ISO 9001 2015 Quality Objectives and Risk Assessment
ISO 9001: 2015 Quality Objectives and Risk Assessment University of Liberal Arts Bangladesh (ULAB)
ISO 9001: 2015 6. 2 Quality Objectives and Planning to Achieve Them 6. 2. 1 • The organization must establish quality objectives at relevant functions, levels, and processes. • The quality objectives must be consistent with the quality policy. • If practicable it must be measurable. • It must be based on application requirements. • It must be relevant to the conformity of products and services and the enhancement of customer satisfaction. • It must be monitored and communicated. • It must be updated as appropriate. • The organization should maintain a documented information on the quality objectives.
ISO 9001: 2015 6. 2 Quality Objectives and Planning to Achieve Them 6. 2. 2 When planning how to achieve the quality objectives, the organization must determine: • what will be done; • what resources will be required; • who will be responsible; • when it will be completed; • how the results will be evaluated.
Quality Policy and Objective • The Quality Policy is created with the Customer Requirements in mind, then quality objectives are linked back to the Customer Requirements through the Quality Policy. The quality objectives take the goal(s) stated in the Quality Policy and turned these into statements for improvement against which plans can be made.
Quality Policy to KRA and Objective For example, if the Quality Policy of a Pizzeria reads: “To deliver Pizza to our customers when they need them, with no defects, every time. ” It had identified a customer need for just-in-time delivery with no defects as the most important requirements. The two KRAs from the Quality Policy identified are: KRA 1: On-time delivery KRA 2: No defects
KRA to Objective • For KRA 1 (delivery) Objective may be: “to improve on-time delivery from 90% to 95% within the next year” and • For KRA 2 (defects ) Objective may be: “to reduce the defective pizzas delivered to the customer from 3% to 2% within the next year”. The improvements targeted in the Quality Objectives are directly linked to the needs of the customer.
KPI and Customer Need Quality Policy KPI Quality (Improvement) Objectives Key Result Area
6. 2 Quality Objectives and Planning • Organization must ensure that specific quality objectives are established at relevant functions, levels, and processes needed for QMS. • The quality objective should be relevant to meeting the requirements of your products and services and to enhance customer satisfaction.
6. 2 Quality Objectives and Planning • Quality objectives are used to measure the performance of products, Service processes, customer satisfaction, suppliers, use of resources and the overall performance and effectiveness of the QMS. • Quality objectives may be established for all QMS processes.
ISO 9001: 2015 Risk-based thinking
ISO 9001: 2015 1. 3. 3 Risk-based thinking • • • Risk-based thinking (see Clause A. 4) is essential for achieving an effective quality management system. The concept of risk-based thinking has been implicit in previous editions of this International Standard including, for example, carrying out preventive action to eliminate potential nonconformities, analysing any nonconformities that do occur, and taking action to prevent recurrence that is appropriate for the effects of the nonconformity. To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects. Opportunities can arise as a result of a situation favourable to achieving an intended result, for example, a set of circumstances that allow the organization to attract customers, develop new products and services, reduce waste or improve productivity. Actions to address opportunities can also include consideration of associated risks. Risk is the effect of uncertainty and any such uncertainty can have positive or negative effects. A positive deviation arising from a risk can provide an opportunity, but not all positive effects of risk result in opportunities.
ISO 9001: 2015 A. 4 Risk-based thinking • The concept of risk-based thinking has been implicit in previous editions of this International Standard, • e. g. through requirements for planning, review and improvement. This International Standard specifies requirements for the organization to understand its context (see 4. 1) and determine risks as a basis for planning (see 6. 1). This represents the application of risk-based thinking to planning and implementing quality management system processes (see 4. 4) and will assist in determining the extent of documented information. • One of the key purposes of a quality management system is to act as a preventive tool. Consequently, this International Standard does not have a separate clause or subclause on preventive action. The concept of preventive action is expressed through the use of risk-based thinking in formulating quality management system requirements.
ISO 9001: 2015 • This International Standard employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking. • Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise. 1
ISO 9001: 2015 – Risk-Based Thinking • One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to risk, rather than treating it as a single component of a quality management system. • In previous editions of ISO 9001, a clause on preventive action was separated from the whole. Now the risk is considered and included throughout the standard. • By taking a risk-based approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement.
ISO 9001: 2015 – Risk-Based Thinking • Establish a systematic approach to risk • Preventive actions are considered beforehand included throughout the QMS • Proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement.
Identifying risks: depends on context Example: Catch a meeting on time • If I cross a busy road with many fast-moving cars the risks are not the same as if the road is small with very few moving cars. • It is also necessary to consider such things as weather, visibility, personal mobility, and specific personal objectives.
Understand your risks • What is acceptable, what is unacceptable? What advantages or disadvantages are there to one process over another? Example: Objective: I need to safely cross a road to reach a meeting at a given time. – It is UNACCEPTABLE to be injured. – It is UNACCEPTABLE to be late.
Understand your risks • Reaching my goal more quickly must be balanced against the likelihood of injury. • It is more important that I reach my meeting uninjured than it is for me to reach my meeting on time.
Risk and context: crossing the road • It may be ACCEPTABLE to delay arriving at the other side of the road by using a footbridge if the likelihood of being injured by crossing the road directly is high. • I analyze the situation-(context) – The footbridge is 200 meters away and will add time to my journey. – The weather is good, the visibility is good and I can see that the road does not have many cars at this time.
Risk and context: crossing the road • I analyze the situation-context – The footbridge is 200 meters away and will add time to my journey. – The weather is good, the visibility is good and I can see that the road does not have many cars at this time. • I decide that walking directly across the road carries an acceptably low level of risk of injury and will help me reach my meeting on time.
Plan actions to address the risks: Impact vs. Probability How can I avoid or eliminate the risk? How can I mitigate risks? • I cannot reasonably expect to control the impact of a car hitting me. • I can reduce the probability of being hit by a car. – use the footbridge – cross at a time when there are no cars – cross the road at a place where visibility is good
Plan actions to address the risks: Revise the process/context Consider innovative opportunities: • Move the meeting place so that the road does not have to be crossed • Change the time of the meeting so that I cross the road when it is quiet • Meet electronically
Definitions ISO 9001: 2015 defines risk as to the effect of uncertainty on an expected result. • An effect is a deviation from the expected – positive or negative. • Risk is about what could happen and what the effect of this happening might be. • Risk also considers how likely it is.
Risks: Impact and Probability Risk can be defined by two parameters: • Severity (This is the Seriousness of the harm) – Critical, Serious, Negligible • Probability (This is the Probability that the harm will occur) – Frequent, Occasional, Remote
Thank you!
- Slides: 33