ISO 9001:2015 FOR BUSINESS DEVELOPMENT A PROGRAM FOR ROAD TO CERTIFICATION Propose for Sekolah Tinggi ilmupelayaran (STIP) Provide by RAGA Consultant Disclaimer : This presentation material is purposed for Road to iso 9001:2015 certification programs which setup base on client need for management system implementation
Contents Management System Insight and Milestone ISO 9001:2015 P-D-C-A, Structure and Requirements Risk Based Thinking Model for ISO 9001:2015 Risk Based Thinking Model for ISO 9001:2015 and Company Culture
Management System Insight Principle of Management System A management system is a framework of controls to manage key processes, organisational risks and drive continual improvement. The management system is important to the operation of every business because it guides the behaviour of personnel in the organization. The management system is the management team’s main tool for ensuring safe and sustainable operation. The challenge facing organization is “how can we get our management system to work more effectively” (ISRS-7th Edition, Performance Management System)
What’s Management System ? Set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives Note 1 to entry: A management system can address a single discipline or several disciplines (e.g. quality, environment, occupational health and safety, energy, financial management). Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning and operation, performance evaluation and improvement. Note 3 to entry: The scope of a management system can include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.
Quality management system Part of an organization’s management system used to develop and implement its Quality policy and manage its Quality risks Cost & Benefits • Risk Management • Credible assessment • Competitive Advantage/Customer Requirement • Cost Saving and Improvements • Improved Relationship with Community and Regulators • Assists Meeting Regulatory Requirements
To produce high-level quality condition regarding to product, service and activity. • To protect as overall environmental condition include health and safety issues that impact from daily activities. • To improve customer voices which related with customer satisfaction • To comply with applicable regulation which’s subscribe by company • To full fill with customer requirements • To improve awareness of employees and or person who’s working on behalf company related with environmental, health and safety issues • To improve awareness of employees and or person who’s working and associated with quality issues. • To improve image of company related with environmental, health and safety issues • Key point to open business barriers related of environmental, health and safety issues • Key access related with requirements of customer satisfaction. Purpose of management system development
A “Risk Based Thinking” Model for ISO 9001:2015
ISO 9001:2015 Risk & Opportunities 4.4 Quality management system and its processes The organization shall establish, implement, maintain andcontinually improve a quality management system,including the processes needed and their interactions, inaccordance with the requirements of this InternationalStandard. The organization shall determine the processes neededfor the quality management system and their applicationthroughout the organization and shall determine: f) the risks and opportunities in accordance with therequirements of 6.1, and plan and implement theappropriate actions to address them;
ISO 9001:2015 Risk & Opportunities 6 Planning for the quality management system 6.1 Actions to address risks and opportunities 6.1.1 When planning for the quality management system,the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to: give assurance that the quality managementsystem can achieve its intended result(s); prevent, or reduce, undesired effects; achieve continual improvement.
ISO 9001:2015 Risk & Opportunities • 6.1.2 The organization shall plan: • actions to address these risks and opportunities; • how to: • integrate and implement the actions into itsquality management system processes (see4.4); • evaluate the effectiveness of these actions. • Actions taken to address risks and opportunities shall be • proportionate to the potential impact on the conformity of • products and services.
The Main Objectives of InternationalStandards • To provide confidence in the organization’sability to consistently provide customers withconforming goods and services • To enhance customer satisfaction • The concept of “risk” in the context of theinternational standards relates to theuncertainty in achieving these objectives
What is Risk Based Thinking? • Risk-based thinking is something we all do automatically andoften sub-consciously • The concept of risk has always been implicit in ISO 9001 – the2015 revision makes it more explicit and builds it into the wholemanagement system • Risk-based thinking is already part of the process approach • Risk-based thinking makes preventive action part of the routine • Risk is often thought of only in the negative sense. Risk-basedthinking can also help to identify opportunities. This can beconsidered to be the positive side of risk
Why Should I adopt “Risk-BasedThinking”? • To improve customer confidence andsatisfaction • To assure consistency of quality of goods andservices • To establish a proactive culture of preventionand improvement • Successful companies intuitively take a riskbasedapproach
What Should I Do? • Identify what the risks and opportunities are in • your organization – it depends on context • ISO 9001:2015 will not automatically requireyou to carry out a full, formal riskassessment, or to maintain a “risk register” • ISO 31000 (“Risk management — Principlesand guidelines”) will be a useful reference(but not mandated)
What Should I Do? (continued) • Analyze and prioritize the risks and opportunities inyour organization • what is acceptable? • what is unacceptable? • Plan actions to address the risks • how can I avoid or eliminate the risk? • how can I mitigate the risk? • Implement the plan – take action • Check the effectiveness of the actions – does it work? • Learn from experience – continual improvement
Key Points to Remember • Risk Based Thinking = PreventativeAction • Risk Based Thinking is everybody’sbusiness! • Risk Based Thinking is not just theresponsibility of management • Risk Based Thinking must becomean integral part of the organizationalculture
What is Risk? Risk is the possibility of events or activities impeding the achievement of an organization’s strategic and operational objectives.
Risk – A Simple Definition The volatility of potentialoutcomes. Or How surprised do you really want to be??
Risk Definitions • Risk can be defined by two (2) parameters • Severity • This is the Seriousness of the harm • Probability • This is the Probability that the harm will occur
The Importance of a Risk Register • The risk register or risk log becomesessential as it records identified risks, theirseverity, and the actions steps to be taken. • It can be a simple document, spreadsheet,or a database system, but the most effectiveformat is a table. • A table presents a great deal of informationin just a few pages.
Components of a Risk Register • There is no standard list of components that should be included in the risk • register. Some of the most widely used components are: • Dates: As the register is a living document, it is important to record thedate that risks are identified or modified. Optional dates to include arethe target and completion dates. • Description of the Risk: A phrase that describes the risk. • Risk Type (business, project, stage): Classification of the risk:Business risks relate to delivery of achieved benefit;, project risks relateto the management of the project such as timeframes and resources,and stage risks are risks associated with a specific stage of the plan. • Likelihood of Occurrence: Provides an assessment on how likely it isthat this risk will occur. Examples are: L-Low >30%)(, M-Medium (31-70%), H-High (>70%). • Severity of Effect: Provides an assessment of the impact that theoccurrence of this risk would have on the project.
Components of a Risk Register • There is no standard list of components that should be included in the riskregister. Some of the most widely used components are: • Countermeasures: Actions to be taken to prevent, reduce, or transferthe risk. This may include production of contingency plans. • Owner: The individual responsible for ensuring that risks areappropriately engaged with countermeasures undertaken. • Status: Indicates whether this is a current risk or if risk can no longerarise and impact the project. Example classifications are: C-current orE-ended. • Other columns such as quantitative value can also be added ifappropriate.
Purpose of the Process Approach The purpose of the process approach is to enhance anorganization’s effectiveness and efficiency in achievingits defined objectives. This means enhancing customersatisfaction by meeting customer requirements.
Plan-Do-Check-Act The Plan-Do-Check-Act (PDCA) methodology can bea useful tool to define, implement and controlcorrective actions and improvements. Extensiveliterature exists about the PDCA cycle in numerouslanguages.
Management Review Input • Top management shall review the organization's quality management system, atplanned intervals, to ensure its continuing suitability, adequacy, and effectiveness. • The management review shall be planned and carried out taking into • consideration: • the status of actions from previous management reviews; • changes in external and internal issues that are relevant to the qualitymanagement system including its strategic direction; • information on the quality performance, including trends and indicators for: • 1) nonconformities and corrective actions; • 2) monitoring and measurement results; • 3) audit results; • 4) customer satisfaction; • 5) issues concerning external providers and other relevant interested parties; • 6) adequacy of resources required for maintaining an effective qualitymanagement system; • 7) process performance and conformity of products and services; • d) the effectiveness of actions taken to address risks and opportunities (see clause6.1); • e) new potential opportunities for continual improvement.
Conclusions • Risk Based Thinking is an element in the ProcessApproach • Risk Based Thinking is an input to ManagementReview • Risk Based Thinking is an element in the continualimprovement process that is focused on prevention. • Risk Based Thinking has been demonstrated duringaudits; a risk register is documented information thatvalidates an organization has done Risk BasedThinking.