TUV INDIA TRAINING ACADEMY

Chapter 3 : Process Approach

 ISO 9001:2008 promoted the adoption of a process approach - an encouragement than a
requirement.
 However, ISO 9001:2015, refers this as an “essential” .
 The diagram introduced in to ISO 9001:2008 depicting a “model of a process-based quality
management system” has been extensively revised and now references the clause
numbers used in the revised standard.
 Box titles have also been changed to reflect the new terminology

0.3.1 General

Figure 1 — Schematic representation of the elements of a single process

0.3.2 P-D-C-A Cycle

 Remains unchanged
 P-D-C-A is operating at both a process level and an overall system level too.

Figure 2 — Representation of the structure of this International Standard in the PDCA cycle

QMS IA ( 01-002) Rev 06 May 2022 Page 10 of 42

 TUV INDIA TRAINING ACADEMY

Chapter 4 : Risk Based Thinking

 ISO 9001:2008 - always been implicit.
 ISO 9001:2015 - makes the requirement for risk-based thinking explicit at certain points
throughout the standard.
 The standard does not prescribe a risk methodology – but each organization is free to
decide its own approach.
 The robustness of the risk approach must be proportionate to the consequences, should
the risk be realized.

What is “risk-based thinking”?

 risk-based thinking is something we all do automatically and often sub-consciously to get

the best result
 the concept of risk has always been implicit in ISO 9001 – this revision makes it more
explicit and builds it into the whole management system
 risk-based thinking ensures risk is considered from the beginning and throughout the
process approach
 risk-based thinking makes preventive action part of strategic planning
 risk is often thought of only in the negative sense. Risk-based thinking can also help to
identify opportunities. This can be considered to be the positive side of risk

The main objectives of ISO 9001 is :

 to provide confidence in the organization’s ability to consistently provide customers with

conforming goods and services

 to enhance customer satisfaction

The concept of “risk” in the context of ISO 9001 relates to the uncertainty of achieving such
objectives

The concept of “opportunity” in the context of ISO 9001 relates to exceeding expectations and
going beyond stated objectives.

Where is risk addressed in ISO 9001:2015?

1. Clause 4.4.1 : The organization shall determine processes needed for QMS and shall
address the risks and opportunities as determined in accordance with the requirements of
6.1;

2. Clause 5.1.1 d (Leadership & commitment) : Top management shall demonstrate

leadership and commitment by promoting the use of the process approach and risk-
based thinking;

3. Clause 5.1.2 b Top management shall demonstrate leadership and commitment with
respect to customer focus by ensuring that: the risks and opportunities that can affect
conformity of products and services and the ability to enhance customer satisfaction are
determined and addressed;

4. Clause 6.1.1 & 6.1.2 (Actions to address risks & opportunities) : actions to address risks
& opportunities while planning the QMS;

QMS IA ( 01-002) Rev 06 May 2022 Page 11 of 42

 TUV INDIA TRAINING ACADEMY

5. Clause 8.1 (Operational Planning & control) : The organization shall plan, implement and
control the processes (see 4.4) needed to meet the requirements for the provision of
products and services, and to implement the actions determined in Clause 6;

6. Clause 9.1.3 e (Analysis & evaluation) : The organization shall analyse and evaluate
appropriate data and information arising from monitoring and measurement & use the
results of analysis to evaluate the effectiveness of actions taken to address risks and
opportunities;

7. Clause 9.3.2 e (Management Review) : The management review shall be planned and
carried out taking into consideration the effectiveness of actions taken to address risks
and opportunities (see 6.1);

8. Clause 10.2.1 (Non-conformity & corrective action) : When a nonconformity occurs,

including any arising from complaints, the organization shall update risks and
opportunities determined during planning, if necessary.

A.4 Risk-based thinking

The concept of risk-based thinking has been implicit in previous editions of this International
Standard, e.g. through requirements for planning, review and improvement. This International
Standard specifies requirements for the organization to understand its context (see 4.1) and
determine risks as a basis for planning (see 6.1). This represents the application of risk-based
thinking to planning and implementing quality management system processes (see 4.4) and will
assist in determining the extent of documented information.

One of the key purposes of a quality management system is to act as a preventive tool.
Consequently, this International Standard does not have a separate clause or sub clause on
preventive action. The concept of preventive action is expressed through the use of risk-based
thinking in formulating quality management system requirements.

The risk-based thinking applied in this International Standard has enabled some reduction in
prescriptive requirements and their replacement by performance-based requirements. There is
greater flexibility than in ISO 9001:2008 in the requirements for processes, documented information
and organizational responsibilities.

How an organization can demonstrate it ?

Use a risk-driven approach in your organizational processes

 identify what the risks and opportunities are in your organization – it depends on
context

̶ ISO 9001:2015 does not require a formal risk assessment or specific single
document

̶ the information must be kept and available and could be electronic, audio, video,
written or any other type of media

ISO 31000 (“Risk management — Principles and guidelines”) may be a useful reference for
organizations which want a more formal risk process, but is not obligatory.

QMS IA ( 01-002) Rev 06 May 2022 Page 12 of 42

 TUV INDIA TRAINING ACADEMY

Chapter 5 : Compatibility of ISO 9001:2015 with other MSS and

ISO 9001:2015 Contents
This International Standard relates to ISO 9000 and ISO 9004 as follows:

o ISO 9000 Quality management systems — Fundamentals and vocabulary provides

essential background for the proper understanding and implementation of this International
Standard;
o ISO 9004 Managing for the sustained success of an organization — A quality management
approach provides guidance for organizations that choose to progress beyond the
requirements of this International Standard.

Annex SL
What is Annex SL ?
 It is an annex to ISO/IEC Directives Part 1 and Consolidated ISO Supplement. Annex SL
of this Directive is titled ‘Proposals for management system standards’
 Mandated by ISO’s Technical Management Board (TMB)
 It is replacement for previous ISO Guide 83
 Purpose - Enhance the consistency and alignment of different management system
standards.
 Annex SL describes the framework for a generic management system
 All new ISO MSS will adhere to this framework and all current MSS will migrate to the
framework at their next revision
 The audience for this annex is primarily ISO TCs who develop MSSs
 Appendix 2 is in three parts:
1. high level structure (HLS) – 10 high level clauses,
2. identical core text – sitting underneath these 10 headings
3. common terms and core definitions – meanings of terms consistent among all
MSS.

 Organizations who implement a single system addressing multiple standards (e.g. QMS,
EMS, ISMS etc.) will see the most potential benefit since common language is applied
across all MSS.
 Applicable to all MSS
 Does not apply to :
a. ISO 19011:2018 Guidelines for auditing management systems

QMS IA ( 01-002) Rev 06 May 2022 Page 13 of 42