Tomislav Stosic
May 9, 2017
Implementation, maintenance, training, and knowledge products for Information Security Management Systems (ISMS) according to the ISO 27001 standard.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
All required policies, procedures, and forms to implement an ISMS according to ISO 27001.
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful ISMS.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance and training products for critical infrastructure organizations for the European Union’s Network and Information Systems cybersecurity directive.
All required policies, procedures, and forms to comply with the NIS 2 cybersecurity directive.
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Compliance and training products for personal data protection according to the European Union’s General Data Protection Regulation.
All required policies, procedures, and forms to comply with the EU GDPR privacy regulation.
Accredited courses for individuals and privacy professionals who want the highest-quality training and certification.
Implementation, training, and knowledge products for Quality Management Systems (QMS) according to the ISO 9001 standard.
All required policies, procedures, and forms to implement a QMS according to ISO 9001.
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for Environmental Management Systems (EMS) according to the ISO 14001 standard.
All required policies, procedures, and forms to implement an EMS according to ISO 14001.
Accredited courses for individuals and environmental professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 14001 and the EMS using Advisera’s proprietary AI-powered knowledge base.
Implementation and training products for Occupational Health & Safety Management Systems (OHSMS) according to the ISO 45001 standard.
All required policies, procedures, and forms to implement an OHSMS according to ISO 45001.
Accredited courses for individuals and health & safety professionals who want the highest-quality training and certification.
Implementation and training products for medical device Quality Management Systems (QMS) according to the ISO 13485 standard.
All required policies, procedures, and forms to implement a medical device QMS according to ISO 13485.
Accredited courses for individuals and medical device professionals who want the highest-quality training and certification.
Compliance products for the European Union’s Medical Device Regulation.
All required policies, procedures, and forms to comply with the EU MDR.
Implementation products for Information Technology Service Management Systems (ITSMS) according to the ISO 20000 standard.
All required policies, procedures, and forms to implement an ITSMS according to ISO 20000.
Implementation products for Business Continuity Management Systems (BCMS) according to the ISO 22301 standard.
All required policies, procedures, and forms to implement a BCMS according to ISO 22301.
Implementation products for testing and calibration laboratories according to the ISO 17025 standard.
All required policies, procedures, and forms to implement ISO 17025 in a laboratory.
Implementation products for automotive Quality Management Systems (QMS) according to the IATF 16949 standard.
All required policies, procedures, and forms to implement an automotive QMS according to IATF 16949.
Implementation products for aerospace Quality Management Systems (QMS) according to the AS9100 standard.
All required policies, procedures, and forms to implement an aerospace QMS according to AS9100.
Implementation, maintenance, training, and knowledge products for consultancies.
Handle multiple ISO 27001 projects by automating repetitive tasks during ISMS implementation.
All required policies, procedures, and forms to implement various standards and regulations for your clients.
Organize company-wide cybersecurity awareness program for your client’s employees and support a successful cybersecurity program.
Accredited ISO 27001, 9001, 14001, 45001, and 13485 courses for professionals who want the highest-quality training and recognized certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Find new clients, potential partners, and collaborators and meet a community of like-minded professionals locally and globally.
Implementation, maintenance, training, and knowledge products for the IT industry.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Compliance, training, and knowledge products for essential and important organizations.
Documentation to comply with NIS 2 (cybersecurity), GDPR (privacy), ISO 27001 (cybersecurity), and ISO 22301 (business continuity).
Company-wide training program for employees and senior management to comply with Article 20 of the NIS 2 cybersecurity directive.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for manufacturing companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for transportation & distribution companies.
Documentation to comply with ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for schools, universities, and other educational organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), and GDPR (privacy).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for telecoms.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), ISO 20000 (IT service management), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, maintenance, training, and knowledge products for banks, insurance companies, and other financial organizations.
Automate your ISMS implementation and maintenance with the Risk Register, Statement of Applicability, and wizards for all required documents.
Documentation to comply with ISO 27001 (cybersecurity), ISO 22301 (business continuity), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and security professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 and the ISMS using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for local, regional, and national government entities.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), GDPR (privacy), and NIS 2 (cybersecurity).
Company-wide cybersecurity awareness program for all employees, to decrease incidents and support a successful cybersecurity program.
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS) and ISO 9001 (QMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for hospitals and other health organizations.
Documentation to comply with ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), and GDPR (privacy).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the medical device industry.
Documentation to comply with MDR and ISO 13485 (medical device), ISO 27001 (cybersecurity), ISO 9001 (quality), ISO 14001 (environmental), ISO 45001 (health & safety), and GDPR (privacy).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 27001 (ISMS), ISO 9001 (QMS), and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the aerospace industry.
Documentation to comply with AS9100 (aerospace), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for the automotive industry.
Documentation to comply with IATF 16949 (automotive), ISO 9001 (quality), ISO 14001 (environmental), and ISO 45001 (health & safety).
Accredited courses for individuals and professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 (QMS) and ISO 14001 (EMS) using Advisera’s proprietary AI-powered knowledge base.
Implementation, training, and knowledge products for laboratories.
Documentation to comply with ISO 17025 (testing and calibration laboratories) and ISO 9001 (quality).
Accredited courses for individuals and quality professionals who want the highest-quality training and certification.
Get instant answers to any questions related to ISO 9001 and the QMS using Advisera’s proprietary AI-powered knowledge base.
The purpose of this case study is to enable the consultants and implementers to better understand the transition process from ISO 9001:2008 to ISO 9001:2015 in large organizations, regarding some of the more ponderous changes in this standard. The emphasis is placed on the requirements that appear, or are eliminated, for the first time in this revision of the standard.
For the purpose of this case study, XYZ Inc. is a large organization that does business on three continents. It provides design and architectural services to its clients, the majority of which are governments and/or government-operated agencies. More than 80% of the organization’s projects are worth more than 30 million USD. In order to keep tendering and doing public work, being an ISO-registered organization is a mandatory requirement.
Determining the external and internal issues that have relevance to the purpose of the organization and its strategic direction is something that XYZ Inc. has always done during the executive board’s meetings in order to better understand and grasp the business. Section 4.1 of ISO 9001:2015 doesn’t specifically ask for a procedure to be established in order to understand the context of the organization; however, documented information that will serve as objective evidence that this matter is monitored and periodically reviewed is necessary. Keeping in mind that there is no “right tool for the job” in this case, the SWOT (Strengths, Weaknesses, Opportunities, and Threats) or PEST (Political, Economic, Social, and Technological) analysis can be used, though XYZ Inc. deemed that using a simple meeting minutes form would be sufficient in order to ensure compliance with this requirement.
The Management Representative is a thing of the past now. XYZ Inc. used to have an Office Quality Management Representative in each of their locations whose responsibilities, among others, were to ensure that the processes needed for the QMS were established, implemented, and maintained, as well as to report on the performance of the QMS to top management. This was usually a junior engineer who had no idea what he was getting into when he was assigned the responsibilities, and ended up working 60 hours/week while still falling behind on his regular work. It was never intended for the Management Representative to be a full-time position in any organization, but it was also never intended to be such a burden to bear. By appropriately allocating the responsibilities and authorities for the relevant roles in the organization, QMS-related duties shall no longer be obstacles. Don’t get this wrong – the responsibilities of the Management Representative are still a requirement of the standard, but not the position itself. With appropriate training, the project engineers will be able to ensure compliance with ISO 9001 on their own projects, without it consuming much of their time. XYZ Inc. realized that the most efficient way to document the roles, responsibilities, and authorities was by establishing a RACI (Responsible, Accountable, Consulted, and Informed) chart for each location, which will be periodically reviewed and changed if necessary, all in order to continually improve the overall effectiveness of the QMS.
Preventive action was eliminated from the newest version of ISO 9001 and was replaced and upgraded to actions to address risks and opportunities. Risk is the effect of uncertainty on the expected outcome, and the concept of risk-based thinking has always been implicitly covered in ISO 9001. XYZ Inc. has always considered the risks and opportunities for each of their projects. The responsibility for addressing risks and opportunities is appointed to the Department of Risk Management. Risks and opportunities for every project are assessed and addressed before it commences, and periodically during its life cycle. The method used in XYZ Inc. is based on predictive management tools such as FMEA (Failure Modes and Effects Analysis) and SMEA (Success Modes and Effects Analysis), and consists of four parts:
Appropriate documented information, such as a risk register and an action plan, are established for every project and are treated as “living” documents throughout the project’s life cycle, thereby ensuring that the organization is constantly aware of the risks and opportunities and has complete control over them.
Just like every other company, XYZ Inc. has special knowledge that sets it apart from the competition and makes it unique. Section 7.1.6 Organizational knowledge says that the organization shall determine, maintain, and make available, to the extent necessary, the knowledge needed for operation of processes and achieving conformity of products and services. This can be interpreted in many ways, but the most efficient way to achieve conformity to this requirement must be selected, considering the fact that most auditors will deliberately avoid asking for evidence of conformance to this requirement, predominantly because they don’t fully understand it. XYZ’s approach regarding this matter was simple: a Knowledge Database was established on the organization’s servers with an appropriate filing structure, and the responsibilities for maintaining it and authorities for granting access were appointed. The knowledge (lessons learned, intellectual property, patents, etc.), from both internal and external origin, that the organization considers important is stored in the Knowledge Database.
These simple examples will hopefully provide guidance with, and help you to understand better, your ISO 9001:2015 implementation in a large organization, at least for these four sections that involved major changes in this revision. Things will almost certainly not go the way they were planned, and that is perfectly fine. By continually improving the QMS and molding it to fit the organization’s requirements, the business and quality goals will align, thereby ensuring constant conformity of products and services.
Use this free online training ISO 9001 Foundations Course to learn more about ISO 9001:2015 and make the transition easier.
You may unsubscribe at any time. For more information, please see our privacy notice.