Whittington & Associates Newsletter

Newsletter sign-upSign up for our monthly email newsletter to get the latest guidance on ISO 9001, AS9100, AS9110, AS9120, ISO 13485, IATF 16949, ISO 14001, ISO 27001, ISO 45001, ISO 20000, and related ISO standards, as well as, Six Sigma.

If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.

ISO 9001:2015 Classes in Orlando

Oct 2, 2017 in Newsletter | Comments Off on ISO 9001:2015 Classes in Orlando

Larry Whittington will be the instructor for these ISO 9001:2015 classes in Orlando, Florida:

ISO 9001:2015 Requirements  December 18-19, 2017

ISO 9001:2015 Internal Auditor  December 18-20, 2017

ISO 9001:2015 Lead Auditor  December 18-21, 2017

Click on a course title to view the course description and enroll in a class. If you have questions about the training, or the registration process, please call 770-862-1766.

ISO 14001:2005 Changes – Clause 7

Oct 2, 2017 in Newsletter | Comments Off on ISO 14001:2005 Changes – Clause 7

7. Support

7.1 Changes – Resources

  • Accepts Annex SL text without change
  • Replaces old clause 4.4.1 on Resources, Roles, Responsibility, and Authority
  • Management Representative not required
  • Resources can include:
    • human resources (specialized skills and knowledge);
    • natural resources; technology; financial resources;
    • infrastructure (buildings, equipment, underground tanks, and drainage system).
7.2 Changes – Competence

  • Replaces “Competence” part of old 4.4.2 on Competence, Training, and Awareness
  • Changes from persons must be competent if can cause an environmental impact,
    to if they affect environmental performance or ability to fulfill compliance requirements
  • Adds NOTE on examples of applicable actions (training, mentoring, reassignment, hiring, contracting)
Competence (3.3.1) is the ability to apply knowledge and skills to achieve intended results.
 
7.3 Changes – Awareness

  • Elevates “Awareness” in 4.4.2 on Competence, Training, and Awareness to its own clause
  • Adds awareness of the benefits of enhanced environmental performance
  • Policy awareness means aware of its existence, purpose, and role in meeting commitments
  • Does not mean that must have personal copy of policy or that it needs to be memorized
7.4 Changes – Communication

  • Replaces old clause 4.4.3 on Communication
  • More explicit: What, When, Whom, and How
  • Adds need for consistent and reliable information
  • Adds to communicate changes to system
  • Adds role of communications in contributing to continual improvement
  • Adds to communicate per communications process and compliance obligations
7.5 Documented Information
7.5.1 Changes – General

  • Replaces parts of old clause 4.4.4 on Documentation
  • Adds NOTE that extent of documented information for system can differ from one organization to another
  • No longer documented:
    • Targets (old 4.4.4.a) – Now “Objectives”
    • Roles, Responsibilities, and Authorities (old 4.4.1)
    • Description of main EMS elements (old 4.4.4.c)
  • If working well, no need to withdraw documents
7.5.2 Changes – Creating and Updating

  • Uses Annex SL text without change
  • Relates to old clause 4.4.5 on Control of Documents and 4.5.4 on Control of Records
  • Adds description, format, and media examples
7.5.3 Changes – Control of Documented Information

  • Uses Annex SL text without change
  • Replaces old clause 4.4.5 on Control of Documents
  • Includes requirements from old clause 4.5.4 on Control of Records
  • Adds examples of the need for protection:
    • loss of confidentiality
    • improper use
    • loss of integrity
  • Adds NOTE on types of access to documented information
Prepare to audit EMS with limited documentation. Rely on interviews and observation of activities.

ISO 14001:2015 Changes – Clause 8 

Oct 2, 2017 in Newsletter | Comments Off on ISO 14001:2015 Changes – Clause 8 

8. Operation
8.1 Changes – Operational Planning and Control

  • Replaces old clause 4.4.6 on Operational Control
  • Introduces the term “life cycle perspective”
  • Adds to determine environmental requirements for procurement of products and services
  • Adds to consider providing information on potential significant environmental impacts during:
    • transportation or delivery;
    • use and end-of-life treatment;
    • final disposal of products and services.
  • Introduces the term “outsourced” process and need to define extent of control or influence
  • Adds to control “planned” changes and review consequences of “unintended” change, and to act to mitigate adverse effects
  • Adds NOTE that controls can include engineering controls and procedures, and can be implemented following a hierarchy (e.g., elimination, substitution, administrative)
8.2 Changes – Emergency Preparedness and Response

  • Basically, the same as old clause 4.4.7 on Emergency Preparedness and Response
  • Adds to act to prevent or mitigate consequences of emergency situations, appropriate to magnitude of emergency and potential environmental impact
  • Adds to provide relevant information and training to relevant interested parties and persons working under organization’s control
  • Relocates identifying potential emergencies and accidents to clauses 6.1.1 and 6.1.2.b under Actions to Address Risk and Opportunities

IATF 16949:2016 Changes

Oct 2, 2017 in Newsletter | Comments Off on IATF 16949:2016 Changes

ISO/TS 16949:2009 was based on ISO 9001:2008 and included both sets of requirements.

IATF 16949:2016 includes references to ISO 9001:2015 clauses, but you need the ISO 9001:2015 standard to view its requirements.

The key changes from ISO 9001:2008 to ISO 9001:2015 are listed below with bullet points. The main changes from ISO/TS 16949:2009 to IATF 16949:2016 are indicated below with + signs.

ISO 9001:2015 Changes

*   Annex SL clause structure and common text
*   Expanded applicability to service organizations
*   Organizational issues and interested parties
*   Alignment of QMS and business strategy
*   Focus on risk planning, actions, and monitoring+
*   Expanded focus on process approach
*   Emphasis on outputs and performance
*   Demonstration of management leadership
*   Maintenance of organizational knowledge
*   Purchasing covers all external provision
*   More planning and control of changes
*   Ensuring product and service claims can be met
*   Improvement for future needs and expectations

IATF 16949:2016 Changes

+ Standalone IATF 16949 standard
+ Doubling number of IATF 16949 requirements
+ Retention of quality manual and preventive action
+ Documented processes for product safety
+ Anti-Bribery Policy
+ Employee Code of Conduct
+ Ethics Escalation Policy
+ Identification of process owners
+ Documented evidence of results of risk analysis
+ Contingency plans for continuity of supply
+ Methods to evaluate manufacturing feasibility
+ Documented process for calibration records
+ List of qualified internal auditors
+ Documented process for employee motivation
+ Matrix for customer-specific requirements
+ Documented record retention policy
+ Multi-disciplinary approach to feasibility analysis
+ Documented design and development process
+ Software development assessment methodology
+ Requirements for embedded software
+ Documented manufacturing process design
+ Documented supplier selection process
+ Documented process for outsourcing controls
+ Rules for operator safety in work documents
+ Documented process to control changes
+ Documented list of process controls
+ Training to contain any suspect or NC product
+ Documented process to confirm rework/repair
+ Documented process for NC product disposition
+ Documented process for problem solving
+ Documented process for error-proofing
+ Warranty management system
+ Retention of NC and CA documented procedures
+ Documented process for continual improvement

We offer a 2.5 day onsite IATF 16949:2016 Requirements course and a 3.5 day onsite IATF 16949:2016 Internal Auditor course (which includes the 2.5 day Requirements course).

If interested in scheduling a class, please contact [email protected]

ISO 14001:2015 Interpretations

Oct 2, 2017 in Newsletter | Comments Off on ISO 14001:2015 Interpretations

The ISO/TC 207/SC 1 sub-committee has a process for managing interpretations of ISO 14001:2015. If you’d like to view the interpretations for the questions below, go to this ISO/TC 207/SC 1 web page.

1. ISO 14001:2015 has a very different structure than the two previous versions. Our documentation is aligned to the clauses that existed in the previous version. Do we have to restructure our documentation to follow the new clause structure?

2. Are the references to other standards in the Notes to Entry in Clause 3 (Terms and definitions) normative?

3. Are there any situations in which “top management” refers to persons outside the scope of the environmental management system?

4. Does the term “compliance obligation” in ISO 14001:2015 have the same meaning as the phrase “legal requirements and other requirements to which the organization subscribes” in the previous edition?

5. There appears to be ambiguity in ISO 14001:2015 regarding whether the term “risk” has only a negative connotation or includes both negative and positive connotations. The definition of “risk” (3.2.10) states that risk can be positive or negative, but the definition of “risks and opportunities” (3.2.11) implies that risk is only negative, while opportunities are positive. May an organization decide for itself whether to use the term “risk” in its Environmental Management System as a solely negative concept or as both a negative and positive concept?

6. In Note 1 to Entry 3.3.4 “outsource,” does the phrase “outside the scope of the management system” mean “outside the scope of the environmental management system”?

7. Is an organization required to establish a process in order to meet the requirements in 4.1 and 4.2 that it determine its context, relevant interested parties and their needs and expectations? Is an organization required to develop and maintain documented lists of its external and internal issues, its relevant interested parties and their needs and expectations?

8. Does the organization have to identify at least one risk or opportunity that needs to be addressed, i.e. at least one potential adverse effect (threat) or beneficial effect (opportunity) that needs to be addressed?

9. Does ISO 14001:2015 require Life Cycle Assessments (LCAs) to be completed as part of the enhanced life cycle perspective requirements?

10. Does ISO 14001:2015 require the organization to apply a life cycle perspective when determining which of its environmental aspects are significant, i.e., in its criteria for determining significance?

11. In Clause 6.1.4.a.3, which “risks and opportunities” is an organization required to plan actions to address?

12. What is an outsourced process? Is every process or service obtained from an external provider an outsourced process?

13. If an organization does not have any outsourced processes, to what extent does clause 8.1 apply? Do the requirements in the paragraph starting “consistent with a life cycle perspective” only apply to outsourced processes?

14. Does the phrase, “consistent with a life cycle perspective’ in Clause 8.1, Operational Planning and Control mean than an organization needs to consider a life cycle perspective a second time, with regard to operational planning and control?

15. The operational control clause of ISO 14001:2004 (Clause 4.4.6) referred to identifying and planning those operations associated with significant environmental aspects. The operational planning and control clause of ISO

14001:2015 (Clause 8.1) refers to processes needed to meet environmental management system requirements. Does the revised standard still refer to control of the organization’s operational processes?

16. Does the requirement for internal audit (9.2) include a compliance or financial audit?

It is important to note that these interpretations do not change the requirements in ISO 14001:2015, but are intended to give users a better understanding of ISO 14001:2015.

If you are interested in having a 1.0 day “ISO 14001:2015 Requirements” course taught onsite at your facility, please send an email to [email protected]. You can view the course description by clicking on the course title above.

ISO Certificate Survey

Oct 2, 2017 in Newsletter | Comments Off on ISO Certificate Survey

ISO has released the results of its annual survey of certifications. My summary below shows the number of worldwide certificates as of year-end 2016 for eight of management system standards, along with the USA totals and the top ten countries for each standard.

ISO 9001 (Quality): 2008 and 2015 Editions
Certificates in 2016 = 1,106,356 (USA = 30,474)
Certificates in 2015 = 1,034,180 (USA = 33,103)
Increase = + 72,176 (USA = – 2,629)
Percentage = + 7 % (USA = – 8 %)

1. China = 350,631
2. Italy = 150,143
3. Germany = 66,233
4. Japan = 49,429
5. UK = 37,901
6. India = 37,901
7. Spain = 34,438
8. USA = 30,474
9. France = 23,403
10. Brazil = 20,908

ISO 14001 (Environment): 2004 and 2015 Editions
Certificates in 2016 = 346,189 (USA = 5,582
Certificates in 2015 = 319,496 (USA = 6,067)
Increase = + 26,693 (USA = – 485)
Percentage = + 8 % (USA = – 8 %)

1. China = 137,230
2. Japan = 27,372
3. Italy = 26,655
4. UK = 16,761
5. Spain = 13,717
6. Germany = 9,444
7. France = 6,695
8. India = 7,625
9 Romania = 6,075
10. USA = 5,582

ISO/TS 16949 (Automotive)
Certificates in 2016 = 67,358 (USA = 4,293)
Certificates in 2015 = 62,944 (USA = 4,345)
Increase = + 4,414 (USA = – 52)
Percentage = + 7 % (USA = – 1 %)

1. China = 28,830
2. Korea = 5,352
3. India = 5,289
4. USA = 4,293
5. Germany = 3,460
6. Mexico = 1,575
7. Thailand = 1,547
8. Japan = 1,506
9. Italy = 1,405
10. Taipei = 1,384

ISO 22000 (Food Safety)
Certificates in 2016 = 32,139 (USA = 82)
Certificates in 2015 = 32,061 (USA = 210)
Increase = +78 (USA = – 128)
Percentage = 0 % (USA = – 61 %)

1. China = 11,069
2. Greece = 2,227
3. India = 2,000
4. Italy = 1,304
5. Japan = 1,180
6. Taipei = 919
7. Poland = 701
8. Romania = 682
9. Turkey = 651
10. Spain = 611

ISO 13485 (Medical Devices)
Certificates in 2016 = 29,585 (USA = 5,298)
Certificates in 2015 = 26,255 (USA = 5,231)
Increase = + 3,330 (USA = + 67)
Percentage = + 7 % (USA = + 1 %)

1. USA = 5,298
2. Germany = 4,107
3. Italy = 2,980
4. China = 2,244
5. UK = 2,083
6. Japan = 1,330
7. France = 1,097
8. Switzerland = 955
9. Taipei = 807
10. Korea = 784

ISO 27001 (Information Security)
Certificates in 2016 = 33,290 (USA = 1,115)
Certificates in 2015 = 27,536 (USA = 1,247)
Increase = + 5,754 (USA = – 132)
Percentage = + 21 % (USA = – 11 %)

1. Japan = 8,945
2. UK = 3,367
3. India = 2,902
4. China = 2,618
5. Germany = 1,338
6. USA = 1,115
7 Taipei = 1,087
8. Spain = 752
9. Poland = 657
10. Netherlands = 670

ISO 20000-1 (IT Services)
Certificates in 2016 = 4,537 (USA = 175)
Certificates in 2015 = 2,778 (USA = 223)
Increase = + 1,759 (USA = – 48)
Percentage = + 63 % (USA = – 22 %)

1. China = 1,666
2. India = 442
3. Japan = 285
4. UK = 217
5. Spain = 215
6. USA = 175
7. Italy = 119
8. Germany = 104
8. Romania = 104
10. Mexico = 98

ISO 50001 (Energy)

Certificates in 2016 = 20,334 (USA = 47)

Certificates in 2015 = 11,985 (USA = 53)
Increase = + 8,349 (USA = – 6)
Percentage = +70 % (USA = – 11 %)

1. Germany = 9,024
2. UK = 2,829
3. Italy = 1,415
4. China = 1,015
5. France = 759
6. India = 570
7. Hungary = 546
8. Spain = 465
9. Czech Republic = 369
10. Taipei = 298

To read the ISO Survey Executive Summary, go to this ISO web page.

To see the full survey results, go to this ISO web page.

Gap Analysis Checklists

Oct 2, 2017 in Newsletter | Comments Off on Gap Analysis Checklists

Larry Whittington has developed ISO 9001:2015 and ISO 14001:2015 checklists for the purpose of conducting a gap analysis of your current system against the new and changed requirement of the new standards.

ISO 9001:2015 Gap Analysis Checklist

The 27 page ISO 9001:2015 Gap Analysis Checklist contains 313 questions for organizations new to ISO 9001, and 119 delta questions for ISO 9001:2008 certified organizations.

To read a description of the ISO 9001:2015 Gap Analysis Checklist, and see a sample page, go to this web page. You can buy the checklist for $95.

ISO 14001:2015 Gap Analysis Checklist

The 17 page ISO 14001:2015 Gap Analysis Checklist contains 213 questions for organizations new to ISO 14001, and 96 delta questions for ISO 14001:2004 certified organizations.

To read a description of the ISO 14001:2015 Gap Analysis Checklist, and see a sample page, go to this web page. You can buy the checklist for $95.

Payment

When you click the Buy Now button at the checklist description, you will be taken to PayPal. You do not need a PayPal account to make a credit card purchase.

After payment, you will be directed to a checklist download page. The file is supplied in Word format for ease of editing.

Quality Manual Templates

Oct 2, 2017 in Newsletter | Comments Off on Quality Manual Templates

We’re pleased to announce that we now have quality manual templates available for IATF 16949:2016, AS9100D, AS9110C, and AS9120B-based quality management systems:

In addition, we have an ISO 9001:2015 quality manual template, ISO 14001:2015 policy manual template, and an integrated QMS-EMS policy manual template:

Click on a template above to view its description. To purchase a template, click on the “Buy Now” button within the template description.

You don’t need a PayPal account to buy a template by credit card. After payment, you’ll be directed to a template download page. The file is supplied in Word format for ease of editing.

If you have any questions about these templates, please contact Larry Whittington at <[email protected]>.