differs from the actual outcome, an individual (or group) will engage in inquiry to understand and, if necessary, solve this inconsistency. In the process of organizational inquiry, the individual will interact with other members of the organization and learning will take place. Learning is, therefore, a direct product of this interaction. Argrys and Schon emphasize that this interaction often goes well beyond defined organizational rules and procedures. Their approach to organizational learning theory is based on the understanding of two (often conflicting) modes of operation:

• Espoused theory: This refers to the formalized part of the organization. Every firm will tend to have various instructions regarding the way employees should conduct themselves in order to carry out their jobs (e.g. problem-solving). These instructions are often specific and narrow in focus, confining the individual to a set path. An example of espoused theory might be “if the computer does not work, try rebooting it and then contact the IT department.”
• Theory-in-use: This is the actual way things are done. Individuals will rarely follow the espoused theory and will rely on interaction and brainstorming to solve a problem. Theory in use refers to the loose, flowing, and social way that employees solve problems and learn. An example of this might be the way someone actually solves a problem with their computer by troubleshooting solutions, researching on forums, asking co-workers for opinions, etc

In order to create an environment conducive to learning, firms are encouraged to accept the theory in use and make it easy for the individual to interact with his working environment in an undefined and unstructured way. Essentially they should provide the right environment for the organizational inquiry to take place, unconstrained by formal procedures. Levitt and March expand further on the dynamics of organizational learning theory. Their view presents the organization as routine-based, history-dependent, and target-oriented. While lessons from history are stored in the organizational memory, the event itself is often lost. They note that past lessons are captured by routines “in a way that makes the lessons, but not the history, accessible to organizations and organizational members.” The problem most organizations face is that it is usually better to have the event rather than the interpretation. However, this is often too costly (both financially and time-wise) to be feasible. OL is transmitted through socialization, education, imitation, and so on, and can change over time as a result of interpretations of history.

Argrys and Schon  identify three levels of learning which may be present in the organization:

• Single loop learning: Consists of one feedback loop when the strategy is modified in response to an unexpected result (error correction). E.g. when sales are down, marketing managers inquire into the cause and tweak the strategy to try to bring sales back on track.
• Double-loop learning: Learning that results in a change in theory-in-use. The values, strategies, and assumptions that govern the action are changed to create a more efficient environment. In the above example, managers might rethink the entire marketing or sales process so that there will be no (or fewer) such fluctuations in the future.
• Deutero-learning: Learning about improving the learning system itself. This is composed of structural and behavioral components which determine how learning takes place. Essentially deutero-learning is, therefore “learning how to learn.”

Effective learning must include all three, continuously improving the organization at all levels. However, while any organization will employ single-loop learning, double loop and particularly deutero-learning are a far greater challenge.

Learning Within Communities of Practice

It describes a learning theory with a strong relationship to the social construction of knowledge. The community of practice consists of members who interact with each other for their pursuit of a common practice. It is, therefore, this collective social practice that links individuals together across official organizational boundaries and departments, and makes up the community. It is important to note that these are not teams. A community of practice can be defined as “a group of professionals informally bound to one another through exposure to a common class of problems, common pursuit of solutions, and thereby themselves embodying a store of knowledge”. Learning is seen as deriving from the social process of becoming a practitioner, as it gives the individual a social context of being an integrated part of a community. The social construction of identity shapes each person’s view and interpretation of the world. Learning and the creation of new knowledge can then take place within the context-dependent forum of the community and can be shared through social practice.

Botha et al  summarize the key factors regarding communities of practice as follows:

• Learning is a social phenomenon
• Knowledge is integrated into the culture, values, and language of the community
• Learning and community membership are inseparable
• We learn by doing and therefore knowledge and practice are inseparable.
• Empowerment is key to learning: The best learning environments are created when there are real consequences to the individual and his community of practice.

Management must understand the advantages, disadvantages, and limitations of communities of practice. For example, because they are so loosely defined it may be very hard to identify them when a problem needs to be solved- to resolve this some companies today are mapping their communities of practice. Another issue could be the problem of transferring and combining knowledge across the firm. Due to the close ties to “doing” as well as the cultural elements, this may require innovative solutions- e.g. using temporary cross-functional project teams that can leverage knowledge from different areas, apply it, learn, and then redistribute the new knowledge back into the individual members’ communities.

Organizational Culture

Organizational culture determines values and beliefs which are an integral part of what one chooses to see and absorb. It includes a shared perception of reality, regarding how things are and how things should be. Furthermore, community and group culture determine the willingness and conditions for knowledge sharing with other members of the organization. Knowledge and knowledge sharing are thus inseparable from organizational culture.

Wellman essentially describes culture as “the way it is around here.” To illustrate the perseverance of organizational culture he presents an interesting allegory:

Put five apes in a cage. Then dangle a banana from the ceiling of that cage and place a ladder under it. Whenever an app attempts to climb the ladder to reach the banana, spray all of them with cold water. After a few times, the apes will associate climbing the ladder with being sprayed with cold water. One can now turn off the cold water. Then, replace one of the original apes with a new one. This new ape will undoubtedly try to get to the banana, but if he tries he will be attacked by the others. He will have no idea why this is so, but will soon learn that he must not climb the ladder. Next, replace yet another ape. When he approaches the ladder all the apes will attack him. One of these apes has no idea why he may not climb the ladder, but he participates in the punishment enthusiastically. Soon the new ape will also learn not to climb the ladder. In this way, one can continue until all the original apes are replaced. At this stage, none of them knows why they must not climb the ladder, but none will do so, and all will attack anyone that tries. All of this because “that’s the way it has always been around here.”

Strange as it may seem, this kind of cultural learning can be identified time and again in real-world organizations. Wellman points out that at times this can be beneficial and detrimental. Hardwiring a reaction can push the organization into action quickly against a perceived threat. The problem is that this “instinctive response may be inappropriate for the current environment but maybe triggered nonetheless”.

All in all, organizational culture can be split into levels:

• Artefacts: These represent the visible elements such as processes, structures, goals, climate, dress codes, furniture, etc. An outsider can see them but may not understand why things are the way things are.
• Espoused values: The values espoused by the leaders. They most often are grounded in shared assumptions (see below) of how the company should be run. If there is a significant mismatch between the leadership espoused values and this perception, the organization may be in trouble.
• Assumptions: These are the actual values of the culture. They refer to the (often tacit) views of the world itself (e.g. human nature). Again, these assumptions should need to correlate at least to a certain degree to the espoused leadership values for the organization to function smoothly.

The problems with managing culture can be summed up as follows:

• Culture reaffirms itself by rejecting misfits and promoting those that adhere to the norms of the organization.
• Culture often consists of learned responses that are hard-wired into the organization. The actual events that sparked this “lesson” may be long forgotten. This is very similar to the concept of organizational learning according to Levitt and March which indicates that organizations are far more likely to remember interpretations of events rather than the event itself.
• Culture contains falsehoods. Past lessons are applied often without understanding them and their reasons for being.

The Learning Organization

The term “learning organization”, not to be confused with organizational learning, describes an organization with an ideal learning environment, perfectly in tune with the organization’s goals. Such an organization is a place “where people continually expand their capacity to create the results they truly desire, where new and expansive patterns of thinking are nurtured, where collective aspiration is set free, and where people are continually learning to see the whole (reality) together.”

• The ideal organizational environment for learning, knowledge management (KM), innovation, etc, as described through the term “the learning organization”.
• The leadership qualities were necessary for promoting and encouraging this ideal environment.

According to Senge, the learning organization depends upon the mastery of five dimensions:

• Systems thinking: The notion of treating the organization as a complex system composed of smaller (often complex) systems. This requires an understanding of the whole, as well as the components, not unlike the way a doctor should understand the human body. Some of the key elements here are recognizing the complexity of the organization and having a long-term focus. Senge advocates the use of system maps that show how systems connect.
• Personal mastery: Senge describes this as a process where an individual strives to enhance his vision and focus his energy and be in a constant state of learning.
• Mental models: “Deeply ingrained assumptions, generalizations, or even pictures and images that influence how we understand the world and how we take action”. These must be recognized and challenged so as to allow for new ideas and changes.
• Building a shared vision: Shared vision is a powerful motivator. A leader’s vision does not necessarily become shared by those below him. The key here is to pass on a picture of the future. To influence using dialogue, commitment, and enthusiasm, rather than to try to dictate. Storytelling is one possible tool that can be used here.
• Team learning: The state where team members think together to achieve common goals. It builds on a shared vision, adding the element of collaboration.

The Role of Leadership

Senge emphasized the role of the leader in the creation of this learning organization. He defined three leadership roles that would reshape the old-fashioned approach to being the boss. These are:

Leader as Designer: Senge likens this to being the designer of a ship rather than its captain. He defined it in three ways:

• Creating a common vision with shared values and purpose.
• Determining the “policies, strategies, and structures that translate guiding ideas into business decisions.”
• Creating effective learning processes which will allow for continuous improvement of the policies, strategies, and structures.

Leader as Teacher: The leader here is seen as a coach that works with the mental models present in the organization. He must understand the (usually tacit) concepts of reality and restructure these views “to see beyond the superficial conditions and events [and] into the underlying causes of the problems.”

Leader as Steward: This is the vaguest of the three and refers largely to the attitude of the leader. He emphasizes the importance of a leader that feels he is part of something greater; whose desire is first and foremost not to lead, but to serve this greater purpose of building better organizations and reshaping the way businesses operate.

The first two roles outlined by Senge shed a lot of light into the requirements of effective organizational learning.

Botha et al Process Model

The three broad categories overlap and interact with one another. The focus is on managerial initiatives. Here too the strategic focus (the “when” and the “why” as opposed to the “what”) is omitted. It is noteworthy that this model does include the creation of new knowledge. The model further shows which of the three categories are more people-oriented and which are more technology-focused.

Knowledge Development Cycle:

The knowledge development cycle defines the knowledge management process in an organization, as a cyclic process from knowledge creation to knowledge review and revision.

The knowledge creation process involves the creation of new knowledge in the organization. This also includes activities like research and development, consulting, education, etc. The knowledge adoption process involves the adoption of created knowledge and adapting the knowledge. The knowledge distribution and knowledge review and revision process involve the conversion of converting the individual knowledge to organizational knowledge.

Knowledge Management Process:

KM involves processes that facilitate the application and development of organizational knowledge and aims to create value and to increase/sustain competitive advantage for the organization in 3 dimensions:

• Strategic dimension – highlights the strategic importance of knowledge and its management in a company’s strategy
• Managerial dimension – highlights organizational knowledge assessment and management
• Operational dimension –  highlights  the development and usage of knowledge and intellectual assets

KM supports and coordinates the generation, codification, transfer, and application of individual knowledge in value creation processes. There are generally 4 stages of KM processes:

1 Knowledge Creation/Generation

Companies create a great amount of data and information in their daily business activities. It would be essential for the company to have a system of managing the newly created information so it can be reused to solve new problems or leveraged to value-add to other business activities. For example, high technology companies may often receive a lot of feedback from customers on their products. This kind of information could be very useful for the R&D team to come up with new improved products. Companies may find that they cannot meet their knowledge requirement from their available knowledge assets. The gap will have to be filled either by internally developing new knowledge or acquiring the knowledge from external sources. Knowledge creation can only be achieved in a creative environment that encourages teamwork and the use of creative potential. If managed successfully, the process can expand or change the company’s knowledge base to meet the company’s current and future needs.

2.  Knowledge Codification

Data and information need to be collected and analyzed in order to turn them into useful knowledge. This is the stage where tacit knowledge is converted into explicit knowledge and is very critical to the success of the other two stages – application and transfer. Without documenting and codifying tacit knowledge, its transfer for the purposes of learning and utilization, both internally and externally, will be difficult to achieve. Furthermore, the legal protection of these valuable knowledge assets can only be done if the knowledge has been codified. For example, patent applications require the complete disclosures of the inventions, and trade secrets require the demonstration of safe-keeping of documented information. The legal rights that come with IP protection offer the company a distinct advantage that can be used to derive revenues from IP licensing or exclusive rights to commercialize.

3. Knowledge  Application

It is not unusual for companies not to know how to generate value from the use of the knowledge assets they have. It is worse when a company does not even know the kind of knowledge it has. Knowledge Management offers a management system for the company to ensure that their knowledge assets when created are properly documented and that the knowledge in different domain owners will be shared within the organization. When knowledge assets are documented and shared, knowledge utilization will be facilitated. This is the stage in Knowledge Management where value creation is delivered. By harnessing knowledge from different knowledge domains and competencies across the organization, direct impacts to the missions and goals of the company can be achieved.

4. Knowledge Transfer

One of the advantages of knowledge is that knowledge is dynamic. Knowledge can be adapted and evolved through the processes of learning and sharing. The impact made by individual knowledge is not as great as collective knowledge so sharing within the organization should be encouraged. When a company has limited capability to effectively use certain knowledge, it would be worthwhile to consider external transfer to third parties who may have the competencies to utilize the knowledge for value creation. For example, a company may have invented a new technology but does not have the capability to produce products based on such invention. The technology can be licensed to a third party that has the production facilities and the marketing and sales capability to sell the new product. To ensure the success of this technology transfer, it is essential that tacit knowledge and procedural knowledge are converted to explicit knowledge for easy learning, adaptation, and utilization.

Introduction

All organizations use processes to achieve their objectives. As per ISO definition
“A process: the set of interrelated or interacting activities that use inputs to deliver an intended result
NOTE: Inputs and outputs may be tangible (e.g. materials, components or equipment) or intangible (e.g. data, information or knowledge).”
The process approach is the foundation upon which your QMS must be developed. The ISO 9001 Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. ISO 9001:2008 promoted the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system. ISO 900:2015 makes this more explicit (in 4.4) by expanding the requirements around QMS Processes – specifying requirements considered essential to the adoption of a process approach. For example, determining the inputs required and outputs expected from these processes , then after determining the risks and opportunities and plans to address these in 6.1 – integrate these into its QMS processes(4.1.f – plan and implement actions), related performance indicators (4.4.1c.), assignment of responsibilities and authorities for these processes (4.4.1 e).
For an organization to function effectively, it has to identify and manage numerous linked activities. Any activity, using resources and managed in order to enable the transformation of inputs into outputs, can be considered a process. Often the output from one process directly forms the input to the next. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as the “process approach”.
An advantage of the process approach is the ongoing control that it provides over the linkage between the individual processes within the system of processes, as well as over their combination and interaction.
When used within a quality management system, such an approach emphasizes the importance of:

• An understanding of the intended results and requirements
• Consideration of processes in terms of adding Value and effective performance
• Improvement of processes based on evaluation of data and information
• Consistent and predictable results
• Meeting requirements and customer satisfaction
• Activity understanding and management of interrelated processes

The model of a process-based quality management system shown in figure illustrates the process linkages presented in clauses 4 to 10. This illustration shows that customers requirements, the needs, and expectations of relevant interested parties along with the organization and its context play a significant role in defining requirements as inputs. The output of the process is the result of the QMS that includes product and service the organization provides, which should result in Customer satisfaction. The model shown in Figure covers all the requirements of this Standard but does not show processes at a detailed level.

Understanding Process :

Let’s understand some basics about processes.

• All work generally involves a process – things go in (inputs); get worked upon (conversion), and come out differently (output). The value-adding conversion activity within a process transforms inputs into outputs, e.g. takes raw materials (the input) and manufactures (the value-adding conversion activity using various resources) a product (the output).
• Process inputs and outputs can be tangible such as raw materials or finished product or intangible like INFORMATION – e.g. computerized drawing or specification.
• All processes have a supplier and a customer. These suppliers and customers may be internal processes or external to your organization. Each process must have an accountable owner, i.e., having defined responsibility and authority to operate, control and improve their process.
• All processes require the use of resources, e.g. – people, equipment, materials, technology, etc. These resources can be used as inputs (raw materials or information such as a customer specification) as well as for the value-adding conversion activity (e.g. use of machinery, equipment, computers, technology, people, etc.) to transform raw material (input) into finished product (output).
• All processes must meet customer, organizational and applicable regulatory requirements. The performance of all processes can be monitored and measured. Gather performance data that can be analyzed to determine process effectiveness and whether any corrective action or improvement is needed.

As an example, the below process contains a set of activities that are interrelated (showing links from/to), interacting (showing inputs/ outputs), and the transformation of process inputs into process outputs.

Schematic Representation of the elements of single process

Procedures are typically used to control deviation where risk/hazards are present. It is defined as a specified way to carry out an activity or a process’, which may be a documented set of instructions, or simply an established way of doing a specific task that itself forms part of a larger process. In ISO 9001:2015 this might be considered captured, in the main, by’the availability of documented information that defines: the characteristics of the products to be produced, the services to be provided, or the activities to be performed. An organization’s QMS processes may be grouped or categorized in many ways. One logical way would include the following:

Customer Oriented Processes (COP’s):

These are product realization processes that determine customer requirements (inputs), design, make, deliver and service product (outputs) to customers and determine customer satisfaction. These processes generally have the greatest degree of interaction with external customers. COP’s includes marketing and sales, design and development, production, shipping, packaging, servicing/ warranty, customer satisfaction, etc., whether performed onsite or off-site.

Support Oriented Processes (SOP’s) :

These processes provide the necessary resources to COP’s to facilitate product realization. These processes generally have the greatest degree of interaction at an operational level with COP’s and to a lesser degree with other internal QMS processes. SOP’s includes human resources, information technology, purchasing and receiving, laboratory, maintenance, tooling, facility management, etc, whether performed onsite or off-site.

Management Oriented Processes (MOP’s)

These processes provide the commitment, leadership, resources, review, and decision-making by top management.  These processes generally interact with all QMS processes at the QMS planning and review level. MOP’s includes business planning, management review, quality planning, resource planning, communication, etc., whether performed offsite or on-site.

Quality Management Processes (QMP’s):

It includes all process which is used to document, measure, analyze and improve all processes. These processes provide quality management support to and interact with all QMS processes. QMP’s includes document control, records control, monitoring and measurement of processes and product, internal audits, control of the nonconforming product, corrective and preventive action, continual improvement, etc whether performed onsite or off-site.

Outsourced Processes (OP’s):

An “outsourced process” is a process that the organization has identified as being needed for its quality management system (QMS), but one which it has chosen to be carried out by an external party outside the managerial control of your facility and not subject to your QMS. These could include MOP’s, COP’s or SOP’s. They may be performed onsite or off-site. These processes may include – strategic planning is done at head office; purchasing or design done at head office or another location; heat treating; painting; welding, calibration; testing; sort; HR; etc., done by an outside organization.

Implementing QMS using Process Approach

Your QMS is made up of a network of these value-adding processes that link, combine and interact with one another to collectively provide product or service. These processes are inter-dependent and can be defined by complex interactions. For example, any of the COP processes could interact with some or all of the MOP’s, SOP’s, QMP’s. Also, note that resources (SOP’s) and QMP’s may also be applied to all other processes. Interactions between QMS processes may occur at any of the three process stages (input, output or conversion activity). The interaction may occur in many different ways – physical, documentary, verbal, electronic, etc. For each process, we must identify these interactions, assess the risks of problems that may occur and implement appropriate controls to prevent them, e.g., if orders are communicated verbally by sales personnel to production, what is the risk that production errors will occur?
Therefore, in general, in order to plan and implement your QMS using the ‘Process Approach’, you must:

• Identify the processes needed for the QMS.
• Determine their sequence and interaction(show the sequence and interaction of your COP’s). There are many ways to document this, e.g., a high-level flowchart or a process map.
• Determine the application of QMS processes throughout the organization (show how MOP’s; SOP’s and QMP’s are applied to each COP and to each other). There are many ways of documenting this. A popular way is through graphical representation, e.g. process maps.
• Determine (plan) the criteria, methods, information, controls, and resources needed for each QMS process.
• Identify the internal/external customer-required output.
• Describe the processing activity that produces the output.
• Identify the resources needed for the processing activity.
• Identify the inputs for the process – information, materials, supplies, etc.
• Define the process methods, procedures, forms, etc., that may be needed to produce the output.
• Define the controls to prevent or eliminate the risk of errors, omissions, or nonconformities in process activity. controls may come from the IS standards; customer; regulatory and your own organizational requirements
• Interaction with sources that provide the inputs (internal processes or external supplier), uses the output (internal processes or external customer), or provide the resources (internal support process) to perform the process activity.
• Implement your QMS according to your plan.
• Monitor, measure and improve each QMS process and its interaction with other processes. Performance indicators to monitor and measure process performance may come from the IS standard, customer, regulatory and your own organizational requirements. Performance indicators may relate to the process output as well as the process activity.
• Performance indicators for process output must focus on meeting customer and regulatory requirements. Performance indicators for process activity should focus on measuring process effectiveness and efficiency.

It is useful to point out that while we do need to identify all QMS processes and describe their interaction, not all identified QMS processes need to be documented or documented in the detail described above.

PLAN-DO-CHECK-ACT (PDCA)

In addition, the methodology known as “Plan-Do-Check-Act” (PDCA) can be applied to all processes. PDCA can be briefly described as follows.
Plan: Establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organization’s policies.
Do: Implement the processes
Check: Monitor and check processes and product against policies, objectives, and requirements for the product and report the results
Act: Take actions to continually improve process performance

PLAN-DO-CHECK-ACT (PDCA) is a very effective tool for business management and the ISO 9001 standard strongly recommends its use.  PDCA is a dynamic cycle that can be applied to each of the organization’s processes, and also to the system of processes as a whole. It may be used to plan, implement, control and continually improve both product realization and other QMS processes.
Maintenance and continual improvement of QMS processes can be achieved by applying PDCA to processes at all levels within the organization right from the executive high-level strategic processes, such as business planning or management review to operational processes such as product realization or calibration.

PLAN :

For each QMS process you must establish:

• Process owner and his/her accountability.
• Process inputs, outputs, value adding or conversion activities and sequence/interaction of these activities (sub-processes) within the process. Many of the COP’s and SOP’s may have sub-processes.
• Process policies, responsibilities and accountability.
• Process objectives and performance indicators and methods to monitor and measure process performance to these objectives and indicators.
• Resources such as facility, equipment, labor, materials, time, etc needed.
• Preventive and detective controls needed for process activity, input, output, and resources used.
• Process documentation such as procedures, forms, work instructions, specification, etc.
• The nature, method, frequency, and timing of interaction with other processes and where this interaction will occur – input, output, use of resources, conversion activity, etc.
• You must pay a lot of attention to this stage of your QMS development. Planning must also consider how you will meet customer, applicable regulatory, and your own organizational requirements, in addition to ISO 9001 requirements.

DO:

Deploy and implement your QMS processes and manage and control them according to your plan as documented above.

CHECK:

Monitor and measure the effectiveness of your QMS processes against policies and objectives that you established under PLAN. Monitoring and measuring activity may focus on any or all of a process’s inputs; outputs; use of resources for conversion; and interaction with other processes.

ACT:

Collect and analyze your monitoring and measurement information and use it to determine the effectiveness of each process as well as your overall QMS in meeting requirements. Use the information to correct problems and continually improve individual processes.

 CONTINUOUS IMPROVEMENT PROCESS MODEL

The above fig shows the macro level application of the PDCA model to an entire organization. The organization’s QMS as depicted by the processes within the circle is used to PLAN the controls over all inputs, resources, value-adding activities and outputs. We DO implement our plan by using various resources to convert customer inputs (requirements) into outputs (product) that meet customer requirements. We CHECK – by monitoring and measuring QMS performance and through customer feedback. We ACT  by using this information to continually improve QMS effectiveness. At the micro level, this same model can be applied to each QMS process.

The process approach in ISO 9001:2015

The process approach includes establishing the organization’s processes to operate as an integrated and complete system.

• The management system integrates processes and measures to meet objectives
• Processes define interrelated activities and checks, to deliver intended outputs
• Detailed planning and controls can be defined and documented as needed, depending on the organization’s context.

These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk‐based thinking is used throughout the process approach to:

• Decide how risk (positive or negative) is addressed in establishing the processes to improve process outputs and prevent undesirable results
• Define the extent of process planning and controls needed (based on risk)
• improve the effectiveness of the quality management system
• maintain and manage a system that inherently addresses risk and meets objectives

PDCA  can be used to manage processes and systems.

1. Plan: set the objectives of the system and processes to deliver results (“What to do” and “how to do it”)
2. Do: implement and control what was planned
3. Check: monitor and measure processes and results against policies, objectives and requirements and report results
4. Act: take actions to improve the performance of processes

PDCA operates as a cycle of continual improvement, with risk‐based thinking at each stage.

Steps in the process approach	What to do?	Guidance
Define the context of the organization	The organization should identify its responsibilities, the relevant interested parties and their relevant requirements, needs & expectations to define the organization’s intended purpose.	1. Gather, analyze and determine external and internal responsibilities of the organization to satisfy the relevant requirements, needs, and expectations of the relevant interested parties. 2. Monitor or communicate frequently with these interested parties to ensure continual understanding of their requirements, needs and expectations.
Define the scope, objectives, and policies of the organization	Based on the analysis of the requirements, needs and expectations establish the scope, objectives, and policies that are relevant for the organization’s quality management system.	1. The organization shall determine the scope, boundaries, and applicability of its management system taking into consideration the internal and external context and interested party requirements. 2. Decide which markets the organization should address. 3. Top management should then establish objectives and policies for the desired outcomes.
Determine the processes in the organization	Determine the processes needed to meet the objectives and policies and to produce the intended outputs.	1. Management shall determine the processes needed for achieving the intended outputs. 2. These processes include management, resources, operations, measurement, analysis, and improvement.
Determine the sequence of the processes	Determine how the processes flow in sequence and interaction.	Define and describe the network of processes and their interaction. Consider the following: 1. The inputs and outputs of each process (which may be internal or external). 2. Process interaction and interfaces on which processes depend or enable. 3. Optimum effectiveness and efficiency of the sequence. 4. Risks to the effectiveness of process interaction. Note: As an example, realization processes (such as those needed to provide the products or services delivered to a customer) will interact with other processes (such as the management, measurement, procurement in the provision of resources). Process sequences and their interactions may be developed using tools such as modelling, diagrams, matrices, and flowcharts.
Define people who take process ownership and accountability	Assign responsibility and authority for each process.	1. Top Management should organize and define ownership, accountability, individual roles, responsibilities, working groups, remits, authority and ensure the competence needed for the effective definition, implementation, maintenance and improvement of each process and its interactions. Such individuals or remits are usually referred to as the Process Owners. 2. To manage process interactions it may be useful to also establish a management system team that has a system overview across all the processes and may include representatives from the interacting processes and functions.
Define the need for documented information	Determine those processes that need to be formally defined and how they are to be documented.	1. Processes exist within the organization. 2. They may be formal or informal. 3. There is no catalogue or list of processes that have to be formally defined. 4. The organization should determine which processes need to be documented on the basis of risk‐based thinking, including, for example: The size of the organization and its type of activities. 5. The complexity of its processes and their interactions. 6. The criticality of the processes. 7. The need for formally accountability of performance. Processes can be formally documented using a number of methods such as graphical representations, user stories, written instructions, checklists, flow charts, visual media or electronic methods including graphics and systemization. However, the method or the technology chosen are not the goals. They can be used to describe processes, which are the means to achieve the goals. Effective and organized processes can then deliver consistent and accountable operations and the desired objectives and results which can then be improved.
Define the  interfaces,  risks and activities  within the process	Determine the activities needed to achieve the intended outputs of the process and risks of unintended outputs.	1. Define the required outputs and inputs of the process. 2. Determine the risks to conformity of products, services, and customer satisfaction if unintended outputs are delivered. 3. Determine the activities, measures and inherent controls required to transform the inputs into the desired outputs. 4. Determine and define the sequence and interaction of the activities within the process. 5. Determine how each activity will be performed. 6. Ensure that the management system as a whole takes account of all material risks to the organization and users. Note: In some cases, the customer may specify requirements not only for the outputs but also for the realization of a process.
Define the monitoring and measurement requirements	Determine where and how monitoring and measuring should be applied. This should be both for control and improvement of the processes and the intended process outputs. Determine the need for recording results.	Identify the validation necessary to assure effectiveness and efficiency of the processes and system. Take into account such factors as: 1. Monitoring and measuring criteria. 2.Reviews of performance Interested parties’ satisfaction. 3.Supplier performance. 4. On-time delivery and lead times. 5.Failure rates and waste. 6. Process costs. 7. Incident frequency. 8. Other measures of conformity with requirements.
Implement	Implement actions necessary to achieve planned activities and results.	The organization should perform activities, monitoring, measures and controls of defined processes and procedures (which may be automated), outsourcing and other methods necessary to achieve planned results.
Define the resources needed	Determine the resources needed for the effective operation of each process.	Examples of resources include: 1. Human resources. 2. Infrastructure. 3. Environment. 4. Information. 5. Natural resources (including knowledge). 6. Materials. 7.Financial resources.
Verify the process against its planned objectives	Confirm that the process is effective and that the characteristics of the processes are consistent with the purpose of the organization.	The organization should compare outputs against objectives to verify that all the requirements are satisfied. Processes are needed to gather data. Examples include measurement, monitoring, reviews, audits and performance analysis.

If you need assistance or have any doubt and need to ask any question contact me at preteshbiswas@gmail.com  . You can also contribute to this discussion and I shall be very happy to publish them in this blog. Your comment and suggestion are also welcome.

Addressing Change In ISO 9001:2015

ISO 9001 2015 focuses on change management at many places of the standard. Any change maybe it is in process, manpower, machinery, instruments, technology, raw materials, suppliers, customer requirements, legal requirements, etc shall go through a defined change management process. One of the goals of ISO 9001:2015 is to enhance the requirements for addressing changes at the system and operational levels. The ISO 9001:2015 requirements provide a strong basis for a management system for business that supports the strategic direction of the organization. Once the organization has identified its context and interested parties and then identified the processes that support this linkage, addressing changes becomes an increasingly important component of continued success. Once processes are determined, an organization will need to identify the risks and opportunities associated with these processes. To achieve the benefits associated with the determination of risks and opportunities, changes may be needed. These changes can be related to any element of the process, such as inputs, resources, persons, activities, controls, measurements, outputs, etc. Change  process would include

• the change to be done
• changes initiated by
• reason for change
• changes reviewed by
• evaluation of change for consequences/effects on the overall performance of the quality system and further actions to be taken to resolve such effects
• resources required to make change
• skills required to make change
• the final decision for change approval
• change in documents as per change to be implemented.

Changes are intended to be beneficial to the organization and need to be carried out as determined by the organization. In addition, consideration of newly introduced risks and opportunities needs to be taken into account. To achieve the benefits associated with changes, the organization should consider all types of changes that may need to occur. These changes may be generated, for example, in:

• Processes
• Documented information
• Tooling
• Equipment
• Employee training
• Supplier selection
• Supplier management
• and many others

The successful management and control of these changes have become a core requirement within the organization’s QMS. These new requirements are referenced in ISO 9001:2015 as outlined below.

4.4.1 g)  The organization shall establish, implement, maintain and continually improve a quality management system. including the processes needed and their interactions. in accordance with the requirements of this International Standard. The organization shall determine the processes needed for the quality management system and their application throughout the organization, and shall evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;

5.3 e)  Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization. Top management shall assign the responsibility and authority for ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

6.3 Planning of changes
When the organization determines the need for changes to the quality management system, the changes shall be carried out in a planned and systematic manner (see 4.4).
The organization shall consider the:
a) purpose of the changes and their potential consequences;
b) integrity of the quality management system;
c) availability of resources;
d) allocation or reallocation of responsibilities and authorities.

8.1 Operational planning
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

 8.3.6 Design and development changes
The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services. to the extent necessary to ensure that there is no adverse impact on conformity to requirements. The organization shall retain documented information on:
a) design and development changes;
b] the results of reviews;
c) the authorization of the changes;
d] the actions are taken to prevent adverse impacts.

 8.5.6 Control of changes
The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements. The organization shall retain documented information describing the results of the review of changes, the persons authorizing the change, and any necessary actions arising from the review.

9.2.2 a) The organization shall plan, establish, implement and maintain an audit program (s) including the frequency, methods, responsibilities, planning requirements, and reporting. which shall take into consideration the importance of the processes concerned. changes affecting the organization. and the results of previous audits

9.3.2 b) The management review shall be planned and carried out taking into consideration changes in the external and internal issues that are relevant to the quality management systems.

9.3.3 b) The outputs of the management review shall include decisions and actions related to any need for changes to the quality management system;

10.2.1 f) When a nonconformity occurs, including any arising from complaints, the organization shall make changes to the quality management system, if necessary. 
Corrective actions shall be appropriate to the effects of the nonconformities encountered.

Things to consider when implementing the new requirement for Change

There are many triggers that can cause a change in the Quality Management System:

• Customer feedback
• Customer complaint
• Product failure
• Employee feedback
• Innovation
• Determined risk
• Determined opportunity
• Internal audit results
• Management review results
• Identified nonconformity
•  Many others

These recommendations are not necessarily applicable to every type of organization. Some changes need to be carefully managed while others can be safely ignored. In order to sort through this, the organization should consider a method to prioritize. To determine the priority, the organization should consider a methodology that allows them to take into account: Consequences of the change

• Likelihood of the consequence
• Impact on customers
• Impact on interested parties
• Impact on quality objectives
• Effectiveness of processes that are part of the QMS
• others

Typical steps to Implement changes

• Define the specifics of what is to be changed
• Have a plan (tasks, timeline, responsibilities, authorities, budget, resources, needed information, others)
• Engage other people as appropriate in the change process
• Develop a communication plan (appropriate people within the organization, customers, suppliers, interested parties, etc. may need to be informed)
• Use a cross-functional team review the plan to provide feedback related to the plan and associated risks
• Train people
• Measure the effectiveness
• What changes may need to be made?
• Change to a process (inputs, activities, outputs, controls, etc.)
• Communication with customers
• Communication with the supply chain
• Additional controls for processes
• Inspection
• Employee training
• Implement a new process
• Provide documented information
• Change existing documented information
• Improve employee competence
• Outsource a process
• Many others

Other considerations:

• Prior to making a change, the organization should consider unintended consequences
• After making a change the organization should monitor the change to determine its effectiveness and to identify any additional problems that might be created
• Records of some changes may be needed as part of the Quality Management System

Here are some tips and techniques to help you plan and implement your change in an effective, efficient and timely manner:

1. Change Must Be Realistic, Achievable, and Measurable
These aspects are especially relevant to managing personal change. Before starting organizational change, ask yourself: What do we want to achieve with this change, why, and how will we know that the change has been achieved? Who is affected by this change, and how will they react to it? These aspects also relate strongly to the management of personal as well as organizational change.

2. Start At The Top But Involve Every Layer
As change is unsettling for employees across all organizational levels, the introduction of ISO 9001:2015 will place a focus on the CEO and leadership team for strength, support, decisiveness, and direction. Initialising the changes must include plans for identifying leaders throughout the company and pushing responsibility for the design and implementation of the organization so that change systematically flows through the organization. At each layer of the organization, those managers and employees identified and trained must be aligned to the company’s vision, equipped to execute their specific mission, and motivated to make change happen.

3.  Risk Thinking through Change Management
Within ISO 9001:2015, many QMS managers and coordinators have faced the challenge of how to implement risk thinking and risk assessment in their Quality Management System. The answer is easy – Your Risk Management Will Be Included In Your Change Management! Firstly, you need to evaluate any planned changes by identifying the consequence and likelihood of potential risk related to every change. So in addition to identifying the benefit of every change, why not identify the risk involved with the change.
Some typical risks of the changes are:

• Resistance – Active and Passive
• Change Put On Hold
• Resources Not Made Available
• Costs / Time Runs Over Budget
• Obstacles Appear Unexpectedly
• Change Fails to Achieve Expected Results
• Side Effects of The Change

4. Make You Change Management Integrated
Due to continuous organizational changes in the life cycle of businesses, there will always be a basis for uncertainty within the businesses.  Why not bring these changes under one umbrella?
There are different internal and external sources initiating the change throughout the organization. Change management tool as a platform enables you to plan, control and manage every change need in the organization such as:–

• Strategic Business Changes
• Changes in Product, Processes or System
• Decisions Made (Management review meetings, board meeting, etc.)
• Objective and Targets (Quality, Safety or and business goals)
• Corrective (or preventive) Actions
• Respond to Customer Complaints or undesired situations
• Respond to Accidents, Incidents
• Suggestions and Recommendations for Improvement

Change Management in easy steps

Prepare a change register to address and keep control of every change. This register can be easily made by an excel sheet addressing the below items:

• What needs to be changed?
• Why is the change needed? Investigate causes in case of an incident or customer complaint.
• Existing Situation? What is the environment telling you prior to beginning implementation of the change?
•  Who is doing what? – Individuals & Teams
• What are the Resources Required? This includes cost, infrastructure, and human resources
• What are the Timings and Deadlines?
• What are your end objectives?
• What Are The Potential Risks?

Identifying and evaluating potential risks through determining the consequence and likelihood and contingency plan for each risk (See  9001:2015 Clause 6.1)

• Who / when / how will effectiveness and efficiency of change be monitored?
• Current and additional required knowledge (See ISo 9001:2015 Clause 7.1.6)

Implementing the Change Management tool will help you with every single change suggested in ISO 9001:2015 and will be good practice for any other change such as business needs and daily decisions. Effective change management will support a smooth transition from the old Quality Management system to the new one and will be a good practice to manage all the other changes in your organization in the future.

CHANGE MANAGEMENT PROCESS

The change management process is the sequence of steps or activities that a change management team follows to apply change management to a change in order to drive individual transitions and ensure the project meets its intended outcomes.

1. READINESS ASSESSMENTS

Assessments are tools used by a change management team or project leader to assess the organization’s readiness to change. Readiness assessments can include organizational assessments, culture and history assessments, employee assessments, sponsor assessments, and change assessments. Each tool provides the project team with insights into the challenges and opportunities they may face during the change process. What to assess:

Assess the scope of the change:

• How big is this change?
• How many people are affected?
• Is it a gradual or radical change?

Assess the readiness of the organization impacted by the change:

• What is the value-system and background of the impacted groups?
• How much change is already going on?
• What type of resistance can be expected?

You will also need to assess the strengths of your change management team and change sponsors, then take the first steps to enable them to effectively lead the change process.

2. COMMUNICATION & COMMUNICATION PLANNING

Many managers assume that if they communicate clearly with their employees, their job is done. However, there are many reasons why employees may not hear or understand what their managers are saying the first time around. In fact, you may have heard that messages need to be repeated five to seven times before they are cemented into the minds of employees.

Three components of effective communication

1. The audience
2. What is communicated
3. When it is communicated

For example, the first step in managing change is building awareness around the need for change and creating a desire among employees. Therefore, initial communications are typically designed to create awareness around the business reasons for change and the risk of not changing. Likewise, at each step in the process, communications should be designed to share the right messages at the right time. Communication planning, therefore, begins with a careful analysis of the audiences, key messages, and the timing for those messages. The change management team or project leaders must design a communication plan that addresses the needs of frontline employees, supervisors, and executives. Each audience has particular needs for information based on their role in the implementation of the change.

3. SPONSOR ACTIVITIES & SPONSOR ROADMAPS

Business leaders and executives play a critical sponsor role in times of change. The change management team must develop a plan for sponsor activities and help key business leaders to carry out these plans. Research shows that sponsorship is the most important success factor.

Avoid confusing the notion of sponsorship with support

The CEO of the company may support your project, but that is not the same as sponsoring your initiative. Sponsorship involves active and visible participation by senior business leaders throughout the process, building a coalition of support among other leaders, and communicating directly with employees. Unfortunately, many executives do not know what this sponsorship looks like. A change manager or project leader’s role includes helping senior executives do the right things to sponsor the project.

4. CHANGE MANAGEMENT TRAINING FOR MANAGERS

Managers and supervisors play a key role in managing change. Ultimately, the manager has more influence over an employee’s motivation to change than any other person. Unfortunately, managers can be the most difficult group to convince of the need for change and can be a source of resistance. It is vital for the change management team and executive sponsors to gain the support of managers and supervisors. Individual change management activities should be used to help these managers through the change process. Once managers and supervisors are on board, the change management team must prepare a strategy to equip managers to successfully coach their employees through the change. They will need to provide training and guidance for managers, including how to use individual change management tools with their employees.

5. TRAINING DEVELOPMENT AND DELIVERY

Training is the cornerstone for building knowledge about the change and the required skills to succeed in the future state. Ensuring impacted people receive the training they need at the right time is a primary role of change management. This means training should only be delivered after steps have been taken to ensure impacted employees have the awareness of the need for change and the desire to support the change. Change management and project team members will develop training requirements based on the skills, knowledge, and behaviors necessary to implement the change. These training requirements will be the starting point for the training group or the project team to develop and deliver training programs.

6. RESISTANCE MANAGEMENT

Resistance from employees and managers is normal and can be proactively addressed. Persistent resistance, however, can threaten a project. The change management team needs to identify, understand and help leaders manage resistance throughout the organization. Resistance management is the processes and tools used by managers and executives with the support of the change team to manage employee resistance.

7. EMPLOYEE FEEDBACK AND CORRECTIVE ACTION

Managing change is not a one-way street; employee involvement is a necessary and integral part of managing change. Feedback from employees as a change is being implemented is a key element of the change management process. Change managers can analyze feedback and implement corrective action based on this feedback to ensure full adoption of the changes.

8. RECOGNIZING SUCCESS REINFORCING CHANGE

Early adoption, successes, and long-term wins must be recognized and celebrated. Individual and group recognition is a necessary component of change management in order to cement and reinforce the change in the organization. Continued adoption needs to be monitored to ensure employees do not slip back into their old ways of working.

9. AFTER-PROJECT REVIEW

The final step in the change management process is the after-action review. It is at this point that you can stand back from the entire program, evaluate successes and failures, and identify process changes for the next project. This is part of the ongoing, continuous improvement of change management for your organization and ultimately leads to change competency. These elements comprise the areas or components of a change management program. Along with the change management process, they create a system for managing change. Good project managers apply these components effectively to ensure project success, avoid the loss of valued employees and minimize the negative impact of the change on productivity and a company’s customers.

INTRODUCTION

Risk management principles are effectively utilized in many areas of business and government including finance, insurance, occupational safety, public health, pharmaceutical, pharmacovigilance, and by agencies regulating these industries. Risk is defined as the combination of the probability of occurrence of harm and the severity of that harm. However, achieving a shared understanding of the application of risk management among diverse stakeholders is difficult because each stakeholder might perceive different potential harms, place a different probability on each harm occurring and attribute different severities to each harm.

PRINCIPLES OF QUALITY RISK MANAGEMENT

Two primary principles of quality risk management are:

• The evaluation of the risk to quality should be based on scientific knowledge  and
• The level of effort, formality, and documentation of the quality risk management process should be commensurate with the level of risk.

GENERAL QUALITY RISK MANAGEMENT PROCESS

Quality risk management is a systematic process for the assessment, control, communication, and review of risks to the quality of product across the product life-cycle.  A model for quality risk management is outlined in the diagram. Other models could be used. The emphasis on each component of the framework might differ from case to case but a robust process will incorporate consideration of all the elements at a level of detail that is commensurate with the specific risk.

Overview of a typical quality risk management process

Decision nodes are not shown in the diagram above because decisions can occur at any point in the process. These decisions might be to return to the previous step and seek further information, to adjust the risk models, or even to terminate the risk management process based upon information that supports such a decision. Note: “unacceptable” in the flowchart does not only refer to statutory, legislative, or regulatory requirements but also indicates that the risk assessment process should be revisited.

Responsibilities

Quality risk management activities are usually, but not always, undertaken by interdisciplinary teams. When teams are formed, they should include experts from the appropriate areas such as quality unit, business development, engineering, regulatory affairs, production operations, sales and marketing, legal, statistics,  in addition to individuals who are knowledgeable about quality risk management process.

Decision-makers should

• take responsibility for coordinating quality risk management across various functions and departments of their organization and
• ensure that a quality risk management process is defined, deployed, and reviewed and that adequate resources are available.

Initiating a Quality Risk Management Process

Quality risk management should include systematic processes designed to coordinate, facilitate and improve science-based decision making with respect to risk. Possible steps used to initiate and plan a quality risk management process might include the following:

• Define the problem and/or risk question, including pertinent assumptions identifying the potential for risk
• Assemble background information and/or data on the potential hazard, harm or human health impact relevant to the risk assessment
• Identify a leader and critical resources
• Specify a timeline, deliverables, and appropriate level of decision making for the risk management process

Risk Assessment

Risk assessment consists of the identification of hazards and the analysis and evaluation of risks associated with exposure to those hazards. Quality risk assessments begin with a well-defined problem description or risk question. When the risk in question is well defined, an appropriate risk management tool and the types of information that will address the risk question will be more readily identifiable. As an aid to clearly defining the risk for risk assessment purposes, three fundamental questions are often helpful:

1. What might go wrong?
2. What is the likelihood (probability) it will go wrong?
3. What are the consequences (severity)?

Risk identification

Risk identification is a systematic use of information to identify hazards referring to the risk question or problem description. Information can include historical data, theoretical analysis, informed opinions, and the concerns of stakeholders. Risk identification addresses the “What might go wrong?” question, including identifying the possible consequences. This provides the basis for further steps in the quality risk management process.

Risk analysis

Risk analysis is the estimation of the risk associated with the identified hazards. It is the qualitative or quantitative process of linking the likelihood of occurrence and severity of harm. In some risk management tools, the ability to detect harm (detectability) also factors in the estimation of risk.

Risk evaluation

Risk evaluation compares the identified and analyzed risk against given risk criteria.  Risk evaluations consider the strength of evidence for all three of the fundamental questions. In doing an effective risk assessment, the robustness of the data set is important because it determines the quality of the output. Revealing assumptions and reasonable sources of uncertainty will enhance confidence in this output and/or help identify its limitations. Uncertainty is due to a combination of incomplete knowledge about a process and its expected or unexpected variability. Typical sources of uncertainty include gaps in knowledge, gaps in process understanding, sources of harm (e.g., failure modes of a process, sources of variability), and the probability of detection of problems.

The output of a risk assessment is either a quantitative estimate of risk or a qualitative description of a range of risks. When the risk is expressed quantitatively, a numerical probability is used. Alternatively, risk can be expressed using qualitative descriptors, such as “high,” “medium,” or “low,” which should be defined in as much detail as possible. Sometimes a risk score is used to further define descriptors in risk ranking. In quantitative risk assessments, a risk estimate provides the likelihood of a specific consequence, given a set of risk-generating circumstances. Thus, quantitative risk estimation is useful for one particular consequence at a time. Alternatively, some risk management tools use a relative risk measure to combine multiple levels of severity and probability into an overall estimate of relative risk. The intermediate steps within a scoring process can sometimes employ quantitative risk estimation.

Risk Control

Risk control includes decision-making to reduce and/or accept risks. The purpose of risk control is to reduce the risk to an acceptable level. The amount of effort used for risk control should be proportional to the significance of the risk. Decision-makers might use different processes, including benefit-cost analysis, for understanding the optimal level of risk control. Risk control might focus on the following questions:

• Is the risk above an acceptable level?
• What can be done to reduce or eliminate risks?
• What is the appropriate balance among benefits, risks, and resources?
• Are new risks introduced as a result of the identified risks being controlled?

Risk reduction focuses on processes for mitigation or avoidance of quality risk when it exceeds a specified (acceptable) level. Risk reduction might include actions taken to mitigate the severity and probability of harm. Processes that improve the detectability of hazards and quality risks might also be used as part of a risk control strategy. The implementation of risk reduction measures can introduce new risks into the system or increase the significance of other existing risks. Hence, it might be appropriate to revisit the risk assessment to identify and evaluate any possible change in risk after implementing a risk reduction process.

Risk acceptance is a decision to accept risk. Risk acceptance can be a formal decision to accept the residual risk or it can be a passive decision in which residual risks are not specified. For some types of harm, even the best quality risk management practices might not entirely eliminate risk. In these circumstances, it might be agreed that an appropriate quality risk management strategy has been applied and that quality risk is reduced to a specified (acceptable) level. This (specified) acceptable level will depend on many parameters and should be decided on a case-by-case basis.

Risk Communication

Risk communication is the sharing of information about risk and risk management between the decision-makers and others. Parties can communicate at any stage of the risk management process. The output/result of the quality risk management process should be appropriately communicated and documented.  Communications might include those among interested parties (e.g., regulators, industry, within a company, industry, or regulatory authority). The included information might relate to the existence, nature, form, probability, severity, acceptability, control, treatment, detectability, or other aspects of risks to quality. Communication need not be carried out for each and every risk acceptance. Between the industry and regulatory authorities, communication concerning quality risk management decisions might be affected through existing channels as specified in regulations and guidance.

Risk Review

Risk management should be an ongoing part of the quality management process. A mechanism to review or monitor events should be implemented. The output/results of the risk management process should be reviewed to take into account new knowledge and experience. Once a quality risk management process has been initiated, that process should continue to be utilized for events that might impact the original quality risk management decision, whether these events are planned (e.g., results of the product review, inspections, audits, change control) or unplanned (e.g., root cause from failure investigations, recall). The frequency of any review should be based upon the level of risk. Risk review might include reconsideration of risk acceptance decisions.

RISK MANAGEMENT METHODS AND TOOLS

Quality risk management supports a scientific and practical approach to decision-making. It provides documented, transparent, and reproducible methods to accomplish steps of the quality risk management process based on current knowledge about assessing the probability, severity, and, sometimes, detectability of the risk. Traditionally, risks to quality have been assessed and managed in a variety of informal ways (empirical and/or internal procedures) based on, for example, a compilation of observations, trends, and other information. Such approaches continue to provide useful information that might support topics such as handling of complaints, quality defects, deviations, and allocation of resources. An organization can assess and manage risk using recognized risk management tools and/or internal procedures (e.g., standard operating procedures). Below is a non-exhaustive list of some of these tools

1. Basic Risk Management Facilitation Methods

   Some of the simple techniques that are commonly used to structure risk management by organizing data and facilitating decision making are:

   • Flowcharts
   • Check Sheets
   • Process Mapping
   • Cause and Effect Diagrams (also called an Ishikawa diagram or fishbone diagram)

2. Hazard Analysis and Critical Control Points (HACCP)

   HACCP is a systematic, proactive, and preventive tool for assuring product quality, reliability, and safety). It is a structured approach that applies technical and scientific principles to analyze, evaluate, prevent, and control the risk or adverse consequence(s) of hazard(s) due to the design, development, production, and use of products.

   HACCP consists of the following seven steps:

   1. conduct a hazard analysis and identify preventive measures for each step of the process
   2. determine the critical control points
   3. establish critical limits
   4. establish a system to monitor the critical control points
   5. establish the corrective action to be taken when monitoring indicates that the critical control points are not in a state of control
   6. establish a system to verify that the HACCP system is working effectively

3. Preliminary Hazard Analysis (PHA)

   PHA is a tool of analysis based on applying prior experience or knowledge of a hazard or failure to identify future hazards, hazardous situations, and events that might cause harm, as well as to estimate their probability of occurrence for a given activity, facility, product, or system. The tool
   consists of:

   1. the identification of the possibilities that the risk event happens,
   2. the qualitative evaluation of the extent of possible injury or damage to health that could result,
   3. a relative ranking of the hazard using a combination of severity and likelihood of occurrence, and

4. Supporting Statistical Tools

   Statistical tools can support and facilitate quality risk management. They can enable effective data assessment, aid in determining the significance of the data set(s), and facilitate more reliable decision making. A listing of some of the principal statistical tools commonly used  is provided:

   • Control charts, for example, Acceptance control charts, Control charts with arithmetic average and warning limits, Cumulative sum charts, Shewhart control charts, Weighted moving average.
   • Design of experiments (DOE)
   • Histograms
   • Pareto charts
   • Process capability analysis

ISO 9001:2015 – Risk-Based Thinking

One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to risk, rather than treating it as a single component of a quality management system. In previous editions of ISO 9001, a clause on preventive action was separated from the whole. Now the risk is considered and included throughout the standard.  By taking a risk-based approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement. Preventive action is automatic when a management system is risk-based. Risk-based thinking is something we all do automatically and often sub-consciously. for e.g, if I wish to cross a road I look for traffic before I begin. I will not step in front of a moving car. The concept of risk has always been implicit in ISO 9001 – this revision makes it more explicit and builds it into the whole management system. The risk is considered from the beginning and throughout the standard, making preventive action part of strategic planning as well as operation and review.  Risk-based thinking is already part of the process approach. For e.g to cross the road I may go directly or I may use a nearby footbridge. Which process I choose will be determined by considering the risks.  Risk-based thinking makes preventive action part of the routine.  Risk is often thought of only in a negative sense. Risk-based thinking can also help to identify opportunities. This can be considered to be the positive side of risk.  Crossing the road directly gives me an opportunity to reach the other side quickly, but there is an increased risk of injury from moving cars.  The risk of using a footbridge is that I may be delayed. The opportunity of using a footbridge is that there is less chance of being injured by a car. Opportunity is not always directly related to risk but it is always related to the objectives. By considering a situation it may be possible to identify opportunities to improve. The opportunities for improvement, a subway leading directly under the road, pedestrian traffic lights, or  diverting the road so that the area has no traffic. It is necessary to analyze the opportunities and consider which can or should be acted on. Both the impact and feasibility of taking an opportunity must be considered. Whatever action is taken will change the context and the risks and these must then be reconsidered.

Identify what your risks are – it depends on context

Example:

If I cross a busy road with many fast-moving cars the risks are not the same as if the road is small with very few moving cars. It is also necessary to consider such things as weather, visibility, personal mobility, and specific personal objectives.

Understand your risks

What is acceptable, what is unacceptable? What advantages or disadvantages are there to one process over another?

Example:

Objective:  I need to safely cross a road to reach a meeting at a given time.

• It is UNACCEPTABLE to be injured.
• It is UNACCEPTABLE to be late.

Reaching my goal more quickly must be balanced against the likelihood of injury. It is more important that I reach my meeting uninjured than it is for me to reach my meeting on time. It may be ACCEPTABLE to delay arriving at the other side of the road by using a footbridge if the likelihood of being injured by crossing the road directly is high. I analyze the situation. The footbridge is 200 meters away and will add time to my journey. The weather is good, the visibility is good and I can see that the road does not have many cars at this time.  I decide that walking directly across the road carries an acceptably low level of risk of injury and will help me reach my meeting on time.

The Main Objectives Of ISO 9001 to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services and to enhance customer satisfaction. The concept of “risk” in the context of ISO 9001 relates to the uncertainty in achieving these objectives.

Plan actions to address the risks

How can I avoid or eliminate the risk? How can I mitigate risks?

Example:

I could eliminate the risk of injury caused by being hit by a vehicle if I use the footbridge but I have already decided that the risk involved in crossing the road is acceptable. Now I plan how to reduce either the likelihood or the impact of the injury. I cannot reasonably expect to control the impact of a car hitting me. I can reduce the probability of being hit by a car.  I plan to cross at a time when there are no cars moving near me and so reduce the likelihood of an accident. I also plan to cross the road at a place where I have good visibility.

Implement the plan – take action

Example:

 I move to the side of the road, check there are no barriers to the crossing. I check there are no cars coming. I continue to look for cars whilst crossing the road.

Check the effectiveness of the action – does it work?

Example:

 I arrive at the other side of the road unharmed and on time:  this plan worked and undesired effects have been avoided.

Learn from experience – improve

Example:

I repeat the plan over several days, at different times and in different weather conditions. This gives me data to understand that changing context (time, weather, the quantity of cars) directly affects the effectiveness of the plan and increases the probability that I will not achieve my objectives (being on time and avoiding injury). Experience teaches me that crossing the road at certain times of the day is very difficult because there are too many cars. To limit the risk I revise and improve my process by using the footbridge at these times.  I continue to analyze the effectiveness of the processes and revise them when the context changes.  I also continue to consider innovative opportunities:

• can I move the meeting place so that the road does not have to be crossed?
• can I change the time of the meeting so that I cross the road when it is quiet?
• can we meet electronically?

DEFINITIONS

ISO 9001:2015 defines risk as to the effect of uncertainty on an expected result.

1. An effect is a deviation from the expected – positive or negative.
2. Risk is about what could happen and what the effect of this happening might be.
3. Risk also considers how likely it is.

The target of a management system is to achieve conformity and customer satisfaction.

Explanation:

Risk is the possibility of events or activities impeding the achievement of an organization’s strategic and operational objectives. It is the volatility of potential outcomes. Risk can be defined by two  parameters

• Severity (This is the Seriousness of the harm)
• Probability (This is the Probability that the harm will occur)

Risk as Currently Stated in ISO 9001:2015

ISO 9001:2015 uses risk-based thinking to achieve this in the following way:

• Clause 4 (Context) the organization is required to determine the risks which may affect this. The organization is also required to determine its QMS processes and to address its risks and opportunities
• Clause 5 (Leadership) top management are required to commit to ensuring Clause 4 is followed. Top management is required to
  • Promote awareness of risk-based thinking
  • Determine and address risks and opportunities that can affect product /service conformity
• Clause 6 (Planning)  The organization is required to identify risks and opportunities related to QMS performance and take appropriate actions to address them
• Clause 7 (Support) the organization is required to determine and provide necessary resources (risk is implicit whenever “suitable” or “appropriate” is mentioned)
• Clause 8 (Operation)the organization is required to manage its operational processes (risk is implicit whenever “suitable” or “appropriate” is mentioned). The organization is required to implement processes to address risks and opportunities.
• Clause 9 (Performance evaluation) the organization is required to monitor, measure, analyze and evaluate the risks and opportunities.
• Clause 10 (Improvement) the organization is required to correct, prevent or reduce undesired effects and improve the QMS and update risks and opportunities.

ISO 9001:2015 subclause 4.4.1—QMS and it processes

“ The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard. The organization shall determine the processes needed for the quality management system and their application throughout the organization and shall determine: organization shall: address the risks and opportunities as determined in accordance with the requirements of 6.1″

The organization must integrate the actions to address risks and opportunities into its QMS processes using the PDCA cycle. Not all processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives and the effects of uncertainty are not the same for all organizations. Each organization is therefore responsible for the extent it applies risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks. 5.1.2—Leadership and commitment with respect to the needs and expectations of customers

ISO 9001:2015 subclause 5.1.1—General under leadership and commitment

“Top management shall demonstrate leadership and commitment with respect to the quality management system by d) promoting the use of the process approach and risk-based thinking;“

ISO 9001:2015 requires that when planning its QMS, the top management must implement and promote a culture of risk-based thinking throughout the organization to determine and address the risks and opportunities associated with providing assurance that the QMS can achieve its intended result(s); provide conforming products and services, enhance customer satisfaction; promote desirable effects and improvement; and prevent, or mitigate, undesired effects.

ISO 9001:2015 subclause 5.1.2—Customer focus

“Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
b) the risks and opportunities that can affect conformity of products and services and ability to enhance customer satisfaction are determined and addressed;”

This can be achieved by establishing process capabilities for each process from manufacturing and assembly to packaging and product delivery and installation. The computation of a simple indicator of process capability (Cp) or the adjustment of the process capability toward a specification (Cpk) would help managers quantify their process risk. The objective would be to achieve the highest economically feasible capability for each process, thus minimizing the risk of producing so-called unintended output.

6.1—Actions to address risks and opportunities

6.1.1 “When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
a) giving assurance that the quality management system can achieve its intended result(s)
b) enhance desirable effects
c) prevent, or reduce, undesired effects, and
d) achieve improvement.”
6.1.2 “The organization shall plan:
a) actions to address these risks and opportunities, and
b) how to
1) integrate and implement the actions into its quality management system processes (see 4.4), and
2) evaluate the effectiveness of these actions.
Any actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of goods and services and customer satisfaction.”

The organization must integrate the actions to address these risks and opportunities into its QMS processes using the PDCA cycle. Not all processes of a quality management system represent the same level of risk in terms of the organization’s ability to meet its objectives and the effects of uncertainty are not the same for all organizations.  Each organization is therefore responsible for the extent it applies risk-based thinking and the actions it takes to address risk, including whether or not to retain documented information as evidence of its determination of risks.  When planning its QMS, the organization must consider the risks and opportunities presented by external and internal issues as well as the needs and expectations of interested parties, relevant to its purpose and strategic direction, Means to address risks may include avoiding risk, taking a risk in order to avail an opportunity, removing the source of the risk, changing the likelihood or consequences, sharing the risk, or making an informed decision to retain the risk. Opportunities can derive from favorable circumstances that can lead to the use of new practices, launch new products, enter new markets, address new clients, reduce waste or improve productivity, grow relationships, use new technology, and other desirable and viable opportunities to facilitate the organization in achieving its strategic direction and enhance customer satisfaction.

9.1.3 – Analysis and evaluation

“The organization shall analyze and evaluate appropriate data and information arising from monitoring and measurement. The results of the analysis shall be used to evaluate: e) the effectiveness of actions taken to address risks and opportunities;”

Planning also requires monitoring and measuring these actions and gathering, analyzing, and evaluating appropriate data and information to determine the effectiveness of such actions.

9.3.2 – Management review Inputs

” The management review shall be planned and carried out taking into consideration:  e) the effectiveness of actions taken to address risks and opportunities (see 6.1)“

This planning must be periodically reviewed and updated as necessary when taking corrective actions or at management reviews. These actions must be proportional to the potential impact on the conformity of products and services.

10.2.1- Non Conformity and Corrective action

“When a nonconformity occurs, including any arising from complaints, the organization shall:
e) update risks and opportunities determined during planning, if necessary;”
One could do failure mode effects and analysis (FMEA) to show that the risk-priority number has decreased as a result of a process change. This would not be difficult to do but full of uncertainties because FMEA is based on subjective assessment.

Use of risk based thinking.

By considering risk-based thinking throughout the organization the likelihood of achieving stated objectives is improved, the output is more consistent and customers can be confident that they will receive the expected product or service.

Risk-based thinking, therefore:

• builds a strong knowledge base
• establishes a proactive culture of improvement
• assures consistency of quality of goods or services
• improves customer confidence and satisfaction

Use of Risk Register

The risk register or risk log becomes essential as it records identified risks, their severity, and the actions steps to be taken. It can be a simple document, spreadsheet, or database system, but the most effective format is a table.  A table presents a great deal of information in just a few pages. There is no standard list of components that should be included in the risk register. Some of the most widely used components are:

• Dates: As the register is a living document, it is important to record the date that risks are identified or modified. Optional dates to include are the target and completion dates.
• Description of the Risk: A phrase that describes the risk.
• Risk Type (business, project, stage):  Business risks relate to the delivery of achieved benefit;, project risks relate to the management of the project such as timeframes and resources, and stage risks are risks associated with a specific stage of the plan.
• Likelihood of Occurrence: Provides an assessment on how likely it is that this risk will occur. Examples are L-Low >30%)(, M-Medium (31- 70%), H-High (>70%).
• The severity of Effect: Provides an assessment of the impact that the occurrence of this risk would have on the project.
• Countermeasures: Actions to be taken to prevent, reduce, or transfer the risk. This may include the production of contingency plans.
• Owner: The individual responsible for ensuring that risks are appropriately engaged with countermeasures undertaken.
• Status: Indicates whether this is a current risk or if the risk can no longer arise and impact the project. Example classifications are C-current or E-ended.
• Other columns such as quantitative value can also be added if appropriate.

Risk-driven approach in  organizational processes.

Identify what risks and opportunities are – it depends on the context. For example, If I cross a busy road with many fast-moving cars the risks are not the same as if the road is small with very few moving cars. It is also necessary to consider such things as weather, visibility, personal mobility, and specific personal objectives.

1. Analyze and prioritize your risks and opportunities. What risk is acceptable, what is unacceptable? What advantages or disadvantages are there to one process over another? for  Example If  I need to safely cross a road to reach a meeting at a given time. It is UNACCEPTABLE to be injured. It is UNACCEPTABLE to be late. The opportunity of reaching my goal more quickly must be balanced against the likelihood of injury. It is more important that I reach my meeting uninjured than it is for me to reach my meeting on time. It may be ACCEPTABLE to delay arriving at the other side of the road by using a footbridge if the likelihood of being injured by crossing the road directly is high. I analyze the situation. The footbridge is 200 meters away and will add time to my journey. The weather is good, the visibility is good and I can see that the road does not have many cars at this time. I decide that walking directly across the road carries an acceptably low level of risk of injury and an opportunity to reach my meeting on time.
2. Plan actions to address the risks How can I avoid or eliminate the risk? How can I mitigate risks? For example, I could eliminate the risk of injury by using the footbridge but I have already decided that the risk involved in crossing the road is acceptable. Now I plan how to reduce the likelihood of injury and/or the effect of an injury. I cannot reasonably expect to control the effect of a car hitting me. I can reduce the probability of being hit by a car. I plan to cross at a time when there are no cars moving near me and so reduce the likelihood of an accident. I also choose to cross the road at a place where I have good visibility and can safely stop in the middle to re-assess the number of moving cars, further reducing the probability of an accident
3. Implement the plan – take action For example I move to the side of the road, check there are no barriers to the crossing and that there is a safe place in the center of the moving traffic. I check there are no cars coming. I cross half of the road and stop in the central safe place. I assess the situation again and then cross the second part of the road.
4. Check the effectiveness of the actions – does it work? For Example, I arrive at the other side of the road unharmed and on time: this plan worked and undesired outcomes have been avoided.
5. Learn from experience – continual improvement, For example, I repeat the plan over several days, at different times, and in different weather conditions. This gives me data to understand that changing context (time, weather, the quantity of cars) directly affects the effectiveness of the plan and increases the probability that I will not achieve my objectives of being on time and avoiding injury. Experience teaches me that crossing the road at certain times of the day is very difficult because there are too many cars. To limit the risk I revise and improve my process by using the footbridge at these times.  continue to analyze the effectiveness of the processes and revise them when the context changes. I also continue to consider innovative opportunities such as Can I move the meeting place so that the road does not have to be crossed? Can I change the time of the meeting so that I cross the road when it is quiet? Can we meet electronically?