ISO 9001

Introduction

ISO 9001 is managed by the International Organization for Standardization (ISO) in Geneva, Switzerland. ISO is a self-governing membership organization and the largest developer of voluntary international standards in the world. International Organization for Standardization’s ISO 9001 series describes standards for a Quality Management System addressing the principles and processes surrounding the design, development and delivery of a general product or service. It supports businesses and organizations to be more effective and improve customer satisfaction.
A new version of the standard, ISO 9001:2015, has just been launched, replacing the previous version ISO 9001:2008 to overcome the challenges that was there in few decades ago and faced by business organizations.
For example, the way we do business, often operates with more complex supply chains with the increasing of globalization. Additionally the expectations and the need of access to more information from customers and other interested parties to organization has been increased. ISO 9001 needs to give consideration to these changes in order to remain relevant.

Differences between ISO 9001:2008 and ISO 9001:2015

  • The most obvious change is the new structure of the standard. As other ISO management system standards the ISO 9001:2015 now follows the same global structure and making it easier for anyone using numerous management systems.
  • ISO 9001:2015 has ten clauses instead of eight. The following table shows the relationship between the ISO 9001:2008 clauses to those in the new ISO 9001:2015.
ISO 9001:2008
ISO 9001:2015
  0.   Introduction
0.   Introduction
       1.      Scope
           1.      Scope
       2.      Normative reference
           2.      Normative reference
       3.      Terms and definitions  
           3.      Terms and definitions
       4.      Quality management system
           4.      Context of the organization
       5.      Management responsibility 
           5.      Leadership
       6.      Resource management
           6.      Planning
       7.      Product realization
           7.      Support
    8.      Measurement, analysis and improvement
     8.    Operation

           9.      Performance evaluation

         10.  Improvement

The first 4 clauses (0-3) of ISO 9001:2015 are largely same as those are in ISO 9001:2008. There are significant differences between these two versions from the 4th clause onwards. The last seven clauses are organized according to the PDCA cycle (Plan, Do, Check, Act).
    • Plan – 4th, 5th, 6th and 7th Clauses
    • Do – 8th Clause
    • Check – 9th Clause
    • Act – 10th Clause

  •  As all standardized management systems ISO 9001:2015 has the unambiguous structure known as ‘High Level Structure (HLS)’ as a result of new arrangement in ten clauses.
  • In ISO 9001:2015 puts more focus on input and output. Articles, information and specification that are involved in the production process must be clearly monitored and must be checked which good articles are come out of the production process according to the ISO 9001:2015 version.
  • An obvious requirement for risk-based thinking to support and increase the understanding and application of the process approach. Risk analysis is used to decide which challenges are comes into the management of business process and to mitigate those risks.
  • Increased leadership requirements and management commitment
According to the ISO 9001:2015 version business process requires more involvement of top managers and business leaders in handling the quality management system. Therefore it integrates and brings business process and business strategies together.
The ‘Management Representative’ of ISO 9001:2008 was a member of the management committee who had the responsibility and authority for directing the quality management system along the right lines. ISO 9001:2015 does not mention this aspect any more. The idea behind the change is that quality is a matter for everyone and for all levels within the organization.
  • Increased emphasis on organizational context
Among other things, as an organization, you have to take into account the needs and expectations of interested parties and that you evaluate and deal with internal and external strategic questions. You have to show that, as an organization, you understand and respond to the expectations of all the parties concerned.
  • More flexibility regarding documentation
No longer requires mandatory documented processes or a quality manual. The information can be in any format and come from numerous sources and media. Various forms of evidence or documentation are therefore possible. There is no longer any mention of ‘records’ neither, but of ‘retaining documented information’.
  • Greater emphasis on achieving desired process results to improve customer satisfaction


How can companies transition from ISO 9001:2008 to ISO 9001:2015?

ABC Company is already ISO 9001 certified, it needs to take the following steps as shown in the below figure in order to comply with ISO 9001:2015
  1. Baseline measurement
    • Perform a standard measurement in the organization. Create a comprehensive overview of the current status of organization’s quality management system and organization’s behavior of business.
  2. Plan of approach
    • Draw up a plan based on the standard measurement. Because of this plan, organization can take the time to make changes and to implement improvements step by step.
  3. Implementation
    • Implement the changes in accordance with the plan of approach. Incorporate measurement points and milestones.
  4. Auditing and process analysis
    • Measure whether the changes have had the desired effect. Measure the input and output of the processes you consider to be important because they are critical or risky, for example.
  5. Certification
    • Have the organization certified according to ISO 9001:2015.
  6. Communication with interested parties
    • Show your interested parties not just the certificate, but also show them the results with pride. Let them see how well your organization manages its processes and continuously improves them.



Comments

Post a Comment

Popular posts from this blog

Introduction to Encryption

Image
What is Encryption? Encryption is like sending secret messages between parties; if someone tries to pry without the proper keys, they won't be able to understand the message. In other words, it is the process of locking up information using cryptography (Cryptography is both the practice and the study of hiding information.) Definition:  ‘ The Process of converting plain text into cipher text, something that appears to be random and meaningless ’ is called as the encryption. Process of converting cipher text back into original text is called as decryption . Terminology Original message is called as plain text/clear text.   Encrypted message is called as cipher text/encrypted text.  A Key which is a secret like a password which is used to encrypt and decrypt information.  Ciphers are the specific algorithms which are used to encrypt and decrypt data. A cipher is series of well-defined steps that can be followed as a procedure to encrypt and decrypt m
Read more

Cross-Site Request Forgery protection in web applications via Double Submit Cookies Patterns

Image
Double submission of cookies is another well-known method to block CSRF. Similar to using unique tokens, random tokens are assigned to both a cookie and a request parameter. In double-submitted cookie pattern, two cookies (for the session and for the CSRF token) are stored in the browser. This pattern is also called as Stateless CSRF Defense since the server site does not have to save this value in any way, thus avoiding server side state. In our previous method, we stored CSRF token values on the server side (text file). But here we don't do it. When a user authenticates to a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user's machine separate from the session id. The site then requires that every transaction request include this random value as a hidden form value (or other request parameter). A cross origin attacker cannot read any data sent from the server or modify cookie values, per the same-origin
Read more

How to do a Phishing attack on Facebook?

Image
This is a Step by step tutorial to make an undetectable Facebook phishing site. Step 1: Download page source Go to https://www.facebook.com Right click on the blank area -> Click Save As When dialog box appears select ‘Webpage, complete’ as Save as type -> Click Save Step 2: Edit “Facebook - Log In or Sign Up.html” file and rename it. Open ‘Facebook - Log In or Sign Up.html’ file with notepad or Dreamweaver. Remove all the ajax codes. (You can download HTML file which removed all ajax codes form here https://github.com/nimeshikaranasinghe/Facebook-Phisihing.git   ) Search for login action (Press Ctrl + F -> type ‘ action= ’ -> Click Find Next) Replace the highlighted part (as in the following screenshot) with getDetails.php Save the file as index.html Step 3: Create getDetails.php Open a notepad. Type the following code <?php             $username = $_POS
Read more