BookPDF Available

Quality Management Systems (ISO 9001:2015)

Authors:

Abstract and Figures

The agro-food sector is of major importance in many economies worldwide. In many countries the food and drink industry is a leading industrial sector. Food is a serious component of everybody daily life activities and it is recognized the contribution of safe food to a healthy life. For this reason, food safety and the protection of end consumer health is of increasing concern not only for the consumers but also for governments, professional associations and all organizations involved in the food chain from the primary production to retailers and other food businesses that put food products at the disposal of the population. Food safety is used as a scientific discipline describing the handling, preparation, and storage of food in ways that prevent food-borne illness. This includes a number of routines that should be followed to avoid potential hazards. Food safety considerations include among others, the origins of food, the practices related with food labeling, food hygiene, food additives, control of hazards and good manufacturing practices. The prevention of the multiple type of hazards with very distinctive origins requires a comprehensive and integrated approach to food safety in order to address food safety risks in every day more complex and globalized food chains. All actors in a food chain have a responsibility to ensure the safety of food products at the stages of intervention, irrespective of the nature of the activities they carry out. This book is one of a collection that aims to facilitate to the users the understanding of relevant issues related with food safety.
Content may be subject to copyright.
Quality Management
Systems (ISO 9001:2015)
Fahmi Abu Al-Rub
GAVIN
CONFERENCES & PUBLISHERS
III
Quality Management Systems (ISO 9001:2015)
Editors
Prof. Fahmi Abu Al-Rub
FOODQA Coordinator. Director of the Applied Scientic Research Fund, and Professor at Jordan
University of Science and Technology in Jordan
Penelope Shibhab
CEO of Jordan. Co for Antibody Production-MONOJO
Safwan Abu Al-Rub
M.D, Researcher at Jordan. Co for Antibody Production-MONOJO
ISBN: 978-1-951814-01-4
DOI: 10.29011/978-1-951814-01-4-002
Published: June 2020
Published by GAVIN eBooks
5911 Oak Ridge Way,
Lisle, IL 60532,
USA
IV
Copyright © 2019 GAVIN eBooks
All the book chapters are distributed under the Creative Commons
(CC BY) license and CC BY-Noncommercial (CC BY-NC) license, which
ensures maximum dissemination and a wider impact of our publications.
However, users who aim to disseminate and distribute copies of this
book as a whole must not seek monetary compensation for such service
(excluded GAVIN representatives and agreed collaborations). After this
work has been published by GAVIN, authors have the right to republish
it, in whole or part, in any publication of which they are the author, and
to make other personal use of the work. Any republication, referencing
or personal use of the work must explicitly identify the original source.
Notice:
Statements and opinions expressed in the book are these of the individual
contributors and not necessarily those of the editors or publisher. No
responsibility is accepted for the accuracy of information contained in
the published chapters. The publisher assumes no responsibility for any
damage or injury to persons or property arising out of the use of any
materials, instructions, methods or ideas contained in the book.
Additional printed copies of orders can be obtained @
https://gavinpublishers.com/ebooks/index
V
INDEX
Introduction
Chapter 1 – What Is Quality All About
1.1 Quality Management Standard, ISO 9001:2015
1.2 History Of Quality Management Standard ISO 9001
1.2.1 A Historic Review
1.2.2. e Recent Years
Chapter 2 – e Seven (7) Quality Management Principles
2.1 Customer Focus
2.1.1 Introduction
2.1.2 Rationale
2.1.3 Explanation
2.1.4 Sources
2.1.5 Typical Actions
2.1.6 Proposed Steps
2.1.7 Key Benets
2.2 Leadership
2.2.1 Introduction
2.2.2 Rationale
2.2.3 Explanation
2.2.4 Sources
2.2.5 Typical Actions
2.2.6 Proposed Steps
2.2.7 Key Benets
2.3 Engagement of People
2.3.1 Introduction
2.3.2 Rationale
2.3.3 Explanation
2.3.4 Sources
2.3.5 Typical Actions
2.3.6 Proposed Steps
2.3.7 Key Benets
2.4 Process Approach
2.4.1 Introduction
2.4.2 Rationale
2.4.3 Explanation
2.4.4 Sources
2.4.5 Typical Actions
2.4.6 Proposed Steps
2.4.7 Key Benets
VI
2.5 Improvement
2.5.1 Introduction
2.5.2 Rationale
2.5.3 Explanation
2.5.4 Sources
2.5.5 Typical Actions
2.5.6 Proposed Steps
2.5.7 Key Benets
2.6 Evidence – Based Decision Making
2.6.1 Introduction
2.6.2 Rationale
2.6.3 Explanation
2.6.4 Sources
2.6.5 Typical Actions
2.6.6 Proposed Steps
2.6.7 Key Benets
2.7 Relationship Management
2.7.1 Introduction
2.7.2 Rationale
2.7.3 Explanation
2.7.4 Sources
2.7.5 Typical Actions
2.7.6 Proposed Steps
2.7.7 Key Benets
Chapter 3 – How A Company Can Get Started
3.1 How I Can Get Started
3.2 Steps To Be Undertaken
3.3 Steps Toward Certication
3.4 What Is Accreditation
Chapter 4 – How e Standard Is Structured
4.1 What Is ISO 9001:2015
4.2 What Is Needed For ISO 9001:2015 Certication
4.3 How e Standard Is Structured
4.4 ISO 9001:2015 Clauses
4.4.1 0.1 General
4.4.2 Clauses (1-3)
4.4.2.1 Scope
4.4.2.2 Normative References
4.4.2.3 Terms And Denitions
4.4.3 Clause 4 Context of e Organization
4.4.4 Clause 5 Leadership
4.4.4.1 Leadership and Commitment
4.4.4.2 Policy
VII
4.4.5 Clause 6 Planning
4.4.5.1 Actions To Address Risks and Opportunities
4.4.5.2 Quality Objectives and Planning To Achieve em
4.4.5.3 Planning of Changes
4.4.6 Clause 7 Support
4.4.6.1 Resources
4.4.6.2 Monitoring and Measuring Resources
4.4.6.3 Competence
4.4.6.4 Awareness
4.4.6.5 Communication
4.4.6.6 Documented Information
4.4.7 Clause 8 Operation
4.4.7.1 Operational Planning and Control
4.4.7.2 Requirements For Products and Services
4.4.7.3 Design and Development of Products and Services
4.4.7.4 Control of Externally Provided Processes, Products and Services
4.4.7.5 Production And Service Provision
4.4.7.6 Release of Products And Services
4.4.7.7 Control of Nonconforming Outputs
4.4.8 Clause 9 Performance Evaluation
4.4.8.1 Monitoring, Measurement, Analysis and Evaluation
4.4.8.2 Internal Audit
4.4.8.3 Management Review
4.4.9 Clause 10 Improvement
4.4.9.1 General
4.4.9.2 Nonconformity and Corrective Action
4.4.9.3 Continual Improvement
4.4.10 Structure and Terminology
Chapter 5 – Major Dierences Between ISO 9001:2008 & ISO 9001:2015
5.1 What are e Main Dierences Between ISO 9001:2008 and ISO 9001:2015
5.2 Transition From ISO 9001:2008 To ISO 9001:2015
Chapter 6 – e Impact Of ISO 9001:2015 on ISO 22000 and Food Safety Management Systems
6.1 Introduction
6.2 Denition of ISO 22000
6.3 Impact Eect of ISO 9001: 2015 on ISO 22000
6.3.1 High Level Structure
6.3.2 Risk-Based inking
6.3.3 e Pdca Cycle
6.3.4 Documentation
6.3.5 Terminology
Chapter 7 – Case Studies:
European Food Companies at Have Implemented ISO 9001 Quality Systems
7.1. Statistical Data For ISO 9001
7.2 A Short Overview of e Implementation of e ISO Standard In e Food Sector
VIII
PREFACE
The agro-food sector is of major importance in many economies worldwide. In many countries the food
and drink industry is a leading industrial sector. Food is a serious component of everybody daily life
activities and it is recognized the contribution of safe food to a healthy life. For this reason, food safety
and the protection of end consumer health is of increasing concern not only for the consumers but also
for governments, professional associations and all organizations involved in the food chain from the
primary production to retailers and other food businesses that put food products at the disposal of the
population. Food safety is used as a scientic discipline describing the handling, preparation, and storage
of food in ways that prevent food-borne illness. This includes a number of routines that should be
followed to avoid potential hazards. Food safety considerations include among others, the origins of
food, the practices related with food labeling, food hygiene, food additives, control of hazards and good
manufacturing practices. The prevention of the multiple type of hazards with very distinctive origins
requires a comprehensive and integrated approach to food safety in order to address food safety risks
in every day more complex and globalized food chains. All actors in a food chain have a responsibility to
ensure the safety of food products at the stages of intervention, irrespective of the nature of the activities
they carry out. This book is one of a collection that aims to facilitate to the users the understanding of
relevant issues related with food safety.
IX
ACKNOWLEDGEMENT
The authors wish to acknowledge the European Commission Education, Audiovisual and Culture
Executive Agency (EACEA), Managing programmes and activities on behalf of the European Commission
Erasmus+ for co-funding the project: “Fostering Academia Industry Collaboration in Food Safety and
Quality-FOODQA: 574010-EPP-1-2016-1-JO-EPPKA2-CBHE-JP”
X
DeDication
To,
Our beloved teams at MonoJo Biotech and the Jordan University of Science and
Technology (JUST) and everyone who contributed towards the success of this series
of e-books.
This series of e-books has been prepared for the FOODQA Project which was co-
funded by EU through Erasmus+.
The series of e-books has been composed with passion and is available for public
access to provide a high quality reference on the best practices in food quality and
safety that can be used by the food industry, relevant governmental bodies, students,
professors, and academics.
Our heartfelt gratitude goes towards our Jordanian and European partners who
dedicated their precious time and effort towards the success of this entire project.
We dedicate this work to our beloved country, Jordan, and its people and to our
European partner countries.
- Prof. Fahmi Abu Al-Rub, Dr. Penelope Shihab, and
Dr. Safwan Abu Al-Rub
1
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chapter 1
WHAT IS QUALITY ALL ABOUT
Massouras Theolos
Agricultural University of Athens, theomas@aua.gr
Daratsanou Evangelia
Agricultural University of Athens, edaratsanou@gmail.com
Introduction
A quality management system (QMS) is a set of policies, processes and procedures
required for planning and delivering (production/development/service) in the core business
area of an organization of any kind and size.
The ISO standard 9001 is a set of requirements that dene the implementation and
maintenance of a quality management system for a company.
Above all, ISO 9001 is a management tool for improving customer satisfaction and for
assisting organizations to be more efcient.
At the same time an important characteristic of the food industry is that, in order to cope
with market needs as well as legal requirements, it has to satisfy both safety and quality
criteria for it products. Food quality is one of the most complex concepts because it can
be assessed only in relation to food safety. A food must meet legislative, technological,
and hygiene requirements, as well as transport and handling requirements, and to satisfy
its intended use. The food producers must select and implement an efcient quality
management and within this system they must employ quality principles and tools.
The purpose of this e-book is to assist food producers, distributors, vendors and regulators,
of different backgrounds and experiences, in nding information about quality management
systems and how those QMS and in particular ISO 9001:2015, could improve the customer
focus of the company and its overall performance.
The main purpose of this e-book is to increase the awareness level of both industry’s top
management and Academia for the Standard’s signicance as a Business tool, as well as
to enhance their knowledge on ISO 9001:2015 and to present the Standard in its new and
revised version of 2015.
Chapter Objectives
• ToprovidethebasicunderstandingforQualityManagementSystems
• TopresenttheevoluonofISO9001overme
• TounderlinethesignicanceofISO9001foranycompany
2
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
QUALITY MANAGEMENT STANDARD, ISO 9001:2015
Quality Management & The International Organization for Standardization (ISO)
Quality Management (QM) is the use of management techniques and tools to achieve consistent quality of products
and services, i.e. to achieve maximum customer satisfaction at the lowest overall cost to the organization while
continuing to improve the process. Specically, for the food industry, that also involves the knowledge and application
of techniques and programs for product safety. Quality management is, thus, the totality of functions involved in the
determination and achievement of quality, including quality assurance and quality control.
Quality Assurance (QA) includes all activities designed to produce products and services of appropriate quality; i.e.
all those planned or systematic actions necessary to provide adequate condence that a product or service will satisfy
given needs. QA focuses on the entire quality system including suppliers and ultimate consumers of the product or
service.
Quality Control (QC) has a narrower focus than quality assurance. QC focuses on the process of producing the
product or service with the intent of eliminating problems that might result in defects.
Oen, however, “quality assurance” and “quality control” are used interchangeably, referring to the actions performed
to ensure the quality of a product, service or process.
e International Organization for Standardization (ISO), is an independent, nongovernmental organization with
a membership of 163 national standards bodies, that oversees the draing of ISO 9001 and many other international
standards. ISO, through its 163 member organizations, brings together experts “to share knowledge and develop
voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions
to global challenges.
Since 1946, when delegates from 25 countries met at the Institute of Civil Engineers in London and decided to create
a new international organization ‘to facilitate the international coordination and unication of industrial standards.
ISO has published 21,780 International Standards and related documents, covering almost all aspects of technology
and every sector of manufacturing, including food safety. Practically, ISO International Standards impact everyone,
everywhere.
ISO is derived from the Greek word isos, meaning equal. Whatever the country, whatever the language, we are always
ISO.
According to iso.org, “ISO 9001 is a standard that sets out the requirements for a quality management system. It helps
businesses and organizations to be more ecient and improve customer satisfaction.
is is a crucial element of current reality, as in recent decades mass production with a basically push strategy has
changed to a more and more pull strategy with higher customer involvement and market orientation from industry’s
perspective and strategy. To satisfy the requirements of the triangle quality, cost and time the eld of view of quality
management has continuously been widened from considering “what” is done to “how” it is done.
Within a global economy with enormous and erce competition, the survival and the development of a company
depends on its ability to attract customers, to make them loyal and above all to, constantly, exceed their expectation
and desires, in order to retain them.
erefore, in order to cope with those tasks, the top management of any company must assure a high “degree to
3
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
which a set of inherent characteristics fulls requirements” (ISO 9000, 2005), in terms of maintaining a standard
quality of products and services.
As Govind Ramu, chair of the ISO 9001:2015 U.S., quotes “ISO 9001:2015 is not a giant, scary monster. It’s a
commonsense approach to running any organization. When process owners complain about additional work that
ISO 9001 creates, I always ask them, ‘Tell me one thing in ISO 9001 you wouldn’t do in a business.’ With or without
ISO 9001, the requirements outlined in the standard are fundamental to any business.
HISTORY OF QUALITY MANAGEMENT
STANDARD ISO 9001
Historic Review of the ISO 9000 Standards
e ISO 9000 family of quality management systems standards is designed to help organizations ensure that they
meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to
a product or program. ISO 9000 deals with the fundamentals of quality management systems, including the seven
quality management principles upon which the family of standards is based.
e ISO 9000 family includes standards such as:
e ISO 9001:2015-that covers the requirements of a QMS.
e ISO 9000:2015-that includes the basic concepts and language.
e ISO 9004:2009-that focuses on improving the eciency and eectiveness of a QMS.
e ISO 19011:2011-that includes guidelines for the conduction of internal and external audits of QMSs.
ISO 9001 deals with the requirements that organizations wishing to meet the standard,
must fulll.
ISO 9000 was rst published back in 1987. It was based on the British Standard, BS 5750 series of standards from BSI
that were proposed to ISO in 1979.
Actually it was back in 1959, when the US Department of Defense (1959) issued a specication for quality – Quality
Program Requirements (MIL-Q-9858) (US Department of Defense, 1959), and later in 1973, the UK Defence
Standards DEF STAN 05-21/1 – “Quality Control System Requirements for Industry” (Ministry of Defence, 1973)
was published and based on earlier North Atlantic Treaty Organization (NATO) quality standards issued at the end
of the 1960s.
Practically, all these standards changed the emphasis from post-production quality inspection and control to
ensuring that quality was built into the manufacturing processes from the beginning, thus introducing the concept
of quality assurance.
Year Conformance standard Title
1979 BS 5750: 1979 Quality systems: Part 1. Specication for design,
manufacture and installation
1987 BS 5750: 1987; ISO 9001: 1987; EN
29000; ANSI/ ASQC Q91
ISO title: Quality systems – Model for quality assurance in
design/development, production, installation and servicing
4
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
1994 ISO 9001: 1994: ANSI/ASQC Q9001-1994 Quality systems – Model for quality assurance in design,
development, production, installation and servicing
2000 ISO 9001: 2000 Quality management systems Requirements
2008 ISO 9001: 2008 Quality management systems – Requirements
2015 ISO 9001: 2015 Quality management systems – Requirements
Table 1: Development of quality management standards.
Source: "Developing a knowledge management policy for ISO 9001: 2015", John P. Wilson, Larry Campbell,
JOURNAL OF KNOWLEDGE MANAGEMENT, VOL. 20 NO. 4 2016, PAGE 831
Recent Years
e 2000 version of the standard (ISO 9001:2000) sought to make a radical change in thinking. It placed the concept
of process management at the heart of the standard, making it clear that the essential goals of the standard – which
had always been about ‘a documented system’ not a ‘system of documents’ – were reinforced. e goal was always to
have management system eectiveness via process performance measures. is third edition makes this more visible
and so reduced the emphasis on having documented procedures if clear evidence could be presented to show that
the process was working well. Expectations of continual process improvement and tracking customer satisfaction
were also made explicit in this revision. A new set of eight core quality management principles, designed to act as a
common foundation for all standards relating to quality management, were also introduced namely:
Improved consistency with traceability
Enhanced customer focus
Focused leadership
e involvement of people
A system approach to management
Continual improvement
A factual approach to decision making
Mutually benecial supplier relationships
e fourth edition of the standard (ISO 9001:2008) arrived on November 14th 2008. is revision contains minor
amendments only. e aim of this revision is to clarify existing requirements and to improve consistency of approach
with other management standards, like ISO 14001:2015.
During September 2015, a revised version – ISO 9001:2015 – was launched to bring the standard up to date, reecting
latest quality management good practice. Whilst some requirements have been tightened, the standard is now far less
prescriptive and has even greater integration with other ISO management standard thanks to a common high-level
structure.
5
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
e following Infographic (www.advisera.com/9001academy), indicates the changes in the revised Standard.
Figure 1: Infographic indicating the
History in quality management
standard. www.advisera.com
7
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chapter 2
THE SEVEN (7) QUALITY MANAGEMENT
PRINCIPLES
Massouras Theolos
Agricultural University of Athens, theomas@aua.gr
Daratsanou Evangelia
Agricultural University of Athens,edaratsanou@gmail.com
Prof. Majdi A. Al-Mahasneh (JUST)
Jordan University of science and Technology,mmajdi@just.edu.jo
Prof. Ihab Ghabeish (BAU)
Balqa’a Applied University, balappuniv@yahoo.com
Eng. Safa'a Smadi (JFDA)
Jordan Food and Drug Administration, smadi.safa@gmail.com
Lina Tsakalou (CRE.THI.DEV.)
Creative Thinking Development, ltsakalou@gmail.com
Chapter Objectives
• Toindicatethecorrelaonbetweenthe7qualitymanagementprinciples
andtheISO9001Standard
• Topresentonebyonethe7qualitymanagementprinciples
• Todescribetheraonaleofthoseprinciplesandthebenetsderivedby
them
• Topresentsometypicalaconsundertakenwhenapplyingaprinciple
• Toidenfythebasicstepstowardstheadaponofeachprinciple
Introduction
According to the ISO, ISO 9000, ISO ¬9001 and related ISO quality management standards
are based on seven Quality Management Principles (QMPs). The achievement of those
QMPs, is essential for the efcient and successful management of any organization
worldwide.
8
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
The revised version of ISO 9001:2015 Standard, is based on the following Seven principles of Quality
management:
QMP 1 – Customer focus.
QMP 2 – Leadership.
QMP 3 – Engagement of people.
QMP 4 – Process approach.
QMP 5 – Improvement.
QMP 6 – Evidence-based decision making.
QMP 7– Relationship management.
7 Quality
Management
Principles
Customer
Focus
Leadership
Engagement
of People
Process
Approach
Improvement
Evidence
Based
decision
Making
Relationship
Management
Figure 2– Seven principles of Quality management
9
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
CUSTOMER FOCUS
Introduction
“e primary focus of quality management is to meet customerrequirements and to strive to exceed customer
expectations”. (ISO 9000: 2015)
According to the American Management Association (AMA), as the knowledge economy evolves into an “experience
economy,” successful rms will be those that can deliver better customer experiences by using empathy skills to build
new brands or develop new consumer experiences.
Rationale
“Sustained success is achieved when an organization attracts and retains the condence of customers and other
interested parties on whom it depends. Every aspect of customer interaction provides an opportunity to create more
value for the customer. Understanding current and future needs of customers and other interested parties contributes
to sustained success of an organization. (ISO 9000: 2015).
Explanation
Customer focus is the ability of an organization to eciently and eectively concentrate on the work that enhances
the experiences of customers with products and services. rough their customer-focus eorts, companies can drive
up the value that’s received by customers. is oen means gaining a good understanding of the various customer
segments, producing quality at acceptable costs, and delivering on all commitments.
e fact that customer focus has become a hugely important business issue became crystal clear when the Human
Resource Institute (2004) conducted its most recent Major Issues Impacting People Management survey. It found
that European respondents ranked “Focus on the Customer” rst out of 120 issues and North American respondents
ranked it fourth. Since then, various other surveys on issues such as leadership and innovation have supported the
preeminent importance of customer focus in businesses today.
Sources
1 Organizational Sources: Data, facts and gures gathered from the organization, especially from the “front –
line” employees, or from on-line assessments and questionnaires by the end-users
2 Experiential Sources: e professional experience and judgment of executives and employees
3 Stakeholder Sources: e values, concerns and organizational decisions of people who are involved in the
organization
4 Scientic evidence: Findings from published scientic research regarding customer focus concept
Typical Actions
Some of the possible actions that an organization can take to increase Customer Focus couldinclude:
1. To identify and recognize the direct and indirect customer of the organization who receive value from the
organization.
2. Tounderstand customers’ current and future needs and expectations
10
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
3. e organization mustlink its objectives to customer needs and expectations
4. It mustcommunicate customer needs and expectations throughout the organization
5. It mustplan, design, develop, produce, deliver and support products and services to meet customer needsand
expectations
6. It mustmeasure and monitor customer satisfaction and take appropriate actions;
7. It mustdetermine and take action on relevant interested parties’ needs and appropriate expectations thatcan
aect customer satisfaction
8. It mustactively manage relationships with customers to achieve sustained success.
Proposed steps
1. Dening Objectives and Information Needs: What are the aims? What do we need to know based on the aims?
Can we clearly articulate our information needs? Who needs to know what, when and why?
2. Collecting Data: Do we have or can we collect meaningful and relevant data to meet our information needs?
What are the types of data we need, quantitative or /and qualitative?
3. Analyzing Data: How can we turn the data into relevant insights? How can we put the data into context and
extract information? What are the most appropriate tools to analyze the data?
4. Presenting Information: How can we best present and communicate the insights and information to inform
decision makers?
5. Making Customer Focused Decisions: How do we ensure that the available data is used to make the best
decisions? How do we create a knowledgeable to action culture? How do we avoid the knowing-doing gap?
Key benets
(As per ISO 9000:2015)
• ere is an increase in customer value
• ere is an increase in customer satisfaction
• ere is an improvement in customer loyalty
• It enhances in repeat business
• It enhances in reputation of the organization
• ere is anexpansion of customer base
• ere is increase in revenue and market share.
LEADERSHIP
Introduction
“Leaders at all levels establish unity of purpose and direction of the organization. ey should create and maintain
the internal environment in which people can become fully involved in achieving the organization objectives."
11
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Rationale
Creation of unity of purpose and direction and engagement of people enable an organization to align its strategies,
policies, processes and resources to achieve its objectives.
Explanation
Leadership is a process by which leaders help themselves and others to do the right things within a given framework.
ey set a clear strategy, they build an inspiring vision, and create something new. Leadership is about mapping out
where you need to go to "win" as a team or an organization.
Sources
Experiential Sources: e professional experience and judgment of executives and top management
Stakeholder Sources: e values, concerns and organizational decisions of people who are involved in the
organization
Scientic evidence: Findings from published scientic research regarding leadership concept
Academic Background: Relevant studies, vocational training, seminars and life - long learning, professional
development.
Typical Actions
Some of the possible actions that an organization can take to enhance Leadership couldinclude:
Identify and Engage all Relevant Stakeholders by Considering:
1. Listing all stake holders who impact the value stream carefully.
2. Ensure to include all the stake holders cutting across functions in end-to-end process management.
3. Buy-in all stake holder constituents impacted by the process change
4. Facilitating communication between the departments and functions
5. Facilitating value stream transformation
6. Installing the service level agreements to track and monitor the performance of the constituents
Build Quality Culture by:
1. Dening the vision and strategies for achieving it
2. Communicating the vision and demonstrate personal commitment
3. Creating & maintaining an awareness of quality
4. Providing evidence of management leadership on quality.
5. Providing opportunities for self-development and empowerment.
6. Providing opportunities for participation in management process.
7. Instituting recognition & rewards mechanism
12
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Proposed Steps
1. Dening Objectives: What are the aims? What do we need to know based on the aims?
2. Collecting Data: Do we have or can we collect meaningful and relevant data to meet our aims? What are the
types of data we need, quantitative or /and qualitative?
3. Analyzing Data: How can we turn the data into relevant insights? How can we put the data into context and
extract information? What are the most appropriate tools to analyze the data?
4. Presenting Information: How can we best present and communicate the insights and information to inform
decision makers?
5. Making Leadership Decisions: How do we ensure that the available data is used to make the best decisions?
How do we create a knowledgeable to action culture? How do we avoid the knowing-doing gap?
Key Benets
• Increasedeectivenessandeciencyinmeetingtheorganization’squalityobjectives
• Bettercoordinationoftheorganization’sprocesses
• Improvedcommunicationbetweenlevelsandfunctionsoftheorganization
• Developmentandimprovementofthecapabilityoftheorganizationanditspeopletodeliverdesiredresults.
ENGAGEMENT OF PEOPLE
Introduction
e term engagement originally referred to “how fully people are psychologically present during particular moments
of role performance.” Kahn dened engagement as: “the harnessing of organization members’ selves to their work roles
in engagement, people employ and express themselves physically, cognitively, emotionally during role performance.
“Engagement of people” is one of the stated quality management principles mentioned in the ISO 9001:2015 standard,
while Section 7 of the standard deals with “Resources” and the role of people and the environment that those people
create as a result. What the standard doesn’t specify is what means the ISO 9001:2015 practitioner should use to
engage the employees, and therefore encourage a level of buy-in that ensures that the project itself and resulting QMS
performance can ourish.
So, what can we do to give us this foundation that will ensure our employees have the enthusiasm and “know-how”
to facilitate a smooth 9001 implementation and continued performance?
It is essential for the organization that all people are competent, empowered and engaged in delivering value.
Competent, empowered and engaged people throughout the organization enhance its capability to create value.
Consistent and predictable results are achieved more eectively and eciently when activities are understood and
managed as interrelated processes that function as a coherent system.
13
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Rationale
To manage an organization eectively and eciently, it is important to involve all people at all levels and to respect
them as individuals. Recognition, empowerment and enhancement of skills and knowledge facilitate the engagement
of people in achieving the objectives of the organization.
Explanation
is is the third of the Seven principles of Quality management and the term “Involvement of People” has been
change to “Engagement of People. e Eight principle denition stated “People at all levels are the essence of an
organization and their full involvement enables their abilities to be used for the organization’s benet.” e Seven
principle denition states “It is essential for the organization that all people are competent, empowered and engaged
in delivering value.
Competent, empowered and engaged people throughout the organization enhance its capability to create value.
Engaging people means employees are committed to their organisations goals and values, motivated to contribute to
organisational success, and are able at the same time to enhance their own sense of well-being.
An engaged employee experiences a blend of job satisfaction, organizational commitment, job involvement and
feelings of empowerment. When we talk of engagement of people it means that all the employees are competent,
empowered and they are delivering value. An engaged employee will have a better perception of job importance. An
engaged employee will have better clarity of job expectation. ere will be more improvement opportunities. ere
will be regular feedback and dialog with supervisors. e Quality of working relationships of an engaged employee
with peers, superiors, and subordinates is much improved. ere is eective employee communication.
Sources
Organizational Sources: Data, facts and gures gathered from the organization, especially from the “front – line”
employees, or from on-line assessments and questionnaires by the end-users.
Experiential Sources: e professional experience and judgment of executives and employees.
Stakeholder Sources: e values, concerns and organizational decisions of people who are involved in the
organization.
Typical Actions
Engagement of people. Creating value for your customers will be easier if you have competent, empowered and
engaged people at all levels of your business or organization.
• Communicatewithpeopletopromoteunderstandingoftheimportanceoftheirindividualcontribution.
• Promotecollaborationthroughouttheorganization.
• Facilitateopendiscussionandsharingofknowledgeandexperience.
• Empowerpeopletodetermineconstraintstoperformanceandtotakeinitiativeswithoutfear.
• Recognizeandacknowledgepeople’scontribution,learningandimprovement.
• Enableself-evaluationofperformanceagainstpersonalobjectives.
• Conductsurveystoassesspeople’ssatisfaction,communicatetheresults,andtakeappropriateactions.
14
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Proposed Steps
• Ensurethatpeople’sabilitiesareusedandvalued
• Makepeopleaccountable
• Enableparticipationincontinualimprovement
• Evaluateindividualperformance
• Enablelearningandknowledgesharing
• Enableopendiscussionofproblems,constraints
Key Benets
• Improvedunderstanding of the organization’s qualityobjectivesbypeoplein the organization andincreased
motivation to achieve them
• Enhancedinvolvementofpeopleinimprovementactivities
• Enhancedpersonaldevelopment,initiativesandcreativity
• Enhancedpeoplesatisfaction
• Enhancedtrustandcollaborationthroughouttheorganization
• Increasedattentiontosharedvaluesandculturethroughouttheorganization
PROCESS APROACH
Introduction
While the process approach is by no means a new requirement, anecdotal evidence suggests that it is poorly
understood.
e process approach was rst introduced in ISO 9001:2000. And while the concept of a process-based quality
management has not changed, the requirements in the latest version of the standard, ISO 9001:2015, have become
more specic and less ambiguous.
So, what actually is a process approach? And why is it important? And, most importantly, how can you get your
employees to apply it?
Rationale
A process is a set of interrelated activities that transform activity inputs into outputs.
Quality management systems consist of interrelated processes. Understanding how those results are produced by any
of these systems enables an organization to optimize the specic system and its actual performance.
Explanation
‘Consistent and predictable results are achieved more eectively and eciently when activities are understood and
managed as interrelated processes that function as a coherent system’ - Introduction of ISO 9001:2015.
15
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chart 3: Pdca Cycle.
e process approach is a management strategy which incorporates the plan-do-check-act cycle and risk-based
thinking. It means that processes are managed and controlled. It also means that we not only understand what the
core processes are, but we also consider how they t together.
e requirement for a process-based quality management system is nothing new. e requirement to "establish,
implement, maintain and continually improve" is familiar from both ISO 9001:2000 and ISO 9001:2008. e key
changes are:
• For organizations already adopting ISO 9001:2008, a key factor in transitioning to ISO 9001:2015 is the extent to
which the process approach has been adopted.
• Clause 4.4 of ISO 9001:2015 sets out specic requirements for the adoption of a process approach e.g.
organisations must monitor, measure and use related performance indicators to determine eective operation
and controls.
• Top management must promote, engage and support employees to follow a process approach. 
Why a process approach is so important
Organizations are typically structured into departments which are managed by a department head. e head is
responsible for what comes out of the department.
Most departmental heads never interact with the external customer, only internal ones. As such, they are divorced
from how the customer really feels.
If key performance indicators are set by departments this compounds the problems. Heads try to maximize the
performance of their departments to the possible detriment of other departments further down the line.
e process approach introduces horizontal management, controlling processes which ow across departmental
boundaries.
An appointed employee is accountable from start to nish. ey follow the whole picture from process initiation
to process completion. ey understand what the stakeholders involved in the process want and have delegated
authority to act, so as to achieve this. An employee’s rst loyalty is to their assigned projects, products or services -
rather than their own departments.
16
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Using a process approach in a quality management system facilitates:
• Understanding and consistency in meeting requirements.
• Viewing processes in terms of value-add.
• Achieving eective process performance.
• Improving process performance based on analysis and evaluation of the data and information.
Sources
Organizational Sources: Data, facts and gures gathered from the organization
Experiential Sources: e professional experience and judgment of executives and employees, previous processes
involved
Stakeholder Sources: e values, concerns and organizational decisions of people who are involved in the
organization
Typical Actions
ISO 9001:2015 employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-
based thinking. is means theorganization needs to:
1. Determine required process inputs and expected outputs,
2. Assign responsibilities and authorities for processes,
3. Identify risks and opportunities for processes, and plan to address them in an optimum way.
Proposed Steps
Dene the processes of the quality management system
ISO 9001 does not provide you with a list of core quality management system processes that an organization needs
to include. e organization must determine these for themselves. Some processes’ examples:
• Internal training, leadership and performance evaluation.
• Manufacturing, design, distribution, development, service, delivery and assembly management.
• Revenue assurance/business process outsourcing.
• New customer management.
• Equipment management.
• Supplier approval and re-evaluation.
• Risk identication and management.
• Contract change or revenue assurance management.
• Complaint handling.
• Information management.
• Audit and inspections.
• Other QHSE requirements.
17
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
A good question would be:
• How are we constantly providing products and services which meet customer and applicable statutory and
regulatory requirements?
• How are we enhancing customer satisfaction?
ese are the processes which need to be controlled. e organization must then map out the inter-relationships
between its core processes.
Assign responsibilities and authorities for processes
e organization then needs to work out who is responsible for what process. Rather than focusing on functions,
should focus on the process across the department. Particular attention to the interdependencies and the interactions
is needed. Other signicanr actions could be to:
• Involve employees in building the process-based quality management system.
• Train individuals so they understand their roles and accountabilities in respect of the core processes to ensure
they see their processes end-to-end.
• Restructure the audit programme around processes not functions.
• Train auditors to follow processes across departments, paying particular attention to interdependencies and
interactions.
• Provide documented information to support the operation of processes and ensure you have condence that the
processes are being carried out as planned.
• Give procedures and work instructions another name.
Identify risks and opportunities, and plan to address them
Risk-based thinking is an extension of preventive action. It requires organizations to determine risks and opportunities
to processes, products and services, as well as the quality management system. And the organization must also
take proportionate steps to address these actions. is means monitoring and measuring the performance of
processes.For more information about risk-based thinking, please see this article.
A process-based quality management system requires careful planning, structure and continuous optimization. Key
to this is ensuring your stakeholders are engaged. Employees must always be looking for opportunities to meet
customer requirements and enhance customer satisfaction.
Key Benets
• Enhanced ability to focus eort on key processes and opportunities for improvement.
• Consistent and predictable outcomes through a system of aligned processes.
• Optimized performance through eective process management, ecient use of resources, and reduced cross-
functional barriers.
• Enabling the organization to provide condence to interested parties as to its consistency, eectiveness and
eciency.
18
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
IMPROVEMENT
Introduction
“Successful organizations have an ongoing focus on improvement”. (ISO Org.)
Organizational Improvement is a dynamic and continuous process, that involves everyone within the organization
from top management, to managers, and employees.
Rationale
“Improvement is essential for an organization to maintain current levels of performance, to react to changes in its
internal and external conditions and to create new opportunities”. (ISO Org.)
Organizational improvement is a prerequisite for any company or organization in order to operate as eectively as
possible.
Explanation
Improvement is the h of theSeven principles of Quality management and can be mapped to the sixth of the Eight
Quality principle which is “Continual Improvement”.  e term “Continual Improvement” has been change
to “Improvement”. e h principle of the Eight Quality principle “System approach to management” no
longer exist in the Seven principles of quality management. e Eight principle denition stated “Continual
improvementof the organization’s overall performanceshould be a permanent objectiveof the organization.”e
Seven principle denition states“Successful organizations have an ongoing focus on improvement.” Improvement
is the improvement in organizational eciency and eectiveness in total.
According to Kenneth A. Potocki and Richard C. Brocato, ve guiding principles are being used to make outstanding
improvements in organizational performance: measurements/benchmarking, leadership, employee involvement,
process improvement, and customer focus.
e organization should employ a consistent organization-wide approach toimprovement of the organizations’
methods, tools and metrics forimprovement. e organization should provide people with the appropriate training
in the methods and tools for improvement on an on-going basis. e organization should, also, make improvement
of products, processes, and services.
e organization should establish the goals to guide and lead.
Sources
Organizational sources: Technical Reports, Data, facts measurements and gures gathered from the organization.
Scientic sources: Findings from published scientic research regarding organizational improvement and
performance.
Experiential sources: e professional experience and judgment of top management, managers and employees.
Stakeholder sources: e values, concerns and feedback of people who interact with the organization.
19
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Typical Actions
1. Determine, measure and monitor key indicators to demonstrate the organization’s performance.
2. Make all data needed available to the relevant people.
3. Build organizational commitment to quality by engaging everyone in the Organization
4. Build organizational culture and mentality for quality by coping with mistakes rather as opportunities for
knowledge and improvement
5. Set measurable processes and use feedback to improve those processes
6. Ensure people are competent via continuous training to contribute to organizational improvement
7. Improve coordination and collaboration between all departments and functions within the organization
Proposed Steps
Some of the possible steps that an organization can take includes (As per ISO 9000:2015):
• Establishment of improvement objectives at all levels of the organization.
• Education and training of people at all levels on how to apply basic tools and methodologies to achieveimprovement
objectives.
• Ensuring that people are competent to successfully promote and complete improvement projects.
• Development and deployment of processes that are able to implement improvement projects throughout the
organization.
Key Benets
(As per ISO 9000:2015)
• ere is improved process performance, organizational capability and customer satisfaction.
• ere isenhanced focus on root cause investigation and determination, followed by prevention andcorrective actions.
• ere isenhanced ability to anticipate and react to internal and external risks and opportunities.
• ere isenhanced consideration of both incremental and breakthrough improvement.
• ere isimproved use of learning for improvement. ere isenhanced drive for innovation.
• It cantrack, review and audit the planning, implementation, completion and results of improvement projects.
• It canintegrate improvement consideration into development of new or modied products and services and
processes.
• It can recognize and acknowledge improvement.
20
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
EVIDENCE – BASED DECISION MAKING
Introduction
Evidence based decision making, is the sixth of the seven of quality management principles, which is the ISO 9001 is
based on. Decisions based on the analysis and evaluation of data and information are more likely to produce desired
results.
Rationale
“Decision making can be a complex process, and it always involves some uncertainty. It oen involves multiple types
and sources of inputs, as well as their interpretation, which can be subjective. It is important to understand cause-
and-eect relationships and potential unintended consequences. Facts, evidence and data analysis lead to greater
objectivity and condence in decision making.” (ISO 9000: 2015)
Explanation
e organization should base their decisions on process performance data generated by the management system,
includes audit data, customer complaints and nonconformity data as inputs to decision making. Eective decisions
are based on the analysis of data and information. It means that managers make a decision on basis of various
measurements, balanced with the experience and intuition within the management system.
Evidence includes any data or information that might be used to determine the truth of an assertion, and it could be
a quantitative or qualitative data.
Building evidence requires the careful collection of the right data. And yet our understanding of the word “data” is
confused. People oen wrongly believe that the word “data” has a narrow numeric denition. is is incorrect. Data
comes in many forms – sounds, text, graphics, and pictures are as much data as are numbers. Consequently, it is
important to become familiar with the available data collection methodologies. On the other hand the quality of data
should be assessed for their reliability and validity to become useful.
e organizations need to build appropriate IT infrastructure to collect, analyze, present the data and consequently
make the rightest decision. is includes (a) databases, data warehouses, data marts, etc. to store the data; (b)
networks and connections to share the information and to make is accessible; and (c) the soware to analyze and
share the data. Also, the organizations need to ensure the competency of the persons that collect and analyze the
data, this is because the employees of an organization who need to take insights from the analysis and turn them
into actionable knowledge. Accordingly, the organizations should accessible data to the relevant competent persons.
Sources
Scientic evidence: Findings from published scientic research.
Organizational evidence: Data, facts and gures gathered from the organization.
Experiential evidence: e professional experience and judgment of practitioners.
Stakeholder evidence: e values and concerns of people who may be aected by the decision.
21
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Typical Actions
1. Determine, measure and monitor key indicators to demonstrate the organization’s performance.
2. Make all data needed available to the relevant people.
3. Ensure that data and information are suciently accurate, reliable and secure. Analyze and evaluate data and
information using suitable methods.
4. Ensure people are competent to analyze and evaluate data as needed.
5. Make decisions and take actions based on evidence, balanced with experience and intuition.
Proposed Steps
Dening Objectives and Information Needs: What are the aims? What do we need to know based on the aims? Can
we clearly articulate our information needs? Who needs to know what, when and why?
Collecting Data: Do we have or can we collect meaningful and relevant data to meet our information needs? What
are the types of data we need, quantitative or /and qualitative?
Analyzing Data: How can we turn the data into relevant insights? How can we put the data into context and extract
information? What is the most appropriate tools to analyze the data?
Presenting Information: How can we best present and communicate the insights and information to inform
decision makers?
Making Evidence-Based Decisions: How do we ensure that the available evidence is used to make the best decisions?
How do we create a knowledgeable to action culture? How do we avoid the knowing-doing gap?
Key Benets
1. Improved decision-making processes
2. Improved assessment of process performance and ability to achieve objectives
3. Improved operational eectiveness and eciency
4. Increased ability to review, challenge and change opinions and decisions
5. Increased ability to demonstrate the eectiveness of past decision
RELATIONSHIP MANAGEMENT
Introduction
“Eective relationships allow business partners to leverage each other’s resources and learn from each other”. (Chadee
et al., 2016; Kale et al., 2000; Mathews, 2006).
Today’s businesses and organizations do not work isolated. Identifying the important relationships you have with
interested parties such as the customers and suppliers as well as any other stakeholder – and setting out a plan to
interact eectively with them – will lead to sustainable development and ultimate success.
22
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Rationale
“Interested parties inuence the performance of an organization.
Sustained success is more likely to be achieved when the organization manages relationships with all of its interested
parties to optimize their impact on its performance. Relationship management with its supplier and partner networks
is of particular importance”. (ISO Org. 2015)
Explanation
Relationship management aims to create a partnership between the organization and its audience rather than
consider the relationship merely transactional. Consumers who experience that a business not only responds to
their needs, but continuously tries to exceed their expectations are more likely to continue using the products and
services of that particular company. Furthermore, pursuing and maintaining a standard level of communication with
customers and users allows the business to identify potential sources of costly problems before they actually occur.
Relationship management involves any process or strategy used to build support or loyalty towards the business or
its particular products and services. Generally, relationship management is performed at the customer level and at
the business level to achieve dierent goals.
Business relationship management consists of knowledge, skills, and behaviors (or competencies) that foster a
productive relationship between a service organization (internal department or an external provider) and their
business partners.
Sources
Organizational evidence: Technical Reports, Data, facts measurements and gures gathered from the organization
and the feedback gained by customers and collaborators.
Scientic evidence: Findings from published scientic research regarding organizational improvement and
performance.
Experiential evidence: e professional experience and judgment of top management, managers and employees
Stakeholder evidence: e values, concerns and feedback of people who interact with the organization
Typical Actions
Determine relevant interested parties (such as suppliers, partners, customers, investors, employees, and society as a
whole) and their relationship with the organization.
• Determineandprioritizeinterestedpartyrelationshipsthatneedtobemanaged.
• Establishrelationshipsthatbalanceshort-termgainswithlong-termconsiderations.
• Poolandshareinformation,expertiseandresourceswithrelevantinterestedparties.
• Measure performance and provide performance feedback to interested parties, as appropriate, to enhance
improvement initiatives.
• Establishcollaborative developmentandimprovementactivities withsuppliers,partnersand otherinterested
parties.
23
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
• Encourageandrecognizeimprovementsandachievementsbysuppliersandpartners.
Proposed Steps
1. Dening Objectives and Information Needs: What are the aims? What do we need to know based on the aims?
Can we clearly articulate our information needs? Who needs to know what, when and why?
2. Collecting Data: Do we have or can we collect meaningful and relevant data to meet our information needs?
What are the types of data we need, quantitative or /and qualitative?
3. Analyzing Data: How can we turn the data into relevant insights? How can we put the data into context and
extract information? What is the most appropriate tools to analyze the data?
4. Presenting Information: How can we best present and communicate the insights and information to inform
decision makers?
5. Making Relationships Management Decisions: How do we ensure that we maintain eective relationships?
How do we create a knowledgeable to action culture? How do we avoid the knowing-doing gap?
Key Benets
• Enhancedperformanceoftheorganizationanditsinterestedpartiesthroughrespondingtotheopportunities
and constraints related to each interested party.
• Commonunderstandingofgoalsandvaluesamonginterestedparties.
• Increasedcapabilitytocreatevaluefor interestedpartiesbysharingresourcesandcompetence andmanaging
quality-related risks.
• Awell-managedsupplychainthatprovidesastableowofgoodsandservices.
25
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chapter 3
HOW A COMPANY CAN GET STARTED &
CERTIFIED WITH THE STANDARD
Lina Tsakalou (CRE.THI.DEV.)
Creative Thinking Development, ltsakalou@gmail.com
Soa Papakonstantinou (CRE.THI.DEV.)
Creative Thinking Development, spapakon@hotmail.com
Chapter Objectives
To present in a simple waythestepsthatacompanyhas to apply,in order to
study, understand, implement and nally be cered to the ISO 9001:2015
Standard.
HOW I CAN GET STARTED
ISO 9001:2015 is the new business improvement tool that helps drive continual improvement and
deliver results in your organization. It helps any kind of business to stand out, gain a competitive
edge, and grow.
It is more than a quality management system, it’s a complete operational tool designed to improve
performance. It uses a process approach to ensure customer satisfaction and places quality right at
the heart of your organization, complementing business strategy and helping enhance performance
over time. is has been designed with the needs of modern businesses in mind. It provides a
framework which helps you to focus on ensuring you anticipate your business environment and
customer needs. Its exible and agile so you can make it work for your business. at’s how ISO
9001 really adds value.
ISO 9001 was revised in 2015 to bring it up to date with the needs of modern businesses and to
add even more value. It’s based on the high-level structure which is a common framework for all
new management system standards. is helps keep consistency, align dierent management system
standards, oer matching sub-clauses against the top-level structure and apply common language
across all standards. It makes it easier for organizations to incorporate their quality management
system, into core business processes, make eciencies, and get more involvement from senior
management.
26
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Plan-Do-Check-Act (PDCA) is the operating principle of ISO 9001. It’s applied to all processes and the QMS as a
whole. e following diagram shows how Clauses 4 to 10 of ISO 9001 can be grouped in relation to PDCA.
Figure 4: Pdca Cycle In Correlation To ISO 9001 Clauses
* Clause 4 Context of the organization, Clause 5 Leadership, Clause 6 Operation, Clause 7 Support
STEPS TO BE UNDERTAKEN
ere are many ways an organization can implement a quality management system.
In-depth advice is available from a number of dierent resources, including the publication ISO 9001 for small
businesses – What to do, but here are a few tips to get you started.
Step 1 – Dene the objectives of the organization. Why does the organization want to implement the standard?
Step 2 – Make sure senior management is on board. It is crucial that everyone – from the top down – is supportive
of the initiative and its objectives. If you are struggling with this, several accurate publications could help.
Step 3 – Identify your organization’s key processes for meeting your objectives as well as your customers’ needs.
Within each of these processes, make sure you understand your customers’ requirements and can guarantee that
these are met – each and every time. is will form the basis of your quality management system.
Step 4 – Buy the Standard and appoint a Quality Manager that will study the Standard and will act as an internal
Ambassador in order to generate commitment and determination for adopting and implementing the QMS. Also,
appoint the Quality team.
27
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
STEPS TOWARD CERTIFICATION
ere is no obligation to be certied to ISO 9001, so a good rst step is evaluating whether certication makes
sense for the specic organization. As mentioned earlier certication usually reassures customers that products and
services are in line with their expectations. In some cases it is a prerequisite to work with certain clients especially
from specic countries.
However, especially for companies within the food industry, QMS could play an essential role in an exchange because
food safety and quality attributes may not be directly observable by the consumer. erefore a certied QMS, provides
a level of safety to the consumer and a sense of quality assurance.
Main considerations:
• Current level of conformance with ISO 9001 requirements
• Amount of resources that the company will dedicate to this project for development and implementation
• Amount of support that will be required from a consultant and the associated costs
• Costs for ISO 9001 registration, surveillance and recertication audits
In case that an Organization decides to get certied, the rst step is to nd a certication body as ISO does not
perform certication. In doing so, they should:
• Buildupateamandtraintheemployeesfortheoverallscopeaswellastheimplementationprocesses.
• Identifyandevaluateasmanycerticationbodiesaspossible
• Checkifthecerticationbodyusestherelevantcascostandard.Casco(ISO’scommitteeonconformity
assessment) has produced a number of standards related to the certication process. ISO/IEC TS 17021-3:2013
sets out the requirements for bodies providing audit and certication to QMS’s
• Checkthatthecerticationbodyisaccredited.Accreditationisnotcompulsory.Whilenon-accreditation
does not necessarily mean an organization is not reputable, being accredited does provide independent
conrmation of its competence.
WHAT IS ACCREDITATION?
Accreditation is the process in which certication of competency, authority, or credibility is displayed.
Organizations that issue credentials or certify third parties against ocial standards must be themselves formally
accredited by accreditation bodies usually known as "accredited certication bodies". e accreditation process
ensures that their certication practices are acceptable, thus they are competent to test and certify third parties,
behave ethically and employ suitable quality assurance.
29
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chapter 4
WHAT IS ISO 9001:2015
ISO 9001 is the global standard certication that enhances the consistency and quality of deliverables by organizations
spread across industries. It is one of the most sought aer standards worldwide. However, an enterprise has to
demonstrate high-level of commitment and consistency to achieve it in the rst attempt.
Since its inception in 1987 when the rst dra was published by the International Organization for Standardization
(ISO), several revisions have been made so far to make it relevant and contemporary. e latest revision is published
in September 2015. ISO is an international organization based in Geneva Switzerland with more than 160 member
countries.
WHAT IS NEEDED FOR ISO 9001:2015 CERTIFICATION
ISO 9001:2015 applies to a great variety of industries irrespective of geographic area, size, and type of business.
According to ISO Organization reports, more than a million industries have been accredited worldwide. e
HOW THE STANDARD IS STRUCTURED
Prof. Majdi A. Al-Mahasneh (JUST)
Jordan University of science and Technology,mmajdi@just.edu.jo
Prof. Ihab Ghabeish (BAU)
Balqa’a Applied University, balappuniv@yahoo.com
Eng. Safa'a Smadi (JFDA)
Jordan Food and Drug Administration, smadi.safa@gmail.com
Lina Tsakalou (CRE.THI.DEV.)
Creative Thinking Development, ltsakalou@gmail.com
Massouras Theolos
Agricultural University of Athens, theomas@aua.gr
Daratsanou Evangelia
Agricultural University of Athens,edaratsanou@gmail.com
Chapter Objectives
To present in a simple way the steps that a company has to apply, in order to study,
understand, implement and nally be certied to the ISO 9001:2015 Standard.
30
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
certication improves organization processes and procedures and improves eciency drastically.
ISO is a continuous improvement process. ISO certication can be done by an organization on a standalone basis,
but it is better if a competent consultant either legal entity or experienced professional is hired. ey can oer
consultancy, guidance and training to make the certication a smooth and manageable procedure.
HOW THE STANDARD IS STRUCTURED
• ISO 9001:2015 certication introduces a few changes and revisions compared to previous standard versions to
accommodate the changing business environment of the modern world.
Organizations operate in a quite dynamic business environment, where they are supposed to monitor and revise their
business strategies and tactics at regular intervals.
ISO 9001:2015 update takes care of it by including several terminologies, information restructuring, and importance
to risk-based thinking in order to make it further applicable and relevant nowadays.
• For ISO 9001:2015 upgrade, organizations should review the current approach. Business leaders are required to
engage with process owners and team members to understand the process change with respect to the proposed
version. ey should identify, manage, and control these modications as quickly as possible so that there is a
minimized impact.
Organizations that are already certied for ISO 9001 should upgrade to 2015 version because it widens the horizon
of applicability and relevance. As per ISO norms, a transition period of three years is given to ISO 9001:2008 certied
organizations. (e transition period will last until September 2018).
Organizations should apply the principles of quality management for enhancing the business in such a way that a
sustainable business improvement can be obtained. It is the biggest benet of ISO certication. ISO 9001:2015 is
benecial for small, medium and large organizations across industries, all over the world.
Figure 1: The general structure and organization of ISO 9001:2015.
31
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
ISO 9001:2015 CLAUSES
General
e adoption of a quality management system is a strategic decision for an organization that can help to improve its
overall performance and provide a sound basis for sustainable development initiatives.
e potential benets to an organization of implementing a quality management system based on this International
Standard are:
a) e ability to consistently provide products and services that meet customer and applicable statutory and
regulatory requirements.
B) Facilitating opportunities to enhance customer satisfaction.
C) Addressing risks and opportunities associated with its context and objectives.
D) e ability to demonstrate conformity to specied quality management system requirements.
ISO 9001:2015 can be used by internal and external parties.
It is not the intent of the Standard to imply the need for:
• Uniformity in the structure of dierent quality management systems.
• Alignment of documentation to the clause structure of this International Standard.
• e use of the specic terminology of this International Standard within the organization.
e quality management system requirements specied ISO 9001:2015 Standard are complementary to requirements
for products and services.
e Standard employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-
based thinking.
Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality
management system to deviate from the planned results, to put in place preventive controls to minimize negative
eects and to make maximum use of opportunities as they arise.
Consistently meeting requirements and addressing future needs and expectations poses a challenge for organizations
in an increasingly dynamic and complex environment. To achieve this objective, the organization might nd it
necessary to adopt various forms of improvement in addition to correction and continual improvement, such as
breakthrough change, innovation and re-organization.
In 9001:2015 Standard, the following verbal forms are used:
• “Shall” indicates a requirement.
• “Should” indicates a recommendation.
• “May” indicates a permission.
• “Can” indicates a possibility or a capability.
32
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement.
Clauses 1 - 3
Scope
ISO 9001:2015 Standard species requirements for a quality management system when an organization:
a) Needs to demonstrate its ability to consistently provide products and services that meet customer and applicable
statutory and regulatory requirements, and
b) Aims to enhance customer satisfaction through the eective application of the system, including processes for
improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory
requirements.
All the requirements of thE Standard are generic and are intended to be applicable to any organization, regardless of
its type or size, or the products and services it provides.
NOTE 1: e terms “product” or “service” only apply to products and services intended for, or required by, a
customer.
NOTE 2: Statutory and regulatory requirements can be expressed as legal requirements.
Normative References
e following documents, in whole or in part, are normatively referenced in this document and are indispensable for
its application. For dated references, only the edition cited applies. For undated references, the latest edition of the
referenced document (including any amendments) applies.
ISO 9000:2015, Quality management systems — Fundamentals and vocabulary.
Terms and denitions
For the purposes of this document, the terms and denitions given in ISO 9000:2015 apply.
Clause 4 Context of the organization
Understanding the organization and its context
e organization shall determine external and internal issues that are relevant to its purpose and its strategic direction
and that aect its ability to achieve the intended results of its quality management system.
e organization shall monitor and review information about these external and internal issues.
NOTE 1: Issues can include positive and negative factors or conditions for consideration.
NOTE 2: Understanding the external context can be facilitated by considering issues arising from legal, technological,
competitive, market, cultural, social and economic environments, whether international, national, regional or local.
NOTE 3: Understanding the internal context can be facilitated by considering issues related to values, culture,
knowledge and performance of the organization.
33
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Understanding the needs and expectations of interested parties
Due to their eect or potential eect on the organization’s ability to consistently provide products and services that
meet customer and applicable statutory and regulatory requirements, the organization shall determine:
a) e interested parties that are relevant to the quality management system;
b) e requirements of these interested parties that are relevant to the quality management system.
e organization shall monitor and review information about these interested parties and their relevant requirements.
Determining the scope of the quality management system
e organization shall determine the boundaries and applicability of the quality management system to establish its
scope.
When determining this scope, the organization shall consider:
A) e External And Internal Issues Referred To In 4.1.
B) e Requirements Of Relevant Interested Parties Referred To In 4.2.
C) e products and services of the organization.
e organization shall apply all the requirements of this International Standard if they are applicable within the
determined scope of its quality management system.
e scope of the organization’s quality management system shall be available and be maintained as documented
information. e scope shall state the types of products and services covered and provide justication for any
requirement of this International Standard that the organization determines is not applicable to the scope of its
quality management system.
Conformity to this International Standard may only be claimed if the requirements determined as not being
applicable do not aect the organization’s ability or responsibility to ensure the quality of its products and services
and the enhancement of customer satisfaction.
Quality management system and its processes
1. e organization shall establish, implement, maintain and continually improve a quality management system,
including the processes needed and their interactions, in accordance with the requirements of this International
Standard.
e organization shall determine the processes needed for the quality management system and their application
throughout the organization, and shall:
A) Determine the inputs required and the outputs expected from these processes.
B) Determine the sequence and interaction of these processes.
C) Determine and apply the criteria and methods (including monitoring, measurements and related performance
indicators) needed to ensure the eective operation and control of these processes.
D) Determine the resources needed for these processes and ensure their availability.
34
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
E) Assign the responsibilities and authorities for these processes.
F) Address the risks and opportunities as determined in accordance with the requirements of 6.1.
G) Evaluate these processes and implement any changes needed to ensure that these processes achieve their intended
results.
H) Improve the processes and the quality management system.
2 To the extent necessary, the organization shall:
a) Maintain documented information to support the operation of its processes.
b) Retain documented information to have condence that the processes are being carried out as planned.
Clause 5 Leadership
Leadership and commitment
General
Top management shall demonstrate leadership and commitment with respect to the quality management system by:
a) Taking accountability for the eectiveness of the quality management system.
b) Ensuring that the quality policy and quality objectives are established for the quality management system and
are compatible with the context and strategic direction of the organization.
c) Ensuring the integration of the quality management system requirements into the organization’s business
processes.
d) Promoting the use of the process approach and risk-based thinking.
e) Ensuring that the resources needed for the quality management system are available.
f) Communicating the importance of eective quality management and of conforming to the quality management
system requirements.
g) Ensuring that the quality management system achieves its intended results.
h) Engaging, directing and supporting persons to contribute to the eectiveness of the quality management system.
i) Promoting improvement.
j) Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of
responsibility.
NOTE: Reference to “business” in this International Standard can be interpreted broadly to mean those activities
that are core to the purposes of the organization’s existence, whether the organization is public, private, for prot
or not for prot.
Customer focus
Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:
35
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
a) Customer and applicable statutory and regulatory requirements are determined, understood and consistently met.
b) Risks and opportunities that can aect conformity of products and services and the ability to enhance customer
satisfaction are determined and addressed.
c) Focus on enhancing customer satisfaction is maintained.
Policy
Developing the quality policy
Top management shall establish, implement and maintain a quality policy that:
a) Is appropriate to the purpose and context of the organization and supports its strategic direction.
b) Provides a framework for setting quality objectives.
c) Includes a commitment to satisfy applicable requirements.
d) Includes a commitment to continual improvement of the quality management system.
Communicating the quality policy
e quality policy shall:
a) Be available and be maintained as documented information.
b) Be communicated, understood and applied within the organization.
c) Be available to relevant interested parties, as appropriate.
Organizational roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated
and understood within the organization.
Top management shall assign the responsibility and authority for:
a) Ensuring that the quality management system conforms to the requirements of this International Standard.
b) Ensuring that the processes are delivering their intended outputs.
c) Reporting on the performance of the quality management system and on opportunities for improvement, in
particular to top management.
d) Ensuring the promotion of customer focus throughout the organization.
e) Ensuring that the integrity of the quality management system is maintained when changes to the quality
management system are planned and implemented.
Clause 6 Planning
Actions to address risks and opportunities
When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and
the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
36
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
a) Give assurance that the quality management system can achieve its intended results.
b) Enhance desirable eects.
c) Prevent, or reduce, undesired eects.
d) Achieve improvement.
e organization shall plan:
a) Actions to address these risks and opportunities.
b) How to:
1) Integrate and implement the actions into its quality management system processes.
2) Evaluate the eectiveness of these actions.
Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity
of products and services.
NOTE 1: Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating
the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
NOTE 2: Opportunities can lead to the adoption of new practices, launching new products, opening new markets,
addressing new clients, building partnerships, using new technology and other desirable and viable possibilities to
address the organization’s or its customers’ needs.
Quality objectives and planning to achieve them
e organization shall establish quality objectives at relevant functions, levels and processes needed for the quality
management system.
e quality objectives shall:
a) Be consistent with the quality policy.
b) Be measurable.
c) Take into account applicable requirements.
d) Be relevant to conformity of products and services and to enhancement of customer satisfaction.
e) Be monitored.
f) Be communicated.
g) Be updated as appropriate.
e organization shall maintain documented information on the quality objectives
When planning how to achieve its quality objectives, the organization shall determine:
a) What will be done.
b) What resources will be required.
37
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
c) Who will be responsible.
d) When it will be completed.
e) How the results will be evaluated.
Planning of changes
When the organization determines the need for changes to the quality management system, the changes shall be
carried out in a planned manner.
e organization shall consider:
a) e purpose of the changes and their potential consequences.
b) e integrity of the quality management system.
c) e availability of resources.
d) e allocation or reallocation of responsibilities and authorities.
Clause 7 Support
Resources
General
e organization shall determine and provide the resources needed for the establishment, implementation,
maintenance and continual improvement of the quality management system.
e organization shall consider:
a) e capabilities of, and constraints on, existing internal resources.
b) What needs to be obtained from external providers.
People
e organization shall determine and provide the persons necessary for the eective implementation of its quality
management system and for the operation and control of its processes.
Infrastructure
e organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes
and to achieve conformity of products and services.
NOTE: Infrastructure can include:
a) Buildings and associated utilities.
b) Equipment, including hardware and soware.
c) Transportation resources.
d) Information and communication technology.
38
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Environment for the operation of processes
e organization shall determine, provide and maintain the environment necessary for the operation of its processes
and to achieve conformity of products and services.
NOTE: A suitable environment can be a combination of human and physical factors, such as:
a) Social (e.g. Non-discriminatory, Calm).
b) Psychological (e.g. Stress-Reducing, Burnout Prevention, Emotionally Protective).
c) Physical (e.g. Temperature, Heat, Humidity, Light, Airow, Hygiene, Noise).
ese factors can dier substantially depending on the products and services provided.
Monitoring and Measuring Resources
General
e organization shall determine and provide the resources needed to ensure valid and reliable results.
when monitoring or measuring is used to verify the conformity of products and services to requirements.
e organization shall ensure that the resources provided:
a) Are suitable for the specic type of monitoring and measurement activities being undertaken.
b) Are maintained to ensure their continuing tness for their purpose.
e organization shall retain appropriate documented information as evidence of tness for purpose of the
monitoring and measurement resources.
Measurement Traceability
When measurement traceability is a requirement, or is considered by the organization to be an essential part of
providing condence in the validity of measurement results, measuring equipment shall be:
a) Calibrated or veried, or both, at specied intervals, or prior to use, against measurement standards traceable to
international or national measurement standards when no such standards exist, the basis used for calibration or
verication shall be retained as documented information.
b) Identied in order to determine their status.
c) Safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and
subsequent measurement results.
e organization shall determine if the validity of previous measurement results has been adversely aected when
measuring equipment is found to be unt for its intended purpose, and shall take appropriate action as necessary
Organizational Knowledge
e organization shall determine the knowledge necessary for the operation of its processes and to achieve
conformity of products and services.
is knowledge shall be maintained and be made available to the extent necessary.
39
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
When addressing changing needs and trends, the organization shall consider its current knowledge and determine
how to acquire or access any necessary additional knowledge and required updates.
NOTE 1: Organizational knowledge is knowledge specic to the organization; it is gained by experience. It is
information that is used and shared to achieve the organization’s objectives.
NOTE 2: Organizational knowledge can be based on:
a) Internal sources (e.g. intellectual property; knowledge gained from experience, lessons learned from failures and
successful projects, capturing and sharing undocumented knowledge and experience the results of improvements
in processes, products and services).
b) External sources (e.g. Standards, Academia, Conferences, Gathering knowledge from customers or external
providers).
Competence
e organization shall:
a) Determine the necessary competence of persons doing work under its control that aects the performance and
eectiveness of the quality management system.
b) Ensure that these persons are competent on the basis of appropriate education, training, or experience.
c) Where applicable, take actions to acquire the necessary competence, and evaluate the eectiveness of the actions
taken.
d) Retain appropriate documented information as evidence of competence.
NOTE: Applicable actions can include, for example, the provision of training to, the mentoring of, or the
reassignment of currently employed persons, or the hiring or contracting of competent persons.
Awareness
e organization shall ensure that persons doing work under the organization’s control are aware of:
a) e quality policy.
b) Relevant quality objectives.
c) eir contribution to the eectiveness of the quality management system, including the benets of improved
performance.
d) e implications of not conforming with the quality management system requirements.
Communication
e organization shall determine the internal and external communications relevant to the quality management
system, including:
a) On what it will communicate.
b) When to communicate.
40
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
c) With whom to communicate.
d) How to communicate.
e) Who communicates.
Documented information
General
e organization’s quality management system shall include:
a) Documented information required by ISO 9001:2015.
b) Documented information determined by the organization as being necessary for the eectiveness of the quality
management system.
NOTE e extent of documented information for a quality management system can dier from one organization
to another due to:
• e size of organization and its type of activities, processes, products and services.
• e complexity of processes and their interactions.
• e competence of persons.
Creating and updating
When creating and updating documented information, the organization shall ensure appropriate:
a) Identication and description (e.g. a Title, Date, Author, or Reference Number).
b) Format (e.g. Language, Soware Version, Graphics) and media (e.g. Paper, Electronic).
c) Review and approval for suitability and adequacy.
Control of documented information
• Documented information required by the quality management system and by this International Standard shall
be controlled to ensure:
a) It is available and suitable for use, where and when it is needed.
b) It is adequately protected (e.g. From Loss of Condentiality, Improper Use, or Loss of Integrity).
• For the control of documented information, the organization shall address the following activities, as applicable:
a) Distribution, access, retrieval and use.
b) Storage and preservation, including preservation of legibility.
c) Control of changes (e.g. Version Control).
d) Retention and disposition.
Documented information of external origin determined by the organization to be necessary for the planning and
operation of the quality management system shall be identied as appropriate, and be controlled.
41
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Documented information retained as evidence of conformity shall be protected from unintended alterations.
NOTE: Access can imply a decision regarding the permission to view the documented information only, or the
permission and authority to view and change the documented information.
Clause 8 operation
Operational planning and control
e organization shall plan, implement and control the processes (see 4.4) needed to meet the requirements for the
provision of products and services, and to implement the actions determined in Clause 6, by:
a) Determining the requirements for the products and services.
b) Establishing criteria for:
1) e processes.
2) e acceptance of products and services.
c) Determining the resources needed to achieve conformity to the product and service requirements.
d) Implementing control of the processes in accordance with the criteria.
e) Determining and keeping documented information to the extent necessary:
1) To have condence that the processes have been carried out as planned.
2) To demonstrate the conformity of products and services to their requirements.
NOTE “Keeping” implies both the maintaining and the retaining of documented information.
e output of this planning shall be suitable for the organization’s operations.
e organization shall control planned changes and review the consequences of unintended changes, taking action
to mitigate any adverse eects, as necessary.
e organization shall ensure that outsourced processes are controlled (see 8.4).
Requirements for products and services
Customer communication
Communication with customers shall include:
a) Providing information relating to products and services.
b) Handling enquiries, contracts or orders, including changes.
c) Obtaining customer feedback relating to products and services, including customer complaints.
d) Handling or controlling customer property.
e) Establishing specic requirements for contingency actions, when relevant.
42
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Determining the requirements related to products and services
When determining the requirements for the products and services to be oered to customers, the organization shall
ensure that:
a) e requirements for the products and services are dened, including:
1) Any applicable statutory and regulatory requirements.
2) ose considered necessary by the organization.
b) e organization can meet the claims for the products and services it oers.
Review of requirements related to products and services
e organization shall ensure that it has the ability to meet therequirements for products and services to be oered
to customers. e organization shall conduct a review before committing to supply products and services to a
customer, to include:
a) Requirements specied by the customer, including the requirements for delivery and postdelivery activities.
b) Requirements not stated by the customer, but necessary for the specied or intended use, when known.
c) Requirements specied by the organization.
d) Statutory and regulatory requirements applicable to the products and services.
e) contract or order requirements diering from those previously expressed.
e organization shall ensure that contract or order requirements diering from those previously dened are
resolved.
e customer’s requirements shall be conrmed by the organization before acceptance, when the customer does not
provide a documented statement of their requirements.
NOTE In some situations, such as internet sales, a formal review is impractical for each order. Instead, the review
can cover relevant product information, such as catalogues or advertising material.
e organization shall retain documented information, as applicable:
a) On the results of the review.
b) On any new requirements for the products and services.
Changes to requirements for products and services
e organization shall ensure that relevant documented information is amended, and that relevant persons are
made aware of the changed requirements, when the requirements for products and services are changed.
Design and development of products and services
General
e organization shall establish, implement and maintain a design and development process that is appropriate to
ensure the subsequent provision of products and services.
43
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Design and development planning
In determining the stages and controls for design and development, the organization shall consider:
a) e nature, duration and complexity of the design and development activities.
b) e required process stages, including applicable design and development reviews.
c) e required design and development verication and validation activities.
d) e responsibilities and authorities involved in the design and development process.
e) e internal and external resource needs for the design and development of products and services.
f) e need to control interfaces between persons involved in the design and development process.
g) e need for involvement of customers and users in the design and development process.
h) e requirements for subsequent provision of products and services.
i) e level of control expected for the design and development process by customers and other relevant interested
parties.
j) e documented information needed to demonstrate that design and development requirements have been met.
Design and development inputs
e organization shall determine the requirements essential for the specic types of products and services to be
designed and developed. e organization shall consider:
a) Functional and performance requirements
b) Information derived from previous similar design and development activities.
c) Statutory and regulatory requirements.
d) Standards or codes of practice that the organization has committed to implement.
e) Potential consequences of failure due to the nature of the products and services.
Inputs shall be adequate for design and development purposes, complete and unambiguous.
Conicting design and development inputs shall be resolved.
e organization shall retain documented information on design and development inputs.
Design and development controls
e organization shall apply controls to the design and development process to ensure that:
a) e results to be achieved are dened.
b) Reviews are conducted to evaluate the ability of the results of design and development to meet requirements.
c) Verication activities are conducted to ensure that the design and development outputs meet the input
requirements.
44
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
d) Validation activities are conducted to ensure that the resulting products and services meet the requirements for
the specied application or intended use.
e) Any necessary actions are taken on problems determined during the reviews, or verication and validation
activities.
f) Documented information of these activities is retained.
NOTE Design and development reviews, verication and validation have distinct purposes. ey can be conducted
separately or in any combination, as is suitable for the products and services of the organization.
Design and development outputs
e organization shall ensure that design and development outputs:
a) Meet the input requirements.
b) Are adequate for the subsequent processes for the provision of products and services.
c) Include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria.
d) Specify the characteristics of the products and services that are essential for their intended purpose and their safe
and proper provision.
e organization shall retain documented information on design and development outputs.
Design and development changes
e organization shall identify, review and control changes made during, or subsequent to, the design and
development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity
to requirements.
e organization shall retain documented information on:
a) Design and development changes.
b) e results of reviews.
c) e authorization of the changes.
d) e actions taken to prevent adverse impacts.
Control of Externally Provided Processes, Products and Services
General
e organization shall ensure that externally provided processes, products and services conform to requirements.
e organization shall determine the controls to be applied to externally provided processes, products and services
when:
a) Products and services from external providers are intended for incorporation into the organization’s own
products and services.
b) Products and services are provided directly to the customers by external providers on behalf of the organization.
45
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
c) A process, or part of a process, is provided by an external provider as a result of a decision by the organization.
e organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-
evaluation of external providers, based on their ability to provide processes or products and services in accordance
with requirements. e organization shall retain documented information of these activities and any necessary
actions arising from the evaluations.
Type and extent of control
e organization shall ensure that externally provided processes, products and services do not adversely aect the
organization’s ability to consistently deliver conforming products and services to its customers.
e organization shall:
a) Ensure that externally provided processes remain within the control of its quality management system.
b) Dene both the controls that it intends to apply to an external provider and those it intends to apply to the
resulting output.
c) Take into consideration:
1) e potential impact of the externally provided processes, products and services on the organization’s ability
to consistently meet customer and applicable statutory and regulatory requirements.
2) e eectiveness of the controls applied by the external provider.
d) Determine the verication, or other activities, necessary to ensure that the externally provided processes,
products and services meet requirements.
Information for external providers
e organization shall ensure the adequacy of requirements prior to their communication to the external provider.
e organization shall communicate to external providers its requirements for:
a) e processes, products and services to be provided.
b) e approval of.
1) Products and services.
2) Methods, processes and equipment.
3) e release of products and services.
c) Competence, including any required qualication of persons.
d) e external providers’ interactions with the organization.
e) Control and monitoring of the external providers’ performance to be applied by the organization.
f) Verication or validation activities that the organization, or its customer, intends to perform at the external
providers’ premises.
46
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Production and service provision
Control of production and service provision
e organization shall implement production and service provision under controlled conditions.
Controlled conditions shall include, as applicable:
a) e availability of documented information that denes:
1) e characteristics of the products to be produced, the services to be provided, or the activities to be performed.
2) e results to be achieved.
b) e availability and use of suitable monitoring and measuring resources.
c) e implementation of monitoring and measurement activities at appropriate stages to verify that criteria for
control of processes or outputs, and acceptance criteria for products and services, have been met.
d) e use of suitable infrastructure and environment for the operation of processes.
e) e appointment of competent persons, including any required qualication.
f) e validation, and periodic revalidation, of the ability to achieve planned results of the processes for production
and service provision, where the resulting output cannot be veried by subsequent monitoring or measurement.
g) e implementation of actions to prevent human error.
h) e implementation of release, delivery and post-delivery activities.
Identication and traceability
e organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of
products and services.
e organization shall identify the status of outputs with respect to monitoring and measurement requirements
throughout production and service provision.
e organization shall control the unique identication of the outputs when traceability is a requirement, and shall
retain the documented information necessary to enable traceability.
Property belonging to customers or external providers
e organization shall exercise care with property belonging to customers or external providers while it is under the
organization’s control or being used by the organization.
e organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for
use or incorporation into the products and services.
When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use,
the organization shall report this to the customer or external provider and retain documented information on what
has occurred.
NOTE: A customer’s or external provider’s property can include material, components, tools and equipment,
premises, intellectual property and personal data.
47
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
4 Preservation
e organization shall preserve the outputs during production and service provision, to the extent necessary to
ensure conformity to requirements.
NOTE: Preservation can include identication, handling, contamination control, packaging, storage, transmission
or transportation, and protection.
Post-delivery activities
e organization shall meet requirements for post-delivery activities associated with the products and services.
In determining the extent of post-delivery activities that are required, the organization shall consider:
a) Statutory and regulatory requirements.
b) Potential undesired consequences associated with its products and services.
c) Nature, use and intended lifetime of its products and services.
d) Customer requirements.
e) Customer feedback.
NOTE: Post-delivery activities can include actions under warranty provisions, contractual obligations such as
maintenance services, and supplementary services such as recycling or nal disposal.
Control of changes
e organization shall review and control changes for production or service provision, to the extent necessary to
ensure continuing conformity with requirements.
e organization shall retain documented information describing the results of the review of changes, the person(s)
authorizing the change, and any necessary actions arising from the review.
Release of products and services
e organization shall implement planned arrangements, at appropriate stages, to verify that the product and service
requirements have been met.
e release of products and services to the customer shall not proceed until the planned arrangements have been
satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.
e organization shall retain documented information on the release of products and services. e documented
information shall include:
a) Evidence of conformity with the acceptance criteria.
b) Traceability to the person(s) authorizing the release.
Control of nonconforming outputs
e organization shall ensure that outputs that do not conform to their requirements are identied and controlled
to prevent their unintended use or delivery.
48
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
e organization shall take appropriate action based on the nature of the nonconformity and its eect on the
conformity of products and services. is shall also apply to nonconforming products and services detected aer
delivery of products, during or aer the provision of services.
e organization shall deal with nonconforming outputs in one or more of the following ways:
a) Correction.
b) Segregation, containment, return or suspension of provision of products and services.
c) Informing the customer.
d) Obtaining authorization for acceptance under concession.
Conformity to the requirements shall be veried when nonconforming outputs are corrected
e organization shall retain documented information that:
a) Describes the nonconformity.
b) Describes the actions taken.
c) Describes any concessions obtained.
d) Identies the authority deciding the action in respect of the nonconformity.
Clause 9 Performance evaluation
Monitoring, measurement, analysis and evaluation
General
e organization shall determine:
a) What needs to be monitored and measured.
b) e methods for monitoring, measurement, analysis and evaluation needed to ensure valid results.
c) When the monitoring and measuring shall be performed.
d) When the results from monitoring and measurement shall be analysed and evaluated.
e organization shall evaluate the performance and the eectiveness of the quality management system.
e organization shall retain appropriate documented information as evidence of the results.
Customer satisfaction
e organization shall monitor customers’ perceptions of the degree to which their needs and expectations have been
fullled. e organization shall determine the methods for obtaining, monitoring and reviewing this information.
NOTE: Examples of monitoring customer perceptions can include customer surveys, customer feedback on
delivered products and services, meetings with customers, market-share analysis, compliments, warranty claims
and dealer reports.
49
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Analysis and evaluation
e organization shall analyse and evaluate appropriate data and information arising from monitoring and
measurement.
e results of analysis shall be used to evaluate:
a) Conformity of products and services.
b) e degree of customer satisfaction.
c) e performance and eectiveness of the quality management system.
d) If planning has been implemented eectively.
e) e eectiveness of actions taken to address risks and opportunities.
f) e performance of external providers.
g) e need for improvements to the quality management system.
NOTE Methods to analyse data can include statistical techniques.
Internal audit
e organization shall conduct internal audits at planned intervals to provide information on whether the quality
management system:
a) Conforms to:
1) e organization’s own requirements for its quality management system.
2) e requirements of this International Standard.
b) Is eectively implemented and maintained.
e organization shall:
a) Plan, Establish, implement and maintain an audit programme(s) including the frequency, methods,
responsibilities, planning requirements and reporting, which shall take into consideration the importance of the
processes concerned, changes aecting the organization, and the results of previous audits.
b) Dene the audit criteria and scope for each audit.
c) Select auditors and conduct audits to ensure objectivity and the impartiality of the audit process.
d) Ensure that the results of the audits are reported to relevant management.
e) Take appropriate correction and corrective actions without undue delay.
f) Retain documented information as evidence of the implementation of the audit programme and the audit
results.
50
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Management review
General
Top management shall review the organization’s quality management system, at planned intervals, to ensure its
continuing suitability, adequacy, eectiveness and alignment with the strategic direction of the organization.
Management review inputs
e management review shall be planned and carried out taking into consideration:
a) e status of actions from previous management reviews.
b) Changes in external and internal issues that are relevant to the quality management system.
c) Information on the performance and eectiveness of the quality management system, including trends in:
1) Customer satisfaction and feedback from relevant interested parties.
2) e extent to which quality objectives have been met.
3) Process performance and conformity of products and services.
4) Nonconformities and corrective actions.
5) Monitoring and measurement results.
6) Audit results.
7) e performance of external providers.
d) e adequacy of resources.
e) e eectiveness of actions taken to address risks and opportunities (see 6.1).
f) Opportunities for improvement.
Management review outputs
e outputs of the management review shall include decisions and actions related to:
a) Opportunities for improvement.
b) Any need for changes to the quality management system.
c) Resource needs.
e organization shall retain documented information as evidence of the results of management reviews
Clause 10 Improvement
General
e organization shall determine and select opportunities for improvement and implement any necessary actions to
meet customer requirements and enhance customer satisfaction.
51
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
ese shall include:
a) Improving products and services to meet requirements as well as to address future needs and expectations.
b) Correcting, preventing or reducing undesired eects.
c) Improving the performance and eectiveness of the quality management system.
NOTE: Examples of improvement can include correction, corrective action, continual improvement, breakthrough
change, innovation and re-organization.
Nonconformity and corrective action
When a nonconformity occurs, including any arising from complaints, the organization shall:
a) React to the nonconformity and, as applicable:
1) Take action to control and correct it.
2) Deal with the consequences0
b) Evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or
occur elsewhere, by:
1) Reviewing and analysing the nonconformity.
2) Determining the causes of the nonconformity.
3) Determining if similar nonconformities exist, or could potentially occur.
c) Implement any action needed.
d) Review the eectiveness of any corrective action taken.
e) Update risks and opportunities determined during planning, if necessary.
f) Make changes to the quality management system, if necessary.
Corrective actions shall be appropriate to the eects of the nonconformities encountered.
2 e organization shall retain documented information as evidence of:
a) the nature of the nonconformities and any subsequent actions taken.
b) the results of any corrective action.
Continual Improvement
e organization shall continually improve the suitability, adequacy and eectiveness of the quality management
system.
e organization shall consider the results of analysis and evaluation, and the outputs from management review, to
determine if there are needs or opportunities that shall be addressed as part of continual improvement.
Structure and terminology
e clause structure (and some of the terminology of the ISO 9001:2015 edition, in comparISOn with the previous
52
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
edition (ISO 9001:2008), have been changed so as to improve alignment with other management systems standards.
ere is no requirement in the ISO 9001:2015 for its structure and terminology to be applied to the documented
information of an organization’s quality management system.
e structure of clauses is intended to provide a coherent presentation of requirements, rather than a model
for documenting an organization’s policies, objectives and processes. e structure and content of documented
information related to a quality management system can oen be more relevant to its users if it relates to both the
processes operated by the organization and information maintained for other purposes.
ere is no requirement for the terms used by an organization to be replaced by the terms used in ISO 9001:2015 to
specify quality management system requirements. Organizations can choose to use terms which suit their operations
(e.g. using “records”, “documentation” or “protocols” rather than “documented information”; or “supplier”,
“partner” or “vendor” rather than “external provider”).
53
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chapter 5
MAJOR DIFFERENCES BETWEEN
ISO 9001:2008 & ISO 9001:2015
Massouras Theolos
Agricultural University of Athens, theomas@aua.gr
Daratsanou Evangelia
Agricultural University of Athens,edaratsanou@gmail.com
Chapter Objectives
To present the main differences between ISO 9001:2008 and ISO 9001:2015
To comment on the considerable differences between ISO 9001:2008 and
ISO 9001:2015
To underline the focus of ISO 9001:2015
To indicate the different terminology of ISO 9001:2015
WHAT ARE THE MAIN DIFFERENCES BETWEEN
ISO 9001:2008 AND ISO 9001:2015
ISO 9001:2015 Has Ten Clauses Instead of Eight
ISO 9001:2015 has ten clauses instead of eight. e following table shows the relationship of the ISO
9001:2008 clauses to those in the new version.
54
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
ISO 9001:2008 ISO 9001:2015
0. Introduction 0. Introduction
1. Scope 1. Scope
2. Normative reference 2. Normative reference
3. Terms and denitions 3. Terms and denitions
4. Quality management system 4. Context of the organisation
5. Management responsibility 5. Leadership
6. Planning
6. Resource management 7. Support
7. Product realisation 8. Operation
8. Measurement, analysis and improvement 9. Performance evaluation
10. Improvement
Table 2: Clauses revisions.
Basically, the rst three clauses in ISO 9001:2015 are the same as those in ISO 9001:2008, but there are considerable
dierences between ISO 9001:2008 and ISO 9001:2015 from the fourth clause and beyond. e last seven clauses are
now arranged according to the PDCA cycle.
Clauses 4, 5, 6 and 7 of ISO 9001:2015 come under PLAN, clause 8 comes under DO, clause 9 comes under CHECK
and clause 10 is covered by ACT.
You can see Figure 3: PDCA Cycle in correlation to ISO 9001 CLAUSES
e reason for correlating the seven clauses with the PDCA cycle, is because ISO 9001:2015 strives to give additional
momentum to the continuous and systematic improvement of processes within organizations.
ISO 9001:2015 Has a High Level Structure (HLS)
As a result of the new arrangement in ten clauses, ISO 9001:2015 now has the same unambiguous structure as all
standardised management systems, known as a ‘High Level Structure’ (HLS).
e core elements of ISO 9001, ISO 14001, ISO 22000, OHSAS 18001, etc. are therefore all the same from now
on. is has made the integration of various management systems much simpler. If, for example, an organization
wishes to implement ISO 14001 in addition to ISO 9001, the parts that cover the same topic can easily be seen in the
standards.
ISO 9001:2015 Puts more focus on Input and Output
there is more emphasis in ISO 9001:2015 on measuring and properly assessing the input and output of processes.
According to ISO 9001:2015, the organization must closely monitor which articles, information and specications
are involved in the production process.
Risk-based thinking is at the core of ISO 9001:2015
Risk-based thinking has a very important place in ISO 9001:2015. Organizations are now strongly encouraged to use
risk analysis in order to decide which challenges they identify in the management of the business processes.
Formal risk analysis, familiar to many organizations via HACCP techniques, is now standard for everyone. To
emphasize their dominance, the concept of ’risk’ occurs forty-eight times in ISO 9001:2015, compared with only
three times in ISO 9001:2008.
55
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
e addition of risk-based thinking has made the ‘preventive measures’ of ISO 9001:2008 redundant. ese preventive
measures no longer appear in ISO 9001:2015.
Context of the organisation is considered important in ISO 9001:2015
ISO 9001:2015 requires an organization to construct its quality management system from now on from the specic
context within which it is active. is means, among other things, that, as an organization, you have to take into
account the needs and expectations of interested parties and that you evaluate and deal with internal and external
strategic questions. A clear understanding of the expectations of all the parties concerned, must be displayed.
ISO 9001:2015 and the engagement of interested parties
in ISO 9001:2008, customers were oen named as being the only interested party. is concept has been extended in
ISO 9001:2015, therefore suppliers, personnel, shareholders, legislative bodies, society, internal customers, and so on
are now included as interested parties, in addition to customers.
ese interested parties’ (changing) requirements and standards, should be taken into account and anticipate them
in the features of the organizations’ products and services.
Leadership and commitment in ISO 9001:2015
ISO 9001:2015 also places more emphasis on leadership and management commitment. It requires greater
involvement by top managers and business leaders in controlling the quality management system.
is way, ISO 9001:2015 is intended to encourage integration and harmonization with business processes and
business strategies. e top management now has to take more responsibility for the eectiveness of the quality
management system.
Because ISO 9001:2015 pays more attention to risk management, interested parties and the context of the organization,
the quality management system also ts in better with the needs of the top management.
e quality management system is now more than ever a mean for being strategically successful by addressing the
needs of interested parties and by managing opportunities and threats.
e ‘management representative’ of ISO 9001:2008 was a member of the management committee who had the
responsibility and authority for steering the quality management system along the right lines, no longer exists. e
idea behind the change is that quality is a matter for everyone and for all levels within the organization.
Documented Information
ISO 9001:2015 no longer requires obligatory documented procedures or a quality manual. Instead, there is now the
term ‘documented information’ in practically all clauses of ISO 9001:2015.
e information can be in any format and come from various sources and media. Diverse forms of evidence or
documentation are therefore possible.
ere is no longer any mention of ‘records’ neither, but of ‘retaining documented information’.
Dierent Terminology in ISO 9001:2008 and ISO 9001:2015
e following table is a brief summary of a number of important changes to the terminology compared with ISO
9001:2008.
56
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
ISO 9001:2008 ISO 9001:2015
Products Products and services
Documentation, quality manual, documented procedures,
records, instructions Documented information
Work environment Environment for the operation of processes
Monitoring and measuring equipment Monitoring and measuring resources
Purchased product Externally provided products and services
Supplier External provider
Table 3. Terminology Revisions.
is is an indicative list of the dierences between ISO 9001:2008 and ISO 9001:2015, comparing the basic dierences.
TRANSITION FROM ISO 9001:2008 TO ISO 9001:2015
In case a company is already ISO 9001 certied, the following steps are recommended in order to comply with ISO
9001:2015 (deadline September 2018):
Familiarize yourself with the new document
While some things have indeed changed, many remain the same.
Baseline measurement
Undertake a baseline measurement within the organization. Make a complete overview of the current status of the
existing quality management system and the organization’s operation of business. en, identify any organizational
gaps which need to be addressed to meet the new requirements.
Plan of approach
Draw up a plan based on the baseline measurement. In correlation to the specic plan, the company can take the time
to make any adjustments needed and to implement improvements step by step.
Implementation
Implement the adjustments in accordance with the plan of approach. It is crucial to incorporate measurement points
and milestones.
Training
Provide appropriate training and awareness for all parties that have an impact on the eectiveness of the organization.
Auditing and process analysis
Measure whether the changes have had the desired eect. Measure the input and output of the processes you consider
to be important because they are critical or risky, for example.
Certication
Communicate with your certication body about transitioning to the new version.
Communication with interested parties
Show your interested parties not just the certicate, but also show them the results with pride. Let them see how well
your organization manages its processes and continuously improves them.
57
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chapter 6
THE IMPACT OF ISO 9001:2015 ON ISO 22000 AND
FOOD SAFETY MANAGEMENT SYSTEMS
Eng. Safa'a Smadi (JFDA)
Jordan Food and Drug Administration, smadi.safa@gmail.com
Chapter Objectives
To present how ISO 9001 Management System is the basis on which ISO 22000
is structured and the relevant implications on the latter.
Introduction
Quality Management System (QMS) ISO standards have been created for all major sectors of
manufacturing to answer an important need: A systematic application to improve and control the
quality and the safety of consumer products. However the food and beverage industry has its own
toolkit for quality (e.g., Safe Quality Foods Program, or SQF, and Global Food Safety Initiative( GFSI)
and hazard analysis critical control points approach (HACCP). It even has its own standard (ISO
22000). However, the industry must embrace and apply the new concepts embodied in the ISO
9001:2015 revision to meet the challenges of ensuring quality in the 21st century, where the use
of integrated and sophisticated systems of software and engineering technology applications have
become the norm for achieving quality and consumer safety.
DEFINITION OF ISO 22000
ISO 22000 food safety management system; address what an organization needs to demonstrate
its ability to control food safety hazards in order to ensure that food is safe at the time of human
consumption and it can be used by any organization regardless of its size or position in the food
58
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
chain (ISO, 2017).
IMPACT OF ISO 9001: 2015 ON ISO 22000
High level structure
the latest revision of ISO 9001 (ISO 9001:2015) follows the same overall structure as other ISO management systems
(known as High-Level Structure), which makes it easier for anyone using multiple systems (e.g., ISO 9001 and ISO
22000), these changes have led to the decision by ISO to review ISO 22000:2005, to bring ISO 22000 in line with new
ISO “high level structure” for management system standard.
Risk-based thinking
e concept of risk has always been implicit in ISO 9001 Standard and the 2015 revision makes it more explicit,
building it into the whole management system:
• Risk-based thinking is already part of the process approach (4.4 Quality management system and its processes)
• Risk-based thinking makes preventive action part of the company’s routine (6.1 Actions to address risks and
opportunities)
ISO 22000 doesn’t dictate any particular method of risk assessment or risk management, apart from addressing this
concept on the already mentioned two levels, organizational and operational levels. However, the standard requires
you to describe and retain as documented information the methodology used when conducting a risk assessment.
The PDCA cycle
e recently updated ISO 22000 requires that in addition to the organizational Plan-Do-Check-Act (PDCA) cycle,
also known by the Deming Cycle wheel or Shewhart cycle, and following the high level structure, another PDCA
cycle must coexist covering the operational processes within the food safety system. Your system includes two PDCA
cycles at operational and organizational levels, and communication between them is established and maintained at
all times.
Documentation
ISO 9001:2015 requires information to be maintained or retained, and no requirements for documented information.
However, it is expected that due to the nature of Food Safety Management Systems some documented procedures
could be required by future ISO 22000. ISO 9001:2015 does not require any longer a Quality Management Manual,
which is in line with ISO 22000:2005 that doesn´t include a requirement for a food safety manual.
Terminology
ISO 9001:2015 also places more emphasis on leadership and management commitment. It requires greater
involvement by top managers and business leaders at dierent level in controlling the quality management system.
59
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Chapter 7
Chapter Objectives
To present statistical data regarding the implementation of ISO 9001 Standard
within Europe per sector for a period of time
To present a short overview of the implementation of the ISO Standard in the
food sector
STATISTICAL DATA FOR ISO 9001
ISO 9001 Standard is used successfully all over the world, by all types and size companies. In 2013
alone, over one million certicates to the standard were issued across 187 countries, and many other
companies and organizations have used the standard without seeking certication.
Success with ISO 9001 can take many forms: for some enterprises, it is all about attracting and
maintaining new clients, while others see it as the blueprint for internal improvement and eciency.
CASE STUDIES: EUROPEAN FOOD COMPANIES
THAT HAVE IMPLEMENTED ISO 9001 QUALITY
SYSTEMS
Massouras Theolos
Agricultural University of Athens, theomas@aua.gr
Daratsanou Evangelia
Agricultural University of Athens,edaratsanou@gmail.com
Lina Tsakalou (CRE.THI.DEV.)
Creative Thinking Development, ltsakalou@gmail.com
60
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
According to the International Organization for Standardization, the Top 10 countries for ISO 9001 certicates in
all sectors, for the year 2015 are as seen below. For Europe, Italy, Germany and the U.K. are the top countries with
132.870, 52.995 and 40.161 Certicates respectively.
Furthermore, for the same year (2015) the Industrial Sector “Food Products, Beverages and Tobacco” is among
the top 10 sector as for awarded Certicates for ISO 9001, while for 2016 there has been an increase of 18.3%, since
31.469 were awarded.
61
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
e industrial sectors per country regarding the ISO 9001:2008 & ISO 9001:2015 can be observed in the following
table. (Highlighted the participating countries as well as Jordan).
According to the ISO Survey of Management System Standard Certications 2015, A total of 1,036,321 ISO 9001
certicates were issued (including 4190 issued to the 2015 version published in September 2015) a slight decrease of
0.2% on previous year (2014).
62
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
For 2016, a total of 1,106,356 valid certicates were reported for ISO 9001 (including 80,596 issued to the 2015
version) an increase of 7% for 2015.
e number of Certicates and Sites covered by ISO 9001:2008 and ISO 9001:2015 implemented by European
Countries, in total can be seen in the table below:
A SHORT OVERVIEW OF THE IMPLEMENTATION OF THE
ISO STANDARD IN THE FOOD SECTOR
As already mentioned, ISO 9001 is widely adopted by many manufacturing companies, including food manufacturing
companies.
is is an expected outcome, because of the level of awareness of most consumers in terms of food product quality
and safety that has enabled them to apply quality management systems. According to a survey conducted by ISO, in
2016, there were 31, 469 companies engaged in the eld of food, beverage, and tobacco products, Certied with ISO
9001.
erefore, the results of a survey conducted by Kafetzopoulos, D., Gotzamani, K., Psomas using quantitative data
collection that were measured on a seven-point modied Likert scale, ndings, showed a positive and signicant
relationship between the combined eective implementation of ISO 9001 - and ISO 22000 standards- and competitive
performance of certied food companies.
63
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Bibliography
1. Albert Weckenmann, Goekhan Akkasoglu, Teresa Werner (2015). "Quality management history and trends",
The Total Quality Management Journal 27: 281-293.
2. https://doi.org/10.1108/TQM-11-2013-0125 Permanent link to this document: https://doi.org/10.1108/TQM-11-
2013-0125
3. American Society for Quality. Plan–Do–Check–Act Cycle. http://www.asq.org/learn-about-quality/project-planning-
tools/overview/pdca-cycle.html
4. asq.org/learn-about-quality/ISO-9000/overview/quality-management-principles.html
5. Croft, Nigel H (2014). Understanding, Knowledge, and Awareness of ISO 9001:2015. Available at:
6. Hampton, Debra M Hay, A Step Forward (2014). Quality Progress Milwaukee 38-43.
7. Jay P. Patel (2016). Seven principles of Quality Management in ISO 9001:2015. Quality & Productivity Solutions
Inc., 2016.Available: http://qpsinc.com/Documents/Article%207%20principles%20of%20ISO%2090012015.pdf
8. John P. Wilson, Larry Campbell, (2016) "Developing a knowledge management policy for ISO 9001: 2015". Journal
of Knowledge Management 20: 829-844.
9. International Organization for Standardization, ISO.org, 2015
10. ISO 9001:2015 standard. Available at: http://www.ISO-9001-2015.com/ISO-9001-2015-requirements.html.
11. ISO. The ISO Survey of Management System Standard Certications – 2015. Geneva: ISO.
12. ISO 9001:2015, “HOW TO USE IT”, ISO.org
13. ISO 9001:2015 Explained: The Process Approach - Blog - Qualsys quality.eqms.co.uk/blog/what-is-a-process-
approach
14. Kafetzopoulos, D., Gotzamani, K. and Gkana, V. (2015). “Relationship between quality management, innovation
and competitiveness. Evidence from Greek companies”, Journal of Manufacturing Technology Management 26:
1177-1200.
15. Kafetzopoulos D, Gotzamani K, Psomas E (2013). “Quality systems and competitive performance of food
companies”. Benchmarking: An International Journal 20: 463-483.
16. Konstantinos V. Kotsanopoulos, Ioannis S. Arvanitoyannis (2017). The Role of Auditing, Food Safety, and Food
Quality Standards in the Food Industry: A Review, Comprehensive Reviews in Food Science & Food Safety 760-775.
17. Mindtools.com.Plan-Do-Check-Act (PDCA). http://www.mindtools.com/CXCtour/PDCA.php
18. National Security Inspectorate, NSI (2016). A step by step guide on how to interpret each clause, Annex A to
9001:2015, Guidance document for approved companies 23-33, Sentinel House, 5 Reform Road Maidenhead SL6
8BY Available at: http://www.nsi.org.uk/wp-content/uploads/2012/11/Annex-A-Step-by-Step-Guide-for-ISO-9001-
2015-NG-FG-AG.pdf
19. N Nayab (2013). Linda Richter, Bright Hub Project Management.
20. Quality management systems - INTERNATIONAL.
21. STANDARD ISO/FDIS 9001 Requirements, ISO/TC 176/SC 2, 2015, Final Draft.
22. Quality management principles - ISO.Org, 2012.
23. Sumaedi, S., Yarmen, M., (2015). “The Effectiveness of ISO 9001 Implementation in Food Manufacturing
Companies: A Proposed Measurement Instrument”, International Symposium on Food and Agro-biodiversity,
Procedia Food Science 3: 436-444.
64
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
24. USDA ISO Guide 65 Program Accreditation for Certication Bodies Archived 2007, at the Way back Machine., U.S.
Department of Agriculture, Agricultural Marketing Service 2007.
25. Wilson P. John, Campbell Larry, (2016). "Developing a knowledge management policy for ISO 9001: 2015".
JOURNAL OF KNOWLEDGE MANAGEMENT 20: 829-844.
26. 9001 Academy (www.advisera.com/9001academy)
Keywords (Index)
-A-
Accreditation
-B-
Business Process
Business Strategy
-C-
Certication
Certied Company
Clause
Competitive performance
Continual Improvement
Customer Focus
Customer Needs
-D-
Decision Making
-E-
Engagement of people
Evidence-based decision making
-F-
Focused Leadership
Food Sector
Flowchart
-H-
-I-
Innovation
65
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
Improvement
ISO 9001
ISO 22000
-L-
Leadership
Likert scale
-M-
Monitoring
-O-
Organization
-P-
Performance
Plan-do-check-act (PDCA) cycle
Process Approach
Process Capability
-Q-
Quality assurance(QA)
Quality control(QC)
Quality management (QM)
Quality Principles
Quality tools
Quality Management System
-R-
Relationship Management
Risk
-S-
Scope
Standard
Supplier
66
This Project has been funded with support form the European Commission.
This Publication reects the views only of the author, and the commission cannot be held
responsible for any use Which may be made of the information contained therein
System Approach
-T-
Total quality management (TQM)
Training
-V-
Vocational Training
Glossary
HACCP: A system which identies, evaluates, and controls hazards which are signicant for food safety.
Likert scale: is a psychometric scale commonly involved in research that employs questionnaires. It is the most
widely used approach to scaling responses in survey research, such that the term is oen used interchangeably with
rating scale. Plan-do-check-act (PDCA) cycle:A four-step process for quality improvement.
Quality:In technical use, quality can have two meanings: 1. the characteristics of a product or service that bear on
its ability to satisfy stated or implied needs; 2. a product or service free of deciencies.
Quality assurance(QA): All the planned and systematic activities implemented within the quality system that can
be demonstrated to provide condence that a product or service will full requirements for quality.
Quality control(QC): The operational techniques and activities used to fulll requirements for quality.
Quality management (QM):e application of a quality management system in managing a process to achieve
maximum customer satisfaction at the lowest overall cost to the organization while continuing to improve the
process.
Quality tool:An instrument or technique to support and improve the activities of process quality management and
improvement.
Total quality management (TQM):A management approach to long-term success through customer satisfaction,
based on all members of an organization participating in improving processes, products, services and the culture in
which they work.
Abbreviations
GFSI: GlobalFoodSafetyIniave
HACCP:HazardAnalysis&CricalControlPoint
PDCA:Plan-Do-Check-Act
QA:QualityAssurance
QC:QualityControl
QM:QualityManagement
QMSs: QualityManagementPrinciples
QMSs:QualityManagementSystems
TQM:TotalQualityManagement
Prof. Fahmi Abu Al-Rub is a Member of Trustees at the
German Jordan University. He is a professor of Chemical
and Biochemical engineering at Jordan University of Science
Technology (JUST). Prof. Abu Al-Rub is the Director of the
Applied Scientic Research Fund (ASRF); an NGO non-
prot organization that aims at promoting the innovation
and entrepreneurial culture among young researchers.
Prof. Abu Al-Rub is managing more than 25 international
projects. He published more than 90 books, journal papers,
and conference proceeding on food quality management
systems, biosorption, wastewater treatment, renewable
energy, and thermodynamics. Prof. Abu Al-Rub received
the King Abduallah the Second Award in Innovation in
2016, and Abdel-Hameed Shoman Award for Young Arab
Researchers 2001.
ISBN: 978-1-951814-01-4
... -Training of new employees workers or temporary workers based on common diagrams -Quality assurance: Business process documentation for ISO 9001 certification (cf. [4]) -Continuous improvement: Diagrams depicting processes are used in common methodologies for continuous business process improvement (cf. [5]) ...
... They are the basis for the final documentation of the process. 4 The principle behind this is similar to the facilitation tool of a parking lot which collects any topic that cannot be discussed extensively in a meeting. ...
Article
Full-text available
There is often no common understanding on operational processes in logistics companies as they are not properly documented. Hence, people execute the same process differently and training is conducted by experienced operators on an ad-hoc basis. Furthermore, continuous process improvement is hampered as neither the ideal process nor current issues in as-is processes are visible. A major reason for the missing documentation is the complexity of existing business process modelling languages. Modelling experts are required for initially describing the processes and also for updating the models after process changes. Furthermore, operations people are usually not used to read complex process models in EPCs or BPMN diagrams. In order to overcome these limitations, a domain-specific modelling language which facilitates maintaining up-to-date process models has been designed with a large logistics company in Germany. The paper at hand briefly describes this language and illustrates the method on how to apply it in operations environments.
... Deming's model (see Figure 1) has provided the basis for improvement tools developed over time to enable the measurement of value, quality and sustainability in commercial supply chain systems (24,25,26). Post the identification of the system (i.e. the supply chain system map) other tools existed to improve the system and/or redesign the system and manage it, for example, Quality Management Systems such as ISO 9001:2015, LEAN, Six Sigma and SCOR (27,24,28). ...
Article
Full-text available
ISO 9001 is a Quality Management System (QMS) standard that is widely adopted by many manufacturing companies, including food manufacturing companies. However, the effectiveness of ISO 9001 implementation is still questioned. Given this, this paper aims to propose an instrument that can be used to measure the effectiveness of ISO 9001 implementation in food manufacturing companies. The paper is important because there is lack of research on the development of measurement instrument of ISO 9001 implementation effectiveness. Furthermore, this paper is important because the knowledge on measurement instrument of ISO 9001 implementation effectiveness is needed by ISO 9001 certified food manufacturing company managers for measuring and improving their QMS.
Article
Food safety and quality audits are used widely in the food industry for various reasons (to evaluate management systems, obtain certifications to certain food safety and quality standards, assess the condition of premises and products, confirm legal compliance, and so on). Nowadays, the increased interest of consumers on food safety and quality matters, triggered mainly by recent food scandals, has enabled the public and private food sectors to develop a variety of food safety and quality standards. These standards have both advantages and disadvantages and their effectiveness depends on several factors such as the competency and skills of auditors and the standard used in each case. Although the industry continuously invests in developing and improving these systems, the number of foodborne outbreaks per year appears to be quite stable in both Europe and the United States. This may be an indication that additional measures and techniques or a different approach would be required to further improve the effectiveness of the food safety and quality management systems. This article examines the role of audits and food safety and quality assessment systems in the food industry, presenting the results of several studies and briefly describing the main food safety and quality standards currently used in Europe (with particular emphasis on the United Kingdom and Greece), the U.S., Australia–New Zealand, and Asia.
Article
Purpose International Organization for Standardization (ISO) 9001: 2015 quality management systems places an obligation on organizations to consider the role of organizational knowledge as a resource. The purpose of this paper is to systematically relate the key fundamentals of knowledge management to the seven quality management principles of ISO 9001: 2015. It is the first to consider this relationship. Design/methodology/approach The paper traces the history of quality standards and the background to the inclusion of an organizational knowledge clause in ISO 9001: 2015. It then systematically considers the seven quality management principles in relation to knowledge management principles. Findings The core elements of the knowledge management standard are incorporated with the organizational knowledge clause. Explicit and tacit knowledge are addressed by the ISO standard. Knowledge and its management will become increasingly important in organizations driven by ISO certification requirements. Research limitations/implications ISO 9001: 2015 was released in September 2015 which means that organizations have yet to apply the organizational knowledge clause. This paper is a conceptual one which needs to be complemented with empirical research. Practical implications This paper identifies the role of knowledge management principles as they apply to ISO 9001: 2015 and the seven quality management principles. More than 1.1 million organizations are certified to ISO 9001, plus many others who use the standard informally. Those involved with organizational quality will need to understand the role of knowledge in the organization. Social implications Quality services and products need to be underpinned with strategic knowledge management. Originality/value This paper is the first to discuss knowledge management in relation to the seven quality management principles which assist the development of policy for quality management.
Article
Purpose – The purpose of this paper is to examine the extent to which five core dimensions of quality management, as a single factor, are associated with product innovation and process innovation; and finally how these two affect a firm’s competitive advantage in the market. Design/methodology/approach – The analysis followed in order to investigate the relations between the constructs of the proposed model, includes an initial exploratory factor analysis (EFA), followed by confirmatory factor analysis (CFA) and finally structural equation modelling (SEM) Findings – According to the study findings, quality management (QM) directly contributes to product and process innovation. Furthermore, product and process innovation have a direct impact on companies’ competitive advantage. Thus, the study proves that QM is an opportunity for a firm to improve its innovation and consequently its competitiveness. Research limitations/implications – This study relies on the perceptions of the respondents to operationalize the survey instrument. In addition, all variables are measured in the year that the survey was carried out. However, since the research exams the relationship between QM, technical innovation and competitive advantage across various organizations, it would be interesting to conduct a longitudinal study within these organizations. Practical implications – Our study offers clear implications for managers, proving that they should give higher emphasis on QM and innovation in order to prioritize their product, production and technology strategies, to achieve sustainable competitive advantage. Originality/value – Based on the multi-dimensional structure of QM, this empirical study determines the contribution of QM to specific innovation performance and overall competitiveness of companies.
Article
Purpose – The continuous development of quality management in organizations was driven on the one hand by competition and on the other hand by growing requirements of the customers. Mass production with a pure push strategy changed to a more and more pull strategy with higher customer and market orientation. To satisfy the requirements of the triangle quality, cost and time the field of view of quality management has continuously been widened from considering “what” is done to “how” it is done. Nowadays the complexity and interrelations inside and outside of organizations increased with their global orientation. To face these global challenges, the purpose of this paper is to do a detailed analysis of the history of quality management that can support the initial position in development of specific tools and methods for quality improvement in organizations. Design/methodology/approach – For the historic analysis a well-founded literature review has been performed. After presenting the historical development of quality management, the current situation described. Finally an outlook for upcoming trends in quality management is provided by extrapolating current developments. Findings – Four different paradigm shifts in quality management are up to now identified and described, accompanied by a high number of smaller development steps. Current efforts for the further development of quality management encompass “perceived quality”, “human-focused quality management” and “intelligent quality management”. Originality/value – The paper gives a survey on the development of quality management and delivers a forecast on future requirements and trends in structuring the quality management in technical enterprises.
Article
Purpose – The main objective of this paper is to explore the relationship between the combined implementation of the ISO 9001 and ISO 22000 systems and the competitive performance of manufacturing food companies. Design/methodology/approach – A survey instrument was used for quantitative data collection. All items were measured on a seven point modified Likert scale. The data was analysed statistically by means of Statistical Package for Social Scientists. Factor analysis was performed. Multiple regressions were used to test the hypotheses. Both validity and reliability of the measures were checked in order to reduce measurement error. Findings – The results show a positive and significant relationship between the ISO 9001 and ISO 22000 certification with competitive performance of food companies explaining a significant proportion of variance in performance. Practical implications – The results of this study may motivate the food company’s managers to adopt and implement the food safety and quality systems effectively. This consequently may help these companies to enhance their manufacturing capabilities and gain strong competitive advantages. Originality/value – This paper highlights the influence of quality and food safety management systems on the competitive performance of the food manufacturing companies. It reveals the value of the combined implementation of the ISO 22000 and ISO 9001:2000 systems providing top management of ISO certified food manufacturing organizations with valuable knowledge.
Understanding, Knowledge, and Awareness of ISO
  • Nigel H Croft
Croft, Nigel H (2014). Understanding, Knowledge, and Awareness of ISO 9001:2015. Available at:
Seven principles of Quality Management in ISO
  • Jay P Patel
Jay P. Patel (2016). Seven principles of Quality Management in ISO 9001:2015. Quality & Productivity Solutions Inc., 2016.Available: http://qpsinc.com/Documents/Article%207%20principles%20of%20ISO%2090012015.pdf
A step by step guide on how to interpret each clause
Mindtools.com.Plan-Do-Check-Act (PDCA). http://www.mindtools.com/CXCtour/PDCA.php 18. National Security Inspectorate, NSI (2016). A step by step guide on how to interpret each clause, Annex A to 9001:2015, Guidance document for approved companies 23-33, Sentinel House, 5 Reform Road Maidenhead SL6 8BY Available at: http://www.nsi.org.uk/wp-content/uploads/2012/11/Annex-A-Step-by-Step-Guide-for-ISO-9001-2015-NG-FG-AG.pdf
Linda Richter, Bright Hub Project Management
  • N Nayab
N Nayab (2013). Linda Richter, Bright Hub Project Management.