iso 9001:2008 upgrade training - eagle certification group · pdf fileiso 9001:2008 upgrade...

© EAGLE Registrations Inc. 2009 CONFIDENTIAL 1

ISO 9001:2008 Upgrade Training

2© EAGLE Registrations Inc. 2009 CONFIDENTIAL

Agenda

1. General Comments

2. The Clause, The Change, What It Means

3. Questions

© EAGLE Registrations Inc. 2009 CONFIDENTIAL 3

Section 1 – General Comments

Chris Miller, Operations Director

4© EAGLE Registrations Inc. 2009 CONFIDENTIAL

General Comments

ISO 9001:2008 is an amendment to the Standard and contains no new requirements (No new documents are required) (ANAB Heads Up 129)

Why an Amendment?

• Addresses requested user needs by improving clarity and eliminating confusion on the requirements

• Eliminates inconsistencies within ISO 9001 and ISO 14001

5© EAGLE Registrations Inc. 2009 CONFIDENTIAL

General Comments

ISO 9001:2000 certificates expire November 14, 2010

Certifications to ISO 9001:2000 can still be issued to ISO 9001:2000 until November 14, 2009. If you have a planned certification in the next few months, you can still certify to ISO 9001:2000

To upgrade:

• Complete a Surveillance Audit (SA) before November 14, 2010

• Complete an Recertification Audit (RE) before November 14, 2010

All new certificates issued to ISO 9001:2000 after 1/9/2009 will show an expiration date of 11/14/2010

There are two main dates that all certification bodies have to track:

1) All ISO9001:2000 certificates are no longer valid 24 months after the date of the ISO9001:2008 (Nov 15, 2008).

2) Certification Bodies (EAGLE Registrations Inc.) can still do audits and issue a ISO9001:2000 certificates up to Nov 14, 2009.

1) The rule is 12mths from the revision date of ISO9001:20082) Any Registration or Recertification audit after the 12 months (Nov

14, 2009) shall be done to ISO9001:20083) The new ISO9001:2000 certificate will expire on Nov 14, 2010 vs

the normal 3 yrs (it will be updated to the full three years after the upgrade audit)

• Current ISO9001:2000 Certificates can be Upgraded by:• Completing an Surveillance or Recertification audit before the end

of the 24 months (Nov 14, 2010)

© EAGLE Registrations Inc. 2009 CONFIDENTIAL 6

Section 2 –The Clause, The Change and What it MeansJane Wise, Certification Manager

These slides will not cover every single change in wording or phrasing to the revision of the standard, but rather is an “overview” of the changes, particularly with regard to items that might require a “second look” by your organization as you prepare to upgrade.

Included in our review will be items that may be covered by your auditor as they visit your facility and review the updates in your Quality Management System.

At the end of the slides you’ll find an e-mail address to request a packet of information on ISO 9001:2008 which includes a detailed listing of each change in the Standard.

With that in mind, let’s begin!

7© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 4.1 – General Requirements

Change – Outsourced processes continue to be the responsibility of the organization and must be included in the quality management system

What it means – The organization continues to be responsible for meeting the requirements, even if the customer designates the source

Outsourced processes, for example, would be heat treating, coating, painting, etc. You can see that this clause links with 7.4.1, Purchasing process.

Outsourcing does not remove any responsibility of the organization to conform to customer requirements.

8© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 4.2.1 – Quality Management System

Change: 1. Documents required by the standard can be

combined.2. ISO 9001 requirements can be covered by more

than (1) documented procedure.

What it means – This allows for more effective control and more efficient use of resources.• Example: one procedure for

Corrective/Preventive Action; multiple procedures for internal audits

This clause contains two clarifications:1) That required documents can be combined. An example of this is the procedures for Corrective Action and Preventive Action are often combined. 2) The requirements can be covered by more than one procedure. An example might be to have multiple procedures for Internal Audits.This revision also includes words to show that the organization will determine which documents and records will be controlled.

9© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 4.2.3 – Control of Documents

Change – Only those external documents relevant to the Quality Management System need to be controlled

What it means – Clarification reduces confusion as to how this clause is applied

Not all external documents have to be identified and controlled; only those needed for the planning and operation of the quality management system.

10© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 4.2.4 – Control of Records

Change – Clarified that Records shall be controlled.

What it means – “Maintained” changed to “controlled”. The organization must control all records, as well as defining those controls in the required procedure.

“Maintaining” records would simply mean keeping them in good condition, while“controlling” them means to regulate their use.

11© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 5.5.2 – Management Representative

Change – Management Representative must be a member of the organization’s management

What it means – The authority of the Mgt. Rep. is to be established. Can they make decisions? Contracted employees or consultants must be active in the QMS and given authority to make decisions

The intent of the clause is that the Management Representative is also a member of the organization’s management, so they have participation with Top Management and are given authority to make decisions and take necessary actions within the QMS system.

This clarification may require your organization to re-evaluate this position.

12© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 6.2.1 – Human Resources (General)

Change – Requirements for competence are relevant for any employees involved in work affecting conformity to the product

What it means – Just about everyone in the organization is included. Product requirements cover quality, delivery, service, etc

This clause ties in with 5.5 Responsibility, authority and communication and shouldn’t be viewed as a new requirement. The NOTE clarifies that anyone can affect conformity to product requirements.

13© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 6.3 – Infrastructure

Change – Clarified that support services includes Information Services

What it means – Many documents, records, and data are handled electronically. The clarification/ expansion recognizes that Information Services is important to the success of the QMS

14© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 6.4 – Work Environment

Change – Clarified to include working conditions –physical, environmental and other factors such as noise, temperature, humidity, lighting or weather

What it means – How does the environment affect the product? Determine and manage this as it pertains to achieving product conformity

Examples of work environment conditions are given in order to clarify items to be considered in facilitating product conformity. While not requirements, there may be examples listed in this clause that your organization hasn’t previously considered.

Each of these examples (as well as others) can affect product conformity.

15© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 7.2.1 – Determination of Requirements Related to the Product

Change – Post-delivery activities can include actions under warranty provisions, maintenance services and supplementary services such as recycling or final disposal

What it means – Any after-sales product service provided as part of the customer contract or purchase order may be included as part of the QMS

You organizations may not have considered the breadth of post-delivery activities indicated by the note in this clause. For example, should your order entry screen be changed to reflect warranty or service requirements?If the requirements are deemed necessary and relevant to the product, then they must be applied.

16© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 7.3.1 – Design & Development Planning

Change:

1. Design & Development review, verification and validation have very distinct purposes.

2. These can be conducted and recorded separately or in any combination that is suitable for the product/ organization.

What it means:

1. Understanding of what review, verification and validation mean (ISO 9000:2005)

2. Depends on the organization, product and customer.

Let’s first review the terms: •Design review – analysis to determine capability to meet its requirements, alsoserves to identify present and potential problems •Verification – testing (or otherwise determining and documenting) whether the design output meets the design requirements•Validation – assessment of the testing to establish that the design delivers the intended outcome

The new note in Clause 7.3.1b explains that although review, verification and validation have distinct goals, they can be carried out separately or in any combination, as suitable for your organization.

17© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 7.3.3 – Design & Development Outputs

Change – Added a note that preservation of product may be part of the information needed for the production and service provision.

What it means – Examine shelf life, exposure, storage, obsolescence, recycling and disposal.

The new note reminds us clause 7 (production and service) includes sub clause 7.5.5 (preservation of product). This is to indicate that the design output should consider product preservation, such as product packaging.

18© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 7.5.3 – Identification and Traceability

Change – Clarify that product status with respect to monitoring & measurement requirements are “throughout product realization”

What it means – Materials must be properly identified throughout possession, no suspect or unidentified material. Records of traceability shall be maintained

The text in this clause refers to inspection and test status of the product, and some organizations may have thought in the previous version of the standard that it only applied to the final product.

19© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 7.5.4 – Customer Property

Change – Both intellectual and personal data should be considered customer property

What it means – Consider effective control and confidentiality

This clause broadens its application to more organizations, especially service organizations, by including personal data. The phrase was also added to address the issue of increasing identity theft in the world. Something to consider!

20© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 7.5.5 – Preservation of Product

Change – Product shall be preserved in order to maintain conformity to the product

What it means – Product shall be preserved in order to maintain conformity to the product

The change clarifies this clause may not be applicable to all organizations, such as some service organizations.

21© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 7.6 – Control and Monitoring of Measuring Equipment

Change – Does measurement software work correctly? Using the correct software version?

What it means – Validate measurement software before use. Software should be current and controlled

Organizations may have been unsure how to “confirm” software used for monitoring and measuring has the ability to satisfy the intended application. A new note was added to explain that confirmation of software would typically include verification and configuration management.The goal here is the software has the ability to satisfy the intended application.

22© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 8.2.1 – Customer Satisfaction

Change – Customer perception may include:

• Customer Satisfaction surveys

• Data on delivered product quality

• User opinion surveys

• Lost business analysis

• Compliments

• Dealer reports

What it means – Clarification provides possible (but not the required) sources and methods to conform to this clause

23© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 8.2.3 – Monitoring and Measuring of Processes

Change – Consider the impact of conformity to product requirements and on the effectiveness of the QMS (type and extent)

What it means – Any non-conforming product? What effect is there on metrics, achievement of objectives? These lead to correction and corrective action

24© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 8.2.4 – Monitoring and Measuring of Product

Change – The requirement to maintain evidence of conformity with acceptance criteria has been moved to the first paragraph

What it means – The requirements to conform to this clause are: • defined acceptance criteria• conducted at pre-determined stages• records which include identification of the person

authorizing release • a waiver, when applicable

The records to be maintained are those that are authorizing release of the product or delivery to the customer.

25© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 8.2.4 – Monitoring and Measuring of Product

Change – Clarification for release of product

What it means – Release of product is not to the next in-process stage, but for delivery to the customer

Release of product and delivery of service is to the customer.

26© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Clause 8.5.2 and 8.5.3 – Corrective Action/ Preventive Action

Change – Clarification that not only should CAs/ PAs be reviewed, but that the review needs to consider the effectiveness of the actions taken

What it means – Review CAs/ PAs not only for completion, but for effectiveness (Recurrence?)

Release of product and delivery of service is to the customer.

27© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ISO 9001:2008

Does your organization have a copy of ISO 9001:2008 and is it part of your external document list?

Have your company documents been revised to meet the intent of ISO 9001:2008?

Has an internal audit been performed to verify implementation and effectiveness of ISO 9001:2008?

Did Top Management review the changes to the QMS as it relates to ISO 9001:2008 (Management Review)?

Here are some additional items to consider as you prepare for your audit to upgrade to ISO 9001:2008

© EAGLE Registrations Inc. 2009 CONFIDENTIAL 28

Section 4 –Questions?

Jane Wise, Certification Manager Chris Miller, Operations Director

29© EAGLE Registrations Inc. 2009 CONFIDENTIAL

Closing Comments

A copy of this presentation and information packet on ISO 9001:2008 can be obtained by e-mailing or calling Dort Elsner at the EAGLE office (800.795.3641):

• PowerPoint slides

• ISO 9001:2008 Summary of Changes (expanded)

• ISO 9001:2008 Auditor Checklist

• ISO 9001:2008 Changes Summary (for upgrade)

30© EAGLE Registrations Inc. 2009 CONFIDENTIAL

ABOUT EAGLE

EAGLE Registrations Inc. services and accreditations* include:

ISO9001* • ISO14001* • ISO/TS16949* • AS9100*

ISO13485 • OHSAS18001

EAGLE Food Registrations Inc. services include:

ISO22000 • Safe Quality Food (SQF)

*Accreditation by ANSI-ASQ National Accreditation Board (ANAB) and International Automotive Oversight Bureau (IATF)

EAGLE Registrations Inc. is an accredited* third-party certification body, providing personalized, value-added third-party certification for international quality, environmental and food standards. We help our clients maximize their quality system investment and improve business results through personalized service, compliance analysis, constructive feedback and superior industry knowledge.

EAGLE Registrations Inc.40 North Main Street, Suite 2410

Dayton, OH 45423800.795.3641| 937.293.0220 fax

info@eagleregistrations.com|www.eagleregistrations.com