How does an organization address risks and opportunities in ISO 9001

risks to an organizationIn ISO 9001:2015, addressing risks and opportunities is a fundamental part of the quality management system (QMS), aiming to increase the effectiveness of the QMS, achieve improved results, and prevent negative effects. The standard requires an organization to integrate a risk-based thinking approach into its overall processes. Here's how an organization can address risks and opportunities according to ISO 9001:

  1. Understanding the Context: The organization needs to understand its internal and external context, including any factors that can impact its QMS objectives. This understanding helps in identifying potential risks and opportunities.

  2. Planning: Once the risks and opportunities are identified, the organization should plan actions to address these. This includes deciding how to:

    • Mitigate or eliminate the risks.
    • Enhance opportunities to achieve the intended outcomes of the QMS.
  3. Integration into the QMS Processes: The actions to address risks and opportunities are integrated into the organization's QMS processes. This integration ensures that risk-based thinking is embedded in the planning and execution of all QMS processes.

When should a company perform an internal ISO 9001 audit?

gecko auditorInsurance Icon Turned AuditorA company should perform an internal ISO 9001 audit at various stages and frequencies to ensure continuous compliance and improvement. Management Solutions Group is here to help prepare or perform your Internal Audit. Here are the general guidelines:

  1. Before External Audits: It's crucial to conduct internal audits before scheduled external or certification audits. This allows the company to identify and address any non-conformities or areas for improvement.

  2. Regularly Scheduled Intervals: Companies typically perform internal audits at least once a year. However, the frequency can be higher depending on the size of the organization, the complexity of processes, the level of changes made to the system, and past audit performance.

What is the frequency to perform an ISO 9001 internal audit?

ISO 9001 is a quality management system (QMS) standard that requires organizations to conduct internal audits at planned intervals to ensure conformity and effectiveness.

While ISO 9001 doesn't prescribe a specific frequency for internal audits, they should be performed at regular intervals that are appropriate for the organization's size, complexity, and identified risks. The timing and frequency of the audits should be defined in the organization's internal audit procedure or quality manual, based on a risk assessment.

Some organizations might perform internal audits quarterly, while others may choose to do them semi-annually or annually. It often depends on the previous audit findings, changes to processes, or concerns raised by customers or management.

What is the difference between IATF 16949 and ISO 9001?

IATF 16949 and ISO 9001 are both standards related to quality management systems, but they are designed to address different aspects and have distinct applications.


ISO 9001:


Scope: ISO 9001 is a general standard that is applicable to all industries. It outlines the criteria for a quality management system and focuses on customer satisfaction, continual improvement, and fulfillment of regulatory requirements.
Requirements: The requirements of ISO 9001 are broad and emphasize process control, customer orientation, leadership, risk management, and operational planning.
Certification: Many organizations can become ISO 9001 certified to demonstrate their commitment to quality management principles. The certification is recognized worldwide.

How to control outsourced processes in your Management System

conference with 2 peopleISO 9001:2015 clauses 8.4.1 – 8.4.3 and requires that external providers must be controlled and their performance be evaluated.   This 9001 clause applies to IATF 16949, AS9100D, 13485, 14001 45001, and ISO 27001.  Effectively there is almost no difference between purchasing a service and outsourcing of a process.

What processes are outsourced, and how are they controlled?

Usually, outsourced processes include things like:

  • component manufacturing
  • accounting
  • maintenance
  • transportation
  • IT support
  • warehousing & distribution
  • banking & finance
  • legal
  • consultant/auditor

Internal and certification audits take into account Outsourced Processes & Products.  ISO Standard 8.4.1 covers how organizations address external outsource vendors.

Process Mapping in ISO 9001 & IATF 16949

ISO 9001: 2015 & ISO / IATF 16949 Process Mapping / Interaction

There is quite a bit of confusion regarding the documentation of the interaction of Processes (Sometimes referred to as Customer Orientated Processes {COP’s}, Manufacturing Orientated Processes {MOP’s} and Support Orientated Processes {SOP’s} required by ISO 9001: 20015and IATF 16949 and also helpful for ISO 9001. Many companies have added additional documents to meet the requirements of documenting the process interactions including “Turtle Documents” and “Line of sight” flow diagrams. While these documents typically assist in meeting the requirements, they usually do not identify process interactions or support processes adequately. Also, and very importantly, they add yet another set of documents that need to be controlled and understood by related staff. However, if done correctly these process interaction diagrams can actually reduce the amount of documentation and increase the effectiveness.

SEQUENCE AND INTERACTION OF PROCESSES

Section 4.4.1 requires documentation of quality management processes and their “sequence and interaction.”

Now, what does that mean?

Processes have inputs and outputs and are managed by a series of activities. For instance, Verification of Purchased Product, 7.4.3, is a process (dinosaurs who wondered the earth during the ISO9000:1994 era refer to this as receiving inspection). This process has inputs such as supplier evaluation, prints and purchase orders. The outputs may include a receiving inspection log, tags, labels and routers. Activities usually include receiving, inspecting, documenting, identifying and staging.
Where do we start?

First, assign a team that represents all departments.

Next, draw a “sequence of processes flowchart.” This is simply a diagram of the major processes in your system from Quoting to Shipping. This is also called a “line-of-sight diagram.”

Now, diagram the activities associated with each step. Be sure to include all departments in this exercise.

What is the ISO 9001:2015 standard and what it is not.

What is in ISO 9001:2015 and what is not. Listen to Brandon Kerkstra give a brief overview in this lesson from the online ISO 9001:2015 course.

What ISO 9001:2015 DOES Include   What is NOT in ISO 9001:2015

thumbs up 3 whiteRequires an organization to have the information (documents, procedures, etc.) and records required for effective business planning and implementation

  thumbs down 3 whiteRequiring a change in your document identification system. It is your decision.
thumbs up 3 whiteFocus on Strategic thinking. Language is Context of Organization

  thumbs down 3 whiteDescribing HOW to conduct strategic planning
thumbs up 3 whiteFocus on risk based thinking to be initiated at the strategic level or Context of Organization

  thumbs down 3 whiteRequiring risk assessment, risk management, risk treatment, and use of formal risk tools
thumbs up 3 whiteIt is arranged so all ISO Management systems will be aligned=one system   thumbs down 3 whiteDivergent systems are permitted at this time
     
     
     Click play to listen to brandon
 logo  

Information

We offer a free, no obligation initial analysis as well as accomplishment Guarantees.

building bricks 35x25Copyright 2008 - 2021 Management Solutions Group, All Rights Reserved

building bricks 35x252879 Hoag NE • Grand Rapids, MI 49525
• Phone: Tap: (616) 365-9822
• Fax: (425) 799-5915

Testimonial from a Client

Outstanding Learning Experience

"Just wanted to send a note thanking you for the hard work and effort given to our company to help obtain ISO13485 & 9001. We successfully passed the initial registration audit two weeks ago. The auditor was impressed with how we integrated both systems and said it should be used as a model for other companies attempting to do the same. Linda’s work was outstanding and we learned a lot about our company and where our shortfalls are. Without her help and assistance we never would have achieved this goal"

Micro Star Innovations