The Quality Management System (QMS) scope, sets boundaries and applicability of your QMS and it is also included in the ISO 9001 certificate, so it’s very important to identify and must be documented.
Try not to jump ahead with finalising your scope. Before defining your scope, you must take into consideration the following factors:
The external and internal issues that are relevant to the purpose of your organisation;
Your organisations strategic direction, and your ability to achieve intended results;
The requirements of relevant interested parties (internal and external);
The products and services of your organisation.
As the QMS scope will available for all to see, in and outside of your organisation, you will likely want to keep it simple, short and easy to understand. It will help an auditor have a clear picture of your organisations purpose and activities, it will show you have considered your interested parties expressed needs and expectations, and it will ensure your organisation is aware of their involvement in the QMS.
How has the scope changed since the revision of the standard?
The 2008 standard referred to ‘exclusions’, unfortunately this was used in some cases as an excuse not to meet the standard in certain areas. Now however, the Appendix A5, specifically mentions that ‘exclusions’ are no longer referred to in the 2015 standard.
The revised standard focuses on ‘Applicability’. What’s applicable to your organisation depends on the organisation size, complexity, your practiced management model, range of organisational activities and nature of risk and opportunities it encounters. So your organisation can decide if a requirement from the ISO 9001:2015 Standard is applicable to the processes and activities in your organisation.
Remember that if you do decide a requirement isn’t applicable, you are responsible to ensure this doesn’t negatively impact your products and services!
In an ISO Management System, when does a document have to be controlled per the requirements of 7.5?
The standards say when the document is “necessary” or is “required documented information” per the ISO Management Standard.
“Necessary” documents are defined as those documents necessary to ensure the processes and services are controlled. In a quality management system, this might be the purchase order as it is necessary evidence of the agreement made with the supplier.
In a safety management system, this might be instructions on how to safely perform a service.
In an environmental management system, this could be the process map for managing hazardous waste.
Necessary Documents
Each system’s needs will determine the necessary documentation. Another clue to what is “necessary” is to look at what is used as operational controls in the risk table. If a document is used as an operational control in either the ISO 9001, ISO 14001, or ISO 45001 system, it is necessary and must be controlled.
My simple, sustainable, explanation is, “if someone stole it and you wouldn’t miss it, it doesn’t have to be controlled”. (Ironically, this describes most Manuals for ISO Management Systems.)
This also means that if a document could be stolen and you do not miss it, it is not adding value and is not “necessary”. This means your system is not simple. It is complicated.
Free information
Contact us to review your documentation and let us help you determine what must be controlled. Let us help you create a simple, sustainable system that is used to drive continual improvement.
Go to https://www.ce-q.com/ to get a copy, for free, of “Required Documented Information” for ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 13485 and others.
Other free documents are available including Corrective Action Form and Management Review. CETC helps you create simple, sustainable, continually improving management systems that work.
With the changes to the ISO 9001:2015 standard comes new terminology and requirements. Annex A and B are included in the ISO 9001 standard to explain structure, terminology, and concepts used in the standard. In this article, we will briefly review Annex A and B.
Annex A
Annex A includes an overview of:
Structure and terminology (A.1)
Products and Services (A.2)
Understanding the needs and expectations of interested parties (A.3)
Risk based thinking (A.4)
Applicability (A.5)
Documented information (A.6)
Organisational Knowledge (A.7)
Control of externally provided processes, products and services (A.8)
A.1 Structure and terminology
This section explains the clause sequencing of the 2015 version of the standard and compares terminology differences between the new and previous version.
ISO 9001:2008
ISO 9001:2015
Products
Products and services
Exclusions
Not used (See A.5 Applicability)
Management representative
Not used (Similar responsibilities and authorities are assigned but no requirement for a single management representative)
Documentation, quality manual, documented procedures, records
Documented information
Work environment
Environment for the operation of processes
Monitoring and measuring equipment
Monitoring and measuring resources
Purchased product
Externally provided products and services
Supplier
External provider
Products and Services (A.2)
The standard explains the terms ‘products’ and ‘services’ and how they are different to the terms used in the 2008 version.
Even though the term ‘product’ included all categories of businesses, the previous 2008 version was a little more difficult for service industries e.g. postal service, to apply the whole standard to. By including the term ‘service’ to the 2015 version, it has allowed businesses greater scope of applying the standard because it highlights the differences between products and services with specific requirements.
Understanding the needs and expectations of interested parties (A.3)
With reference to clause 4.2, annex A.3 explains there is no mandatory requirement in the standard to consider interested parties when defining your organisations context if they are not relevant to the QMS.
Risk based thinking (A.4)
Annex A.4 explains risk based thinking as a continuation of clause 0.3.3. The key areas of the standard where risk based thinking applies, the purpose of risk based thinking and applicability.
It highlights an important note that could be very time consuming if unnoticed by the implementation team, referring to clause 6.1…
Although 6.1 specifies that the organisation shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process. Organisations can decide whether or not to develop a more extensive risk management methodology than is required by this International Standard, e.g. through the application of other guidance or standards.”
The 2008 version allowed for ‘exclusions’ when identifying the scope of the QMS, the new standard does not. Now the standard specifies that you must consider the applicability of the requirements for your business. You must consider the size and complexity of your organisation, management model, activities and the nature of the risks and opportunities. Once the applicability has been considered and identified, then you can declare in the scope that the requirements of clause XYZ do not apply to your QMS. This decision must not negatively affect the QMS.
Documented information (A.6)
Annex A.6 explains what the differences are in terminology. Documented information is a new term in the 2015 version, previously known as ‘Documentation, quality manual, documented procedures, records’. Clause 7.5 is dedicated to documented information.
Organisational Knowledge (A.7)
Clause 7.1.6 is dedicated to organisational knowledge. Annex A.7 describes the reason for introducing the clause requirements:
a) safeguarding the organisation from loss of knowledge, e.g. through staff turnover; failure to capture and share information; b) encouraging the organisation to acquire knowledge, e.g. learning from experience; mentoring; benchmarking.” ISO 9001:2015 Annex A.7
Control of externally provided processes, products and services (A.8)
Clause 8.4 refers to externally provided processes, products and services and controls over them. These include purchasing from a supplier; associate company associations and outsourcing processes externally. The standard recognises that using external resources is a common practice especially in the case of service industries, so the organisations doing this need to apply the key concepts of the standard. When planning how to control those external companies, your organisation must practice risk-based thinking.
Annex B
Annex B provides details of other International Standards for quality management and quality management systems that have been developed by ISO/TC 176. It compares them on table B.1 and the relationships between them.
You must be logged in to post a comment.