ISO 9001: 2015 - Quality Management System Implementation & Audit | Sadok Smine | Skillshare

Playback Speed


  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

ISO 9001: 2015 - Quality Management System Implementation & Audit

teacher avatar Sadok Smine, Engineer

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

78 Lessons (3h 51m)
    • 1. Introduction

      1:50
    • 2. Quality Definition

      3:10
    • 3. ISO 9001 Quality Objectives S

      1:55
    • 4. Quality Management Definition

      1:27
    • 5. Quality Assurance and Quality Control

      1:37
    • 6. Why Do We Need Use Quality Management

      5:56
    • 7. ISO 9001 Definition

      5:30
    • 8. The 7 Quality Management Principles

      2:09
    • 9. Customer Focus

      4:07
    • 10. Leadership

      2:58
    • 11. Involvement of People

      2:08
    • 12. Process Approach

      4:21
    • 13. Improvement

      4:43
    • 14. Evidence Based Decision Making

      3:25
    • 15. Relationship Management

      3:36
    • 16. The 10 Clauses of ISO 9001 2015 Intro

      3:58
    • 17. Clause1 Scope

      1:35
    • 18. Clause 2 3 noormative references terms and def

      1:24
    • 19. 4.1. Understanding the Organization and Its Context

      4:15
    • 20. 4.2. Understanding the Needs and Expectations of Interested Parties

      2:46
    • 21. 4.3. Determining the Scope of the QMS

      2:46
    • 22. 4.4. Quality Management System and its Processes

      4:07
    • 23. 5.1. Leadership and Commitment

      7:11
    • 24. 5.2. Policy

      3:55
    • 25. 5.3. Organizational roles, responsibilities and authorities

      1:53
    • 26. 6.1. Actions to Address Risks and Opportunities

      5:22
    • 27. 6.2. Quality Objectives and Planning to Achieve Them

      5:32
    • 28. 6.3. Planning of changes

      2:46
    • 29. 7.1.1. Resources: General

      1:21
    • 30. 7.1.2. People

      1:56
    • 31. 7.1.3. Infrastructure

      2:36
    • 32. 7.1.4. Environment for the Operation of Processes

      2:21
    • 33. 7.1.5. Monitoring and Measuring Resources

      2:04
    • 34. 7.1.6. Resources: Organizational Knowledge

      1:59
    • 35. 7.2. Competence

      2:09
    • 36. 7.3. Awareness

      1:43
    • 37. 7.4. Communication

      3:04
    • 38. 7.5. Documented Information

      3:58
    • 39. 8.1. Operational Planning and Control

      2:55
    • 40. 8.2.1. Requirements for Products and Services: Customer Communication

      3:00
    • 41. 8.2.2. Determining the Requirements Related to Products and Services

      2:15
    • 42. 8.2.3. Review of Requirements Related to Products and Services

      2:09
    • 43. 8.2.4. Changes to Requirements for Products and Services

      1:12
    • 44. 8.3.1 Design and Development of Products and Services: General

      2:09
    • 45. 8.3.2. Design and Development Planning

      3:23
    • 46. 8.3.3. Design and Development Inputs

      2:30
    • 47. 8.3.4. Design and Development Controls

      6:20
    • 48. 8.3.5. Design and Development Outputs

      3:19
    • 49. 8.3.6. Design and Development Changes

      2:45
    • 50. 8.4.1. Control of Externally Provided Processes, Products, and Services: General

      2:44
    • 51. 8.4.2. Type of Extent Control

      3:40
    • 52. 8.4.3. Information for External Providers

      3:13
    • 53. 8.5.1. Control of Production and Service Provision

      2:42
    • 54. 8.5.2. Identification and Traceability

      1:44
    • 55. 8.5.3. Property Belonging to Customers or External Providers

      1:49
    • 56. 8.5.4. Preservation

      2:24
    • 57. 8.5.5. Post-delivery Activities

      1:59
    • 58. 8.5.6. Control of Changes

      2:22
    • 59. 8.6. Release of Products and Services

      2:34
    • 60. 8.7. Control of Nonconforming Outputs

      4:17
    • 61. 9.1.1. Monitoring, Measurement, Analysis and Evaluation: General

      3:41
    • 62. 9.1.2. Customer Satisfaction

      2:54
    • 63. 9.1.3. Analysis and Evaluation

      2:34
    • 64. 9.2. Internal Audits

      7:12
    • 65. 9.3.1. Management Review: General

      2:52
    • 66. 9.3.2. Management Review Inputs

      2:00
    • 67. 9.3.3. Management Review Outputs

      1:27
    • 68. 10.1. Improvement: General

      4:50
    • 69. 10.2. Nonconformity and Corrective Action

      3:40
    • 70. 10.3. Continual Improvement

      1:27
    • 71. Management System Auditing: General

      2:09
    • 72. Types of Audits

      0:57
    • 73. Defining Audit Objectives, Scope, Criteria

      1:35
    • 74. Auditors and Audit Team

      2:50
    • 75. Audit Planning and Audit Execution007

      2:57
    • 76. Generating Audit Findings and Closing Meeting

      2:21
    • 77. Nonconformities

      2:43
    • 78. Audit Report and Follow up Activities

      2:20
  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.

133

Students

--

Projects

About This Class

Learn how to Implement and Audit a Quality Management System as per ISO 9001: 2015!

This 3.5 hours course provides a clear, step-by-step explanation on each requirement/sub-clause of the ISO 9001: 2015 Standard.

This course offers solutions which can be used in the implementation of a quality management system, it also provides guidance on how to audit a quality management system, whether internal or external audit.

This course will help you gain a perfect understanding of ALL the requirements presented in ISO 9001: 2015, and you will be able to implement a Quality Management System or make an audit for a QMS.

This course is divided into 4 parts:

The first part acts as an introduction to the course, it provides you with definitions such, quality, quality management and ISO, and the purpose of quality management.

The second part speaks about the 7 quality management principles, the actions proposed by ISO 9000: 2015 in order to apply those principles and the benefits of each principle.

The third part is where, in my opinion, things get serious, as it contains a very thorough and detailed explanation of all the requirements of ISO 9001: 2015 plus examples to help you better understand the requirement, it follows the structure of the standard so we will be discussing about the clauses in their order: Context of the Organization, Leadership, Planning, Support, Operation, Performance Evaluation and Improvement.

The fourth part is about management system auditing in general and it speaks about the principles and types of management system audits, concepts like audit scope and criteria, audit teams, audit objectives, non-conformity, audit plans and report.


Every key requirement of ISO 9001: 2015 is being explained : context of the organization; risks and opportunities; QMS scope; quality policy and objectives; infrastructure; competence; awareness; measuring and monitoring resources; documented information; design and development; customer communication; reviewing customer requirements; property belonging to customers or external providers; preservation; control of externally provided processes, products and services; identification and traceability; post-delivery; release of products and services; nonconforming outputs; customer satisfaction; internal audit; nonconformity and corrective action or management review.

The course DOES NOT ONLY READ THE REQUIREMENTS OF ISO 9001:2015 but it speaks about the intent of each requirement, gives examples and solutions for the implementation. It is a great tool for auditing or implementing a Quality Management System.

Meet Your Teacher

Teacher Profile Image

Sadok Smine

Engineer

Teacher

Hello, I'm Sadok.

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
    0%
  • Yes
    0%
  • Somewhat
    0%
  • Not really
    0%
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.

Transcripts

1. Introduction: Hello and welcome. Before enrolling in this course, how about you watch this first? So what do you need before enrolling in this course? Well, absolutely nothing. Everything will be explained in detail. This course is aimed at quality auditors, consultants, word Management Systems, Quality Engineers, or maybe quality managers, quality assurance or quality control specialist. Or maybe professors will kick off this course by defining quality and quality management and ISO. And then we'll talk about the seven quality management principles from ISO 9 thousand. And then we'll move on to do a step-by-step explanation on a glass BY clause explanation of the 10 classes of ISO 9000 one 2015 revision in how to implement an audit. Each requirement, we'll finish up this course by talking about the management system auditing in how to conduct an audit. At the end of this course, you will find a quiz to help you test your knowledge. We are enthalpy and this is the quality management system, implementation and audits. 2. Quality Definition : All right, So first of all, welcome and thank you for enrolling in this course. Now, the main purpose of this course is to increase the awareness level of an industry's top management and academia for the ISO standard significance as a business tool, as well as to enhance their knowledge on ISO 9,001, the 2015 version, and to present the standard in its new and revised version of 2015. Now we can kick this off by defining quality. So what is quality? Well, according to ISO 9 thousand and of course we're going to talk more and much more about the ISO standard. So as I said, according to ISO 9000, quality is the degree to which a set of inherent characteristics fulfill requirements. So as I said, the ISO 9000 series of standards is the international standard for quality management. The aim or the goal of this series or family of standards, is to aid or help supplier quality assurance and to provide a common, authoritative, and widely accepted standard by which to evaluate and compare the potential of firms to meet acceptable levels of quality and reliability. Now, as I said, this is the definition according to the ISO 9000 family. Now there are other definitions according to authors or other authors. We've got from the concise Oxford Dictionary, quality is defined as the degree of excellence according to the fore and Jeran, it is defined as the fitness for purpose. Now, according to go chair and Davis, quality is defined as the dynamic state associated with products, services, people, processes, and environments that meets or exceeds expectations and helps produce superior value. According to Phil Crosby, quality is defined as conformance to requirements. Now, one thing you should also know is that quality is not specification. Let's take the example of these two cars. As you can see, this is a very luxurious Rolls-Royce God, which is of course very nice. And we've got this fringe visual 10, 6. Now, this car, of course, has a high specification, while this one has a low specification. Now, according to default and according to the FO and Jeran, the quality is defined as fitness for purpose. So according to the FO and Jeran, if these two if both cars satisfy the purpose for which they were, purchase it, then they can both be quality products. So there is a big difference between quality and specification. 3. ISO 9001 Quality Objectives S: Now we know what quality is. Let's talk about quality objectives now. Iso 9000. One, quality objectives should be established in a smart format. Obviously, smart is a five letter word. Now S stands for Specific. When we say specific, it means that the objectives, of course, the quality, should be clear enough and specific so that everyone understands and interprets them in the same way. In other words, no matter who reads those objectives, they all come up with the same conclusion. That's for S. As for M, M stands for measurable. When we say measurable, it means that the quality objectives or an objective should be quantifiable and you should be able to track performance to see if you have or have not achieved the desired outcome. In other words, you can say that measurable is kinda of like controllable objectives. A stands for Attainable, which means that the objectives should be doable and within your organizations reach to achieve them reasonably. In other words, you wouldn't, you wouldn't put in an objective or a goal. There is kind of impossible to reach according or based on your capabilities are smart sense for relevant. It means that the objectives should be realistic, relevant, and consistent with your quality management policy. And as for t stands for time bound, it means that the objectives should be quantifiable and have a time frame associated with it. And of course, just like any other goal, when you set a goal, you of course set a date for that goal. 4. Quality Management Definition: So we've introduced the term quality. Now, let's talk about quality management, since this is the core of our course. So quality management, to put it in words, quality management is the process for ensuring that all project activities necessary to design, blend, and implement a project are effective and efficient with respect to the purpose of the objective and its performance. In other words, quality management is basically there to make sure that we'll do in the activity, the activities within the organization in the right way. So quality management is not a onetime event, it is a process, a repetitive cycle of measuring quality and updating processes until the desired quality is achieved. Now, for some sectors like the food industry, for example, in order to cope with market needs as well as legal requirements, it has to satisfy both safety and quality criteria for its products. And therefore, we can now say that quality management, thus the totality of functions involved in the determination and achievement of quality, including quality assurance and quality control, which of course we're gonna talk about in the next video. 5. Quality Assurance and Quality Control: So we've already established that quality management involves both quality control and quality assurance. Well, let's see the difference between quality assurance and quality control. As for quality assurance, it contains support and feedback, design, testing, and deployment of the product or a service. In other words, if, in other words, it is a way of preventing mistakes and defects a manufactured product. And it's, it's about avoiding problems when delivering products or services to customers. As for quality control, as you can see, it involves analyzing, improving Valley waiting and the planning of the product or the surface. So we're basically making sure that the product quality is maintained or improved. Well, now to put it in words, quality assurance includes all activities designed to produce products and services of appropriate quality. And therefore, quality assurance focuses on the entire quality system, including suppliers and also emit consumers of the product or the service, or the service, I'm sorry. As for quality control, it has a narrower focus than quality assurance. Quality control focuses on the process of producing the product or service with the intent of eliminating problems that might result in defects. 6. Why Do We Need Use Quality Management: So why do we use quality management? Well, according to ISO 9000 won the 2015 edition or version, the primary focus of quality management is to meet customer requirements and to thrive. And when we say it's thrived, it means to try hard to exceed customer expectations. So basically, the purpose of quality management is to meet and exceed the customer's expectations. Now, let's dive a little bit more in. This is a quality management history before the 1900s that was known as the craftsmanship era. This is before, of course, the industrial revolution. This is where services were, were less sophisticated and the person providing the service dealt directly with the customer. And then came the inspection era with mass production and industrialization. With the formation of factories and increasing automation, work became more repetitive. Now, the process at the time was just basically trying to fix the issues that already occurred when we weren't trying to proactively find the root cause of all the issue. So we're basically we're basically just trying to fix the issues that already happened. The inspector the inspector which is which is a lie in here. So the inspector becomes the barrier between the production operation and the customer or the process and the customer. Now, then we've got the quality control error from the 1930s to around the 1950s. And around that time, American statistician's Walter Shewhart realized that inspection after the event was not a good way of ensuring quality. So in his book, economic control of quality of manufactured, manufactured product, he, he came up with the control chart and which of course we know now as the statistical process control. And around that time it wants dimming also presented. His also presented is SPC, SPC chart or the statistical process control chart. And so we can say that modern quality, quality management started from this, now from the 1950s to around the 1970s, that was known as the total quality management era. With Deming's it wants Edwards Deming's 14 points and the introduction of the concept of leadership systems thinking, the involvement and empowerment of staff. Now, from the 1970s around the 1990s, game standards and awards. So the ISO 9 thousand, I believe the first edition of ISO 9000 was, was the ISO 901987 edition that I think that was the first version of ISO nine of the eyes or mouth. A nice at 9 thousand family. We've got also bald ridge words. In other words, now from the 1990s to the present, this is known as the initiative era with lean manufacturing and Six Sigma. The reason we're talking about all this is to answer the question as to why do we need quality management or better yet, what was wrong with traditional approaches? And so, and so this, this, this craftsmanship era and inspection era was known as scientific management. So what was wrong with those traditional approaches? Well, as we've seen, that we've got a lack of leadership around that time. There was a lack of leadership. And leadership is, of course, concern is concerned in producing change and movement by vision, building, aligning people, and communicating who, according to Gartner, there was also a short, short-term focus, or in other words, a lack of long-term focus, which is caused by stock market. As you know, the stock market prices will vary, would vary each, each week and each day and probably each hour. And therefore, and therefore, decision makers were only making sure short-term goals and there was no long-term goals. And then as I said, that was caused by the stock market. As stock market changes each day or each hour, there was also a lack of customer focus and we can name the lochia, the Nokia example. Around 2006, 2007, Nokia was still producing this thing while Apple was already producing the iPhone, which, which of course, people or the customer did not know they want until they saw it. So I believe it was it was Henry Ford who said If I had asked my customers what they wanted and they wouldn't have said a faster horse because sometimes the customer doesn't even know what they need or what they want until they see it. So there was a lack of customer focus with traditional approaches. And there was also a lack of systems thinking. When we say systems thinking, it means the interdependency of parts, how parts are, how parts are inter dependent. There was also the human resources mentality. And that means that the staff of the organization was, was just making. The decision makers say they would not contribute in making decisions or are having anything to say at all that there was just labor, work. And so a number of thinkers like Deming Shewhart began to see that scientific management just doesn't do the job. 7. ISO 9001 Definition : So ISO was mentioned multiple times throughout this course. And the title of this course, it says ISO 9000 one, but we haven't really talked about it. So first of all, I saw, which stands for the International Organization for Standardization. Well, technically it was supposed to be i, o, fs. But of course, ISO is more catchy. So ISO is an independent, independent non-governmental organization which has a 165 members with the goal of sharing knowledge and developing voluntary consensus based. When we say consensus based consensus means general agreement. So consensus based market, relevant international standards that support innovation and provide solutions to global challenges. So basically, ISO is the glue that holds organizations together. And ISO 9000, one is one of many international standards. It is Govind Rameau, the chair of subcommittee of ISO 9,001, the 2015 edition, Who said that ISO 9000 1, 2015 is not a giant scary monster. It is a common sense approach to run in any organization and the requirements outlined in the standards are fundamental to any business. So basically, the ISO 9000 one is making sure that organization around the world are following the same line in quality management. Now, this is a history, a history for quality standards. Around the 1960s, The US Department of Defense game with the defense standards, which is also known as the milk you 9858. Now, in the early seventies, the British standard game through in of course, different issues throughout the years. And now, in 1987, the first edition of ISO 9000 one came through, which of course gave birth to the ISO 9000 family or ISO 9000 series. Of course, in 1994, there was the addition or the 1994 edition and in 2000 and then in 2008, then finally in 2015. And of course, it's addition. It's just an update or an improvement to the edition before it. Now with the 2000 edition of ISO 9,001, game improved consistency with traceability and enhance customer focus. So now we're focusing more on the customer. And you've got focused leadership. We've got now the term of leadership is being used more than before and the involvement of people. So now the employees of an organization, or just not an unknown employees who do the labeled work. But also they, they come up with ideas. And of course, the system approach to management. Continual improvement, as we said, as we said, I think in the first video or the first lesson, quality management is not an event. It is a continual, it is a continuous event that happens over and over again, and a factual approach to decision making. And finally, a mutually beneficial supplier relationships. Now this is a document I downloaded from advisor up.com showing the difference between the 2008 and the 2015 edition. Now, as we update or as we improve, in addition, it has to be aligned. It has to be compliant with other other management system standards. As I said, that as I said, the ISO 9000 one is one of many, many management system standards. So the last edition of ISO 9000 1, which is of course the 2015 edition, is now compliant, aligned or is now is not compatible with the ISO, ISO 20 thousand, which is the service management and the ISO 2222301, which is the business continuity management standard, ISO 14,001, which is the environmental management standards. And finally the ISO 20000 and one which is the Information Security Management. Now, in here you'll see the difference between the 200820152015 revision or addition. So for the 2008, we've got eight principles, eight clauses, six mandatory procedures, and 26 mandatory rock records. As for the 2015 edition, we've got seven principles. We've got glosses. And of course we're going to talk about these principles and these clauses in the next videos of starting from the next video, we've got six mandatory that documents, which are now not necessarily procedures, and we still got 26 mandatory records. 8. The 7 Quality Management Principles: The ISO 9000 family contains an individual standard mean, ISO nine thousand, two thousand, fifteen, Quality Management Systems, Fundamentals and vocabulary. You can purchase this using this link right here, using the ISO website, the official ISO website. This, this book. So ISO 9000 lays down the vocabulary and fundamentals of the quality management system. And it explains the seven principles that we've talked about in the previous, in the previous lesson or the previous video. So the seven quality management principles, our first customer focus, then leadership, then the engagement of people, then the process approach than improvement, then evidence-based decision making. And last, the relationship management. We're going to go through each and every one of these. Each and every one of these from the next video. Now, one thing I want to mention here that I made this video after I finished the, finished talking about the seven quality management principles. And the reason for this is that I realized that I made a mistake, a simple mistake that doesn't really affect the basis of the course. So you will see that I, I, I, I was talking about ISO 9000 one when I'm talking about the one, I'm talking about the principles. So what I really need is ISO 9000, ISO 9,001. So because, because ISO 9000 is the standard that explains the principles, ISO my 1000 one explains the clauses which of course will not talk about in later videos. So you will see that I will, I will write, I'll write it down as per ISO 9000 one. So what I mean is ISO 9000, ISO 9000 one. It's a simple mistake for this reason, I didn't want to remake all the videos. It's a simple mistake that doesn't really affect the course or the basis of the course. So I my apologies in advance for that. 9. Customer Focus: So let's start off with the first quality management principle, which is customer focus. Now, we've already said that the primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations. And this is, of course, according to ISO 9000 one. And you can see how important the customer is. And also according to ISO 9000, one, understanding current and future needs of customers and other interested parties contributes to sustained success of an organization. So the satisfaction of customers and other, other relevant bodies is the key to maintaining success of the organization. To do so, there are a few steps or actions to take. Now, we can start off first by recognizing direct and indirect customers as those who receive value from the organization. And then we can understand customers current and future needs and expectations. So you need to know, you must know what the customer wants and needs. You can do so by simply asking people or by doing a ball, some kind of a poll. And I'm pretty sure this is, this is a political poll which has nothing to do with what we're dealing with here. But you get the point. Or you can simply fill up a room with people, with people with different ages and different cultures and simply ask them questions as to what they think the product or service or a service should be. Now, once done that you can or you should communicate, communicate customer needs and expectations throughout the organization. In other words, you need to analyze what the customer wants and needs. Now, once done that, you should link the organization's objective to customer needs and expectations. And you should plan, design, develop, reduced, deliver, and support goods and services to meet customer needs and expectations. So in other words, customer needs and expectations should be written on a board or something. Because sometimes when working on a project, you get, you get carried away with small details that you forget what the main purpose is. So you would need the, always need to remember what the customer needs and expects. And then you must actively manage relationships with customers to achieve sustained success. We're talking after the product or the service has been delivered, then you should measure and monitor customer satisfaction and take appropriate action. So you need to see if the customer is satisfied or not and then take appropriate actions. And then you should determine and take actions on intrested body's needs and expectations that can that can affect customer satisfaction. So we're not only talking about the customers or clients here, multiple talking about anyone who's, who's, who's related or linked to the product or service, or who's, who's who has a value to the product or the surface or the service, like the donors, for example. Now, once you've done that, you will notice an increase in customer value. You will notice increase in customer satisfaction, improvement in customer loyalty. And this enhances the rip in reputation of the organization. It also, there was also an expansion of the customer base. You will know what is customers are increasing. You will also notice that there is an increase in revenue in market share. And this is of course, because of the expansion of the customer base. 10. Leadership: So the second quality management principle is leadership. And leadership is the process by which leaders help themselves and others to do the right things within a given framework. So basically, leaders do things that others just don't like. Setting a clear strategy or building an inspiring vision or creating something new. So basically, leadership is about mapping out where you need to go to when as a team or an organization. Now, there are a few steps or actions to take to maintain good leadership. Like first of all, you need to, we need to communicate the organization's mission, vision, strategy, policies, and processes throughout the organization. In other words, you need to sit down and analyze what the organization is going for or aiming for. We also need to create and sustain shared values, fairness and ethical models for behavior at all levels of the organization. We need to also establish a culture of trust and integrity. And we also need to encourage and to encourage an organization wide commitment to quality. So in other words, from the door man to the CEO, everyone needs to be committed to quality. We also should ensure that leaders at all levels are positive examples to people in the organization. In other words, we don't need someone sending, sending out positive. I'm sorry, we don't need someone sending out negative vibes, but we need someone sending out positive vibes. When we say positive vibes, we're talking about pushing the team to their limit. And so the leaders need to be made to be a role example or, or a role model. Now, we should also provide people with the required resources, training, and authority to act with accountability. And we need to inspire, encourage, and recognize people's contribution. Of course, this is a little bit pointed more to do the involvement of people, but it still, but it's still the job of the leader. Now, once we've done that, once we maintain a good leadership, we will get an increased effectiveness and efficiency in meeting the organization's quality objective. And we will get better coordination of the organization's processes. We will also get improved communication between levels and functions of the organization. And we will get development and improvement of the capability of the organization and its people to deliver desired results. 11. Involvement of People: The third quality management principle is the engagement of people. Engaging people means that people should be fully involved. It means that they are committed to their organizations goals and values and they are willing to contribute to that organization's success. Forget about, forget about the old model where the CEO or the owner or whoever it is at the top, management gives the order and anybody else in the organization does the work, not now, everyone is involved. Everyone gives their idea. Now for this principle to be efficient, people, people should be rewarded and recognized and their abilities should be beneficial and valued at the organization and they should be accountable. They also should participate in the continuous improvement and they also should evaluate the individual performance. Knowledge, sharing knowledge and ideas is also necessary for the organizational success. This is why brainstorming meetings are created. Now, this will of course improve or this would motivate the people to achieve their organization quality objectives. It will also enhance the involvement of people in improvement activities. And it will of course, make people or help people take appropriate actions. In other words, it will enhance personal development initiatives and creativity, and also it will enhance people's satisfaction. It will also enhance or improve internal relations within the organization. So we've got enhance trust and collaboration throughout the organization. Of course, this will, again, all, this will also increase the attention to shared values and culture throughout the organization. Now when we say shared values, shared values are identified by which an organization is known throughout its business area. 12. Process Approach: So the fourth principle is known as the process approach. So first of all, what is a process? A process is a set or a series of actions or activities which are interrelated, which are carried out in order to achieve a particular result. Basically, a process is any activity that turns in input element into an output element. Now, inputs and outputs could be, could be virtual or physical. When we say physical, it means anything you can physically touch. Like like, I don't know, anything like like a phone, like food, jewelry or anything. Or it could be virtual. Virtual could be, could be like information and data or, or like a doctor's advice, for example. Now, as I said, a process is any activity that turns input element into output elements. Of course, based on your resources and resources, Could be, could be the employees or materials or, or the cash in your organization. Now we know what a process is. Now, process approach is a management strategy that incorporates the PDCA cycle or the plan, do, check, act cycle and risk-based thinking. And of course, we're going to talk more about the PDCA and we're going to talk more about risk-based think and later in this video. So that means that these processes, that processes are managed and controlled. In other words, the organization must monitor, measure, and use related performance indicators determined effective operations and controls. Now, as I said, the process approach incorporates the PDCA cycle. So what is a PDCA cycle? Well, first of all, it's a series of events. It's a series, it's a cycle of events. So first of all, we've got planning on plan, which means scheduling, scheduling, or all preparing for the improvement or preparation of the improvement project. This is where you ask, what is the goal here? What do you want to improve and what's preventing you from, what's preventing you right now from achieving that improvement or from achieving that goal. So you need to identify the problem and plan. You need to observe and analyze, and you need to define the corrective actions. And then we've got the do step or the D, which is of course the execution. So this is where the implement, this is where the implementation of the improvement project happens. This is where you ask, what actions could you take right now? So now we're taking actions and we're conducting the improvement. After that, you need to check you need to verify the results of those actions taken. So you're asking, Did it work after that? Of course, you're going to need to act. So if it worked, great, we're going to do it again. So now you're going to make that improvement in everyday task or operation. If not, if it did not work, if it did not work, you're going to need another solution. So now we need to come up with another solution. Now taking actions according to, according to ISO 9000, one requires risk-based thinking and risk-based thinking is an extension of preventive action. It requires the organization to determine risks, to processes and of course, the quality management activities. Now, the thing with risk is that there would be, there could be positive risk or negative risks. Of course, positive risks would give us an opportunity and negative risk would create an issue. So our Q DOMS, or quality management system, requires careful planning structure, and continuous optimization. The key to this is that you need to ensure that your stakeholders are engaged and you're on. Your employees must always be looking for opportunities to meet customer requirements and enhance customer satisfaction. 13. Improvement: The fifth quality management principle is improvement. Now in the 2008 revision, this was the sixth, this was the sixth principle and it was known as continuous improvement. Anyway. As according to ISO, successful organizations have an ongoing focus on improvement, which means to have a successful organization, the organization must have a focus and ongoing focus on improvement, which means the improvement never ends. Now, the organization is required to determine opportunities, opportunities for improvement, and it needs to plan and implement the necessary actions in order to achieve the intended results or desired results, the organization also an always needs to enhance customer satisfaction. Now, improvement comes in different forms. We can talk about the improving products and services in order to meet customer requirements and enhance customer satisfaction. We could also talk about correcting, preventing, and reducing undesired effects. Sometimes the lack of qualification in a workplace may lead to non-conformity. So you need to ask which activity is not performed well and why, and what kind of training may help personnel, which means the employees to do their job better. Now, we can also talk about improvement, improving the performance of the QRS or the quality management system, which basically means improving the ability of processes to achieve intended or desired results and thus the achievement of the equality objectives. Now performance of the CU MS needs to be monitored, measured, and evaluated through many quality tools and methods suggested, of course, by the standard, we can name Six Sigma and bench marking and the total quality management. We can also talk about improving the effectiveness of the CU MS or the quality management system. When we say effectiveness, we're talking about the effectiveness of the planning of the CU MS, which means implementing the implementation of processes and operations. We can all this. Effectiveness also means the effectiveness of processes and activities and the effectiveness of performance of external providers, which basically means the suppliers and their ability to deliver products and services in accordance with predefined requirements. Now, according to the standard, there are a few steps or actions to take. Now, I want to, I want to mention here, and you have to excuse me before, in the previous lessons, I did not mention that these actions are proposed by the standard I proposed by ISO 9000 won the 2015 revision. What anyway? As I was saying, to maintain ongoing focus on improvement, we can establish improvement objectives at all levels of the organization, from the top management, from the founders or all the leaders to every other employee within the organization. We could educate or we should educate and train people at all levels on how to apply basic tools and methodologies to achieve improvement objective, objectives. And we should ensure that people are competent to successfully promote and complete improvement projects, which had also track, review and other deep planning implementation completion and results of improvement projects which are also integrate improvement considerations into the development of new or modified goods, services and processes. Now, according to the standard, this will result in improved process performance, the organizational capability, capabilities, and of course, customer satisfaction. It should also enhance focus on root causes and investigation and determination, which means why did something go wrong or something go wrong? Which of course is followed by prevention and corrective actions. Of course, prevention before something went wrong and corrective actions are after something went wrong. It will also enhance the ability to anticipate and react to internal and external risks and opportunities and enhance that consideration of both incremental and break-through improvement. It will also improve, improve the use of learning for improvement, and it will enhance the drive for innovation. 14. Evidence Based Decision Making: The sixth quality management principle is evidence based decision making. And just like the name or the title suggests, it's about making decisions based on evidence or data or, or inflammation, which of course, is more likely to produce desired results or outcome. Now, when we see evidence or data or inflammation, so evidence can be in three forms. We've got contextual evidence, which is basically a collection of measurable factors in the organization, like school records or maybe Hospital data. We've also got exponential evidence, which is of course data gathered from experience and expertise. And we've got best available research evidence, which is information or data that enables researchers or practitioners to determine whether or not the activity or inactivity is achieving the desired outcome or results. Now, we can say that there are three stages into making decisions based on evidence. The first stage is, of course, gathering the evidence is looking for the evidence. So we're first seeking out for the best available research evidence and we're collecting contextual information on factors are important to making the decision then would Roman upon the expertise and knowledge of others. So we're basically just collecting the evidence or the data or the information. And second, we interpret the evidence, we analyze the data or all of the evidence or the information. And we're considering the strength. How strong is the research evidence? And we explore the experience preferences and values of, of, of, of course others. And last, now we're going to take action. Now we're going to apply what we learned from the evidence. So now we're making decisions and now we're taking actions. Now of course, ISO or V 2015 revision proposes a few steps or few actions to take. We can name a few, like determining on measuring and monitoring the key indicators to demonstrate the organization's performance. When we say key indicators, like financials, for example. And we want to make all data needed available to the relevant people, likely leaders in the organization. And of course, we need to ensure that data and information are sufficiently accurate, reliable, and of course, secure. And then we analyze and evaluate data and information using suitable methods. And of course, that evaluation needs to be done by people who aren't competent. And then we need to make decisions and take actions based on those evidence. And this is basically what we just talked about. Now, the standard, of course, expects a few benefits like the, like improving decision-making processes and improving, improving the assessment of process performance and the ability to achieve objectives. And of course, improving the operational effectiveness and efficiency and the ability to review, challenge, and change opinions and decisions. And of course, the increase this will increase the ability to demonstrate the effectiveness of bears decisions. 15. Relationship Management: Relationship management is the seventh and final quality management principle. So we know that today's organizations do not work isolated. They need to manage their relationships. And effective relationships will allow business partners to leverage each other's resources and learn from each other. So what the organization needs to do is that it needs to manage their relationship with needs to maintain relationships with interested parties. Now of course, when we say interested bodies were talking about the suppliers, contractors, partners, customers, investors, employees, or society as a whole. Now to really excel at relationship management, sometimes when a problem occurs, you need to step back from the problem. You need to stop blaming the ones, the ones responsible for the problem. And you need to stop pointing fingers. And instead, you need to keep the customer in the focus. And also you need to ask how does the issue affect them when we say them, we're talking about the customer here and what do you all stand to lose if the customers needs are not met? So you need to step back from the problem and focus on the customer instead. And also to really excel in relationship management, you should focus on trust. We can name, we can come up with the example of McDonald's in Obama. Companies. They had been working for years now without any contract. So they need to maintain a long term relationship with loyalty and trust. And that's what happened with McDonald's and Burma. They have, they mean to us and they maintain a relationship based on trust and loyalty. So in a, basically, you need to focus on trust. Now of course, the standard or ISO 9000, one, of course proposes a few steps or actions to take. Like of course, knowing your interested bodies, the ones that we talked about earlier, earlier. We need to also determine and prioritize these interests at the interested party relationships that need to be managed. And you need to share information, expertise, and resources with relevant interested bodies. And you need to measure performance and provide performance feedback to those interested bodies. You also need to establish collaborative development and improvement activities with suppliers, partners, and other interested parties. And the standard also encourages and recognize tells, tells you is that you should encourage and recognize improvements and achievements by suppliers and partners. Of course, the standards expects that the, that by doing so, this will enhance the performance of the organization and its interested bodies. It will also create a common understanding of goals and values among, among interested bodies. As well as increasing the capability to create value for interested bodies by sharing resources and competence and managing quantity related risks, and also by maintaining good relationships, a well managed supply chain will be created and that would provide a stable flow of goods and of course, services. 16. The 10 Clauses of ISO 9001 2015 Intro: We just finished talking about the seven principles of the quality management system. Now we're going to talk about the 10 clauses of ISO 9000 one. So which are these 10 clusters are presented in the ISO 9000 one to 2015 revision, which of course you can purchase using this link right here in the official website of ISO. Now, I don't want you to think of the principles and the glosses as different things as they both serve the same thing, which is of course the effectiveness, the n and effective and they successful quality management system. Think of the glosses of a more detailed steps or actions that the organization should take. So ISO 9000 one defines the requirements that an organization has to meet to gain the certification. And of course, it contains these 10 glasses. And you will see, you will see that most of these clauses that we've talked about, most of these clauses in the seven principles like leadership for example, we've already seen leadership in the, in the, in the principles and we've seen improvement in the principal. So you'll see, you'll see that a lot of things that we've seen in the principles are, are, are, are again, again repeated in the clauses, but just in the, in more detail. So we're gonna go through each, each, each one of these, if these, of these clauses. But for now, let's take a general look of these clauses. So the standard suggests that the organization is required to understand its context and it is required to determine the needs and expectations of interested bodies, of anyone involved, like customers and donors and so on. And this is basically glass for now. Once these are documented, we move on to planning the quality management system, which is of course, the gloss ON clause number six, which is basically about determining the risks and opportunities and quality on determining quality, quality objectives and of course, blending the changes. Now, once we have blending, we move on to support AND operation, which is respectively plus 7 and 8. Support is basically about providing resources, raising awareness and communication. Operation is basically about designing and development or production. Now the thing we support AND operation is that support is considered to be in the plan phase AND operation is considered or the secant to be in the Do phase. Now, move on to performance evaluation, which is of course basically, which is of course basically the check phase. And this is of course, the glass number nine. And performance evaluation is of course about analysis and evaluation, internal audit and management review. Now, once done that, we move on to the act step is about improving and I'm sorry, which is about improvement. And this is of course glass number 10. And of course, improvement is basically about corrective actions in the case of non-conformity and of course, continual improvement. So this is a never ending cycle. And of course, all of this is supported by liters or top management and their full involvement, which is basically glass 5. And of course, with that, this, this will, will provide all this will of course, reached customer satisfaction. And of course, this will provide products and services. 17. Clause1 Scope: All right, so the first clause of the standard is scope. Now before we dive into that, we have to mention here that the first three glasses are more like informational glasses, which do not include any kind of actions or activities that the organization must do. So it's just like basic information. Now, the first gloss, as I said, is scope, which is kind of like an introduction to the standard. Now, scope of the UMLS, or scope of the quality management system, means identifying the goals and purposes of the standard. Of course, we are talking about the offer. Of course we're talking about ISO 9000 won the 2015 edition or revision. So we're basically asking what is the purpose of a CU MS or the quality management system on and how maybe how may the Q and S reached its purpose or its goals. It also means identifying customer requirements. And while identifying customer requirements, the organization must consider regulatory or secretory requirements. In other words, we're talking about, we're talking about here the legal requirements. And we're also talking about the applicability of the standard requirements. Now, all the requirements of the standard are intended to be applicable to any organization regardless of its type or size or the products and services it's providing. 18. Clause 2 3 noormative references terms and def: So gloss to is normative references. And normative references simply means any other documents which are referenced within the management system standard in our gaze, in the case of ISO 9000 won the 2015 revision. Lot of references are made to ISO 9000 2015 Quality Management Systems, Fundamentals and vocabulary, which is of course, what the, what gloss 3 is all about. Gloss three is of course, terms and definitions. And I have included a PDF within this video in which you will see a few definitions which I, which I, which I've taken from the document. Now it's not mandatory to purchase this document with the ISO 9000 won the 2015 revision. So as I said, it's not mandatory to purchase this document along the standard. And so therefore, information we're talking about concepts, principles and definitions should be understood and applied as the fight or explained in ISO 9 thousand fundamentals and vocabulary. Of course, we're talking about the document would just saw. And it is possible that such information may be, may have different meaning or interpretation in some industries, regulatory or business context. 19. 4.1. Understanding the Organization and Its Context : Gloss four of the standard is the context of the organization. And claws for is divided into four subclasses. The first one is understanding the organization and its contexts. So what is context? Well, context refers to many factors. We can name vision, mission, or goals, or financial constraints, or products or supply chain, or geographical location, or customer expectations and of course, requirements. So this is basically what contexts is. Now this gloss or this subclass, requires the organization to determine all internal and external issues that may be relevant to the achievement of the objectives of the QRS or the quality management system. So what is internal and external issues? Well, internal issues, or we can name some examples of internal issues like employee engagement and our employees may be happy. And of course, training and development skills and competence, physical resources, as well as of course, the technology and equipment. Of course, we can name management methodology, policies, and mission values, suppliers and partner management. As for external issues, we can name government regulations and changes in the law, which is considered as a legal aspects. We can name the organizations, competition, the competitors of the organization. And this is of course, a market aspect. We can name the events that may affect corporate image. The changes in technology. As we know, every day, technology changes by the hour. We can name share holders, political influences, environmental considerations with now, with now the global warming rising, all the global warming issue rising. Now of course, this is not all the internal and external issues. Of course, this is just some examples. Now, after that, the organization is required to identify internal and external parties and their needs. And this is basically some blogs for 0.2. So with this, we're going to talk about, we're going to talk about this in the next video. After that, the organization may I'm saying May because it's not mandatory. So the organization could document the context of the organization. The standard does not require the organization to document this information, but this would be helpful. Documenting the information could be helpful or would be helpful, but it's not mandatory. After that, the organization needs to monitor and review all that information. Now, as for auditing, the auditor is required to make interviews with top management. As you can guess, all the issues, the internal or external issues change all the time. So we need interviews with top management which will, which of course, the top management will present dated, updated information to the auditor. And the auditor get good document the information and good use. The swot analysis is a great tool agreed to or great way for establishing internal and external contacts is of course, swot analysis. Swot analysis means, means strengths, weaknesses, opportunities, and threats. Strengths, strengths. We can name an example for a strength like innovation or reputation. Weaknesses could be cashflow or the age of the organization. And opportunities could be technological advances and threats, could be political interventions. The auditor could also use the PESTEL analysis, which means political, economic, social, logical, technological, legal, and environmental. 20. 4.2. Understanding the Needs and Expectations of Interested Parties : Subclass two of the context of the organization is understanding the needs and expectations of interested bodies. So the organization is required to identify these interested party who are relevant to the CU MS or the quality management system. So who are these intrested bodies? Well, we're talking about anyone who is affected by what the organization does, like customers, employees, suppliers, corporate partners, owners or shareholders, insurance society, service providers, competitors, government believes even the fire brigade and anyone, just anyone who has an impact on this business or the, or the organization. So these bodies add direct value to your organization and they're affected by the activities within the organization. So it's important to identify their requirements or their needs and expectations. So the organization is required to determine the requirements of its interested bodies. Now, if you, if you have identified internal and external issues, identifying, identifying your interests or the interests bodies would be real easy. And then the organization could, again, I'm saying good because it's not mandatory. So the organization could document that information and then the organization is required to monitor and review that information. Of course, we're talking about the internal and external issues and the, the interested bodies and their requirements. So what are the requirements? What do we mean by the requirements of these interested parties? Well, you could identify the requirements of your interested parties by asking a few questions like, what are their terms and conditions? So what terms and conditions these interested parties have or when will I be paid? So we're talking about money and have we got effective communication. So if the communication between you and these interested parties, is it good or not? What information do I need and when can they give it to me? Are they above board and are they compliant with the applicable requirements? So asking this question with easily identify with easily identify the requirements of interested parties. As for auditing, the auditor could always conduct interviews with top management and review any documents available so they could see so the auditor could see whether or not the organization is keeping up with the requirements of IS of its interested parties. 21. 4.3. Determining the Scope of the QMS: So the third subclass of gloss for is determining the scope of the quality management system or CU MS. So what do we mean by the scope? Well, the scope means the physical or geographical site within which your operations take place and the products or services, of course, included in the queue or mass or the quality management system. Also the relevant parties and any areas which you have determined to be not applicable. So what does that mean? It means that the organization must consider the external and internal issues referred in 4.1 or the sub clause, or the first sub clause that we talked about earlier in earlier videos. And the organization must identify the requirements of the interested parties in the, in the last video or the previous video or in the subclass 4.2. And the organization must consider the products and services it provides. Now according to ISO 9000 1, 2015 revision, all requirements are applicable regardless of the size and the products and the products or services the organization is providing. And if a requirement cannot be applied, it must not affect the ability to provide conforming product and it has to be justified. And this is about, and this is what the last sentence is all about in here. So it says any areas which you have determined to be not applicable because sometimes sometimes exclusions can be made and one requirement cannot be applied. Let's take the example of a bookstore that sells newspapers. Now we all know that the bookstore does not produce these news paper, but rather buys them from an external provider. And so that requirement can be excluded in a condition that that exclusion should be justified. Why justified? So that the auditor can review that justification. And this is this is what auditing is all about in the subclass. So first, the auditor has to review the quality management system documents. Now the Quality Management System scope has to be documented so you MS. scope should be maintained as documented information. Now and after that, the auditor has to review the justification of the requirements considered not applicable. So in the case of some requirement being not applicable, the auditor has to review the justification provided by the organization. 22. 4.4. Quality Management System and its Processes: The fourth subclass of gloss for is quality management system and its processes. Now, we have already seen what a process is when we were talking about the quality management principles. So basically, the process is what turns in input element into an output element. Now, according to the standard or according to the ISO 9000 won the 2015 revision. The organization needs to, needs to establish, implement, maintain, and continually improve the CU MS or the quality management system, including the processes needed and their interactions in accordance with the requirements of this international standard, meaning ISO 9000 1 2015 religion. And this is, of course taken from the standard itself. So according to the standard, the organization must determine or identify inputs required in the outputs expected from the quality management processes. Let's take the example of electronic components, which are, which are considered input elements, and then they are turned into output element, which is the laptop, as you can see in here. And as you can guess, there are a number of examples of inputs and outputs. Now, the organization shall also determined the sequence and interaction of these processes. Sometimes the output of a process, the output of one process is actually the input of another process. So it is a sequence or a series of processes, or is a series of events that are interrelated. So that's why we say the sequence and interaction of these processes. Of course, the organization must also determine the criteria and methods, including measurements and related performance indicators needed to ensure the effectiveness of the operation and control. Performance indicator can be in the form of maybe the revenue or employee engagement. And odd employees may be happy or our employees dedicated to our CU MS or quality management system. And we can also name the efficiency of those processes. So the performance indicator can be in different forms. The organization must also assign responsibilities and authorities for those processes. In other words, we need to assign roles or jobs for the right people, people who are responsible for a process, or often called process owners. The organization must also determine or identify or address risks and opportunities by planning and implementing appropriate actions. And we're going to talk more about this in later videos. Now the organization must also maintain documented information that could change all that are up or that are subject to revision, like procedures, guidelines, softwares or manuals. And it must also retain unchanged, documented information to make sure that the processes are carried out as planned. Now, as for auditing, the other must identify the quality management system processes and their interaction. The other must also identify the inputs and outputs of those processes. And of course, all of this is provided by the organization. And they also, when I'm talking about the auditor, of course, the auditor must identify or determine the responsibilities and authorities provided by the organization, as well as risk is an opportunities criteria and methods and documented information, whether we're maintaining, maintaining them or retaining them. 23. 5.1. Leadership and Commitment: With this lesson, we start talking about the fifth gloss, which is leadership. Leadership is divided into two subclasses. The first one is leadership and commitment. Now, each of these subclasses are divided in turn into other subclasses. Leadership and commitment has do other subclasses. The first one is general, so five pi bond 1.1 is general. So the requirement or I'm sorry, the standard. So ISO 9000 1, 2015 requires the top management to be much more hands-on with respect to their QRS or the quality management system. Meaning that the top management should be fully involved with implementing the quality management system or all with implementing the standard. Now, how to do that? How does the organization can be more involved? Well, first of all, the organization or the top management of the top management must take accountability for the effectiveness of their organizations, CU MS, or quality management system. In other words, the success or the not, the unsuccessful of the quality management system falls the responsibility of Vk. Success of the quality management system falls on the shoulders of the, of the top management. So it's their responsibility. Now, the top management should also must, also not sure. It must ensure that their organizations quality, policy, and objectives are consistent with their organization's strategic direction and their contexts. We're going to talk more about qualitative policy in the next video. Now, the, the top management must work alongside their people in the organization in order to ensure that the quality objectives are achieved. And it must ensure that the quality policy is communicated, understood, and applied across the organization. The top management must also promote process approach and risk-based thinking. And how important the process approach and risk-based thinking is so that people are more dedicated to the CU MS. The top management must make sure that the quality management system is achieving the intended results. And it has to, it has to lead people to contribute to the effective effectiveness of the effectiveness of the system or to the effective operation of the system. It must also drive continual improvement and innovation and develop leadership in their managers. What that means is that sometimes implementing the QRS or the quality management system does not happen over the whole organization, but, but is implemented over a part of the organization. And therefore, the top management is responsible for developing leadership in the managers, in the manager's for that part of the for that part of the organization so that NICU MS is implemented effectively on, in an effective way. It must also provide resources for the CU MS. Resources can be, of course, people, people, equipment, or maybe cash. Now as for auditing this requirement, the auditor must ensure that the top management is fully involved with the implementation. They're of equal quality management system. The auditor must conduct interviews with top management. Conducting interviews is always a great way to understand what's really happening within the organization. So the auditor must conduct interviews with top management and they must communicate. The auditor must communicate with personnel while, of course, personnel within the organization, while while making the auditing or while auditing, the auditor must also review any documented information. The second part of leadership and commitment is customer focus. We know that the primary focus of ISO 9000 one is of course, customer satisfaction. So the top management shall demonstrate leadership and commitment to customer focus. How should, how could it do that? Well, the top management must, must, must determine must all must ensure that customer requirements and applicable, statutory or regulatory, in other words, legal. So and applicable legal requirements are determined and met. So in other words, in other words, if the top management must know the law and must also know its customer expectations and requirements. The, the top management must addressed the risks and opportunities that can affect conformity of products and services. In other words, in other words, to know the risks, the, the top management could ask what can go wrong with your product or service or, or to identify or to address opportunities. The top management could ask the top linens could ask what doors could open with our products or services. The top management must also ensure that the organization is focusing on constantly providing products and services that meet customer and applicable so authority or regulatory. Again, this is legal requirements and so legal requirements is maintained and the top management must also ensure that the organization is focusing on enhancing customer satisfaction and customer satisfaction is maintained. And so if you really think about it, this is just, this isn't rocket science. I mean, it's all, it all makes sense, but we don't want we don't want to make a product or service that the customer is not happy with. Now, as for auditing this requirement, the auditor could could conduct interviews with top management. As I said, conducting interviews is always a great way to understanding what's happening within the organization. So the auditor must conduct interviews with top management and the auditor must review any documented information and the other must also ensure customer satisfaction. He could do that by looking at customer reviews. I need customers are always leaving reviews just like you leave a review on this, on this course is like the same thing. So the auditor take a look at those reviews through Internet or newspaper or any other or any other source. The auditor must also ensure that the legal requirements are met. 24. 5.2. Policy: Subclass 2 of leadership is policy. And just like leadership and commitment, policy is also divided into two parts or two subclasses. The first one is developing the quality policy, or in other words, writing the quality policy. Now, what is quality policy? Quality policy is a brief statement that is documented and it contains the direction and intentions of your organization with respect to quality. Now, the standard requires the top management to establish or write a quality policy that is appropriate to the purpose and of course, the context of the organization. In other words, the top management must write a quality policy that reflects the business size and products and of course, Services. The top management shop establish a quality policy that provides a framework for setting quantity objectives. In other words, if you're the top management, you will ask, how will you decide what you're going to achieve and how. Now you're also, if you're the top management, you're also required to establish a quality policy that includes a commitment to satisfy applicable requirements, whether it's legal requirements or the customer requirements, basically, you need to do right, a quality policy that is in line with the standard or ISO 9000 1, 2015 revision. The top management or you in our example. So the top management shall establish a quality policy that includes a commitment to continual improvement of the quality management system or the CU MS. The second part, or the second subclass of policy is communicating the quality policy. Now, the quality policy should be available as a documented information. So it must be documented and it must be communicated, understood, and applied within the organization. In other words, everyone within your organization needs to be aware of the quality policy. The quality policy should also be available to interested bodies, interested parties like clients, suppliers, manufacturers, or staff. You could do that by publishing the quality policy document on your organization's website. Now, as for auditing this requirement, I think now it's obvious to this point that auditing is basically making sure that the requirements are met. So I think we'll just basically repeating the requirements. The auditor needs to review the quality policy documents. So as I as I said, the quality policy needs to be a documented information and so the auditor needs to review those document or that document. The rudder is to ensure that the quality policy is communicated, understood, and applied throughout the whole organization. Meaning that everyone involved needs to be aware of the, of the quality policy. And again, conducting interviews will always help. Auditor needs to ensure that the quality policy is available to intrested bodies. In other words, they could, of course, the auditor could take a look at the ethnic website and take a look if the weather, if the quality policy is if is available for interested parties or not, the auditor also needs to ensure that the quality policy is review with from time to time by the top management and if needed, is revised. Of course, I'm talking about the quality policy. So if needed, the quality policy would be revised or a change when when this when it's needed. 25. 5.3. Organizational roles, responsibilities and authorities: The third subclass of leadership is organizational roles, responsibilities, and authorities. So the top management is required to assign the responsibility and authority within the organization, basically allocating responsibilities and making job descriptions across the organization to maintain the quality management system. So to basically to ensure that the quality management system conforms to the requirements of our standard, or R, or ISO 9000 1. And to make sure that the processes are delivering their intended outputs, basically making sure what's supposed to happen is actually happening. And to make sure the promotion of customer focus within the organization. And also to report on the performance of the quality management system, on opportunities for improvement and the need for change or innovation, and especially for reporting to top management. So the top management, of course, we'll assign the most part of the responsibility and authority. Basically, remember to basically keep reminding the personnel to update the system as and when the organization changes how it works. Now, as for the auditing, this requirement, the auditor needs, of course, to conduct interviews with personnel within the organization to make sure that everyone understands their responsibilities and authorities. The auditor will also review the if there is documented information the auditor would review or should we view those documented information like the reports sent to the top management? 26. 6.1. Actions to Address Risks and Opportunities: With this lesson, we start talking about clause six of the standard, which is of course, planning. Planning is divided into three other subclasses. The first one, which we're going to talk about now is actions to address risks and opportunities. So according to the standard, the organization is required to determine the risks and opportunities that need to be addressed in order to give assurance that require management system can achieve its intended results. And to prevent or reduce undesired effects, and also to achieve continual improvement. Now, as you can see, the standard does not specify exactly what actions should the organization take. So now, when we talk about, when we talk about addressing or identifying the risks, were talking about risk management and to effectively achieve risk management. So there are a few steps that the few actions that the organization could take. The first one is avoiding the risk. Take the example of a construction company that shuts down its construction site due to weather condition. So that's avoiding the risk. The organization could also take the risk, just like gamblers. Gamblers take the of either losing everything or winning everything, the organization could also eliminate the risk. Take the example of maybe when there is a task or a job that could be done on the ground. Well, we could do it on the ground instead of doing it at a height. So that's eliminating the risk. The organization could share the risk. So sharing the risk with others, like partners or the insurance company or the organization could do nothing. Because sometimes doing nothing costs. Doing nothing about the risk costs less than actually taking action. The organization could also use a few tools or few methods for risk analysis and risk management. Take the example of the FMEA, or failure mode and effects analysis, or the fishbone analysis or V or the fishbone diagram or or also known as the cause effect diagram, and the FTA or the fault tree analysis, or the ETA, or the event tree analysis, or the Pareto analysis, also known as the Pareto chart or the Pareto diagram. Now we've been talking about how to identify risk, but what is risk in the first place and what is an opportunity? Well, risks is the probability of arriving at an unexpected state where requirements are not met. While opportunity is the possibility for improvement due to a favorable combination of circumstances or conditions in the quality management system. Let's take some examples. An example of an opportunity is new income stream. While a risk could be the cost to delivery. And this is, of course, financial risks and opportunities. It, an opportunity could be a broader experience for staff and organizational knowledge base and especially specialization. While a risk could be safety risks for staff or a cost of having a staff member out for a day or having a staff member susceptible to influence while on site. Of course, Isaac, as you can see, there are a number of opportunities, risks that you can take a look at. And i've, I've also included a file which, which has, which has other risks examples that you can take a look at and it is a PDF resource. Now, as for auditing this requirement, the auditor needs to review the risk management documents if there is any. So risk management documents could be in the form of risk registers, which is basically a tool, just like the tools that we've been seeing. You can take a look at a risk register example that I included or as I attach it as a PDF. Now, in the case of there is no in the case of no risk management documents, the arbiter of good conduct, interviews with top management and other personnel within the organization. And what would the auditor could take could take a look or review other documents like the market research document, strategies, document like like marketing strategies, documents, or could take a look at the document where we've got the competitor information. 27. 6.2. Quality Objectives and Planning to Achieve Them: The second subclass of gloss six is quality objectives and planning to achieve them. Now, this isn't the first time we talk about quality objectives. We've talked about quality objectives in the very beginning of this course with the smart format. So quality objectives basically should be specific, measurable, attainable, relevant, and time bound. So there is no need to read, restate all of this again. Now, according to the standard, the quality objectives shall be consistent with the quality policy. What is, what, what does this mean? Well, if we take a look at this example, this example of quality policy, quality objectives. So the, this organization, for instance, has a quality policy statement that says, we will achieve customer satisfaction. And therefore, objectives could be achieving a high level of service user satisfaction, with the key performance indicator being the number of customer complaints and a possible target of having less than two complaints submitted in that year or that or 2019. Let's take another example. We're still in the quality policy statement. It says we will respond as quickly as possible when contacted by a customer and we will work to meet agreed deadlines for all data requests. So in objective, on, an objective could be providing a responsive customer service with a key performance indicator by comparing actual request completions against the target agreed with users with a possible target off 95 percent of work requests completed within the deadline. So this is how basically we align quality policy with quality objectives. Now let's go back. So the quality objectives shall be consistent with quality policy and be measurable. So the quality objective should be measurable and quality objectives shall take into account applicable requirements were talking about customer requirements and legal requirements, the quality objectives should also be relevant to conformity of products and services and the enhancement of customer satisfaction. This could be done by taking a look at the SLA checklist or the service, the service level agreement checklist. The quality objectives should also be monitored and communicated within the organization. The quality objective shall also be updated as appropriate. So the quality objectives should always be updated according to the quality policy and according to how the organization works. Now when planning how to achieve those quality objectives, the organization shall determine what will be done, what are we trying to achieve, and what resources will be required or what resources will be needed. Cash employees and maybe contexts. Who will be responsible for each of each objectives and who will be of course, in charge or who will be in control for that particular, that particular objectives and when will it be completed and how the results, the results will be evaluated. All of this could be done or could be answered with this with a simple table like the one we've got in here. So we've got wanna take it, we'll take an example of a quality objectives like customer satisfaction survey index of more than 75 percent. And we're assigning that job to the general admin administrator, the technical manager, production and operations team, the quality assurance team. And we're sending five surveys. At a minimum of five, surveys are sent two times each year. Another example of quality objective is on-time delivery. We want more than 95 percent of our products or services to be delivered, to be delivered on time. We're assigning that to the production and operation team. And that team is required to report at least two times each year too. So that team is to report about the status of that the status of that quantity objectives and the qualitative text could be receiving inspection, also known as the income inspection, which is basically the inspection of the raw materials. So we want it to be greater than 95 percent. So more than 95 percent of the raw material needs to be in a good shape or in a good and a good state. And we're assigning that to the production and operations team. And again, that team is required to report at least two times. Two needs to report about the status of that quantity objectives at least 20 times each year. Now, as for auditing requirements, the other is to review the quality objectives documents. So obviously, the quality objectives need to be documented and written. The auditor also needs to conduct interviews with personnel and top management to ensure that everyone is on board with the quality objectives of our organization. And the auditor needs to review needs to review the objective status and where does the organization stand with completing or achieving quality objectives. 28. 6.3. Planning of changes: Subclass three of glucose-6 is blending of changes. Now, change is almost inevitable in an organization. So when there is a need for a change to the CU MS, this must be done in a planned and systematic manner. So you have to play to have to plan the change. So blending the change, or also known as change management. Now before we talk about change management, Let's talk about change first. So change include moving from one site to another or changing processes or methods used in the MS, or maybe going online. So the organization might be gone online or the change in the technology and software, or the personnel key personnel leaving, or maybe opening an office in a different location, et cetera. So there are a different type, different examples of change. Now, as for change management, the organization. So if you, if you're planning to change, that, you need to consider the purpose of the change and any potential consequences. Basically, what I why are you changing it? And what could happen when you make the change or what, what are you trying to achieve here? With that, with the change, we need to consider the integrity of the UMLS or the quality management system. Basically, you need to ensure CU MS doesn't get affected negatively. For example, something that cannot be done anymore because you change the process. So basically, what are the consequences of that change? You need to also consider the availability of resources. So what resources are required, like people, technology, or money, maybe when planning a change, we also need to consider the allocation and reallocation of responsibilities and authorities. So basically, what effects will the change have upon the staff and their roles and could the change affect other areas? Now, as for auditing this requirement, the auditor needs to review the planning of the change or also known as the change management documents if there are any. So if there are any change management documents, they need to take a look or review those documents. Or if not, if there isn't a change a change management document, the iodine is to review any other documents like the the strategy documents, plans, et cetera. The other needs to conduct interviews with personnel and top management and maybe talk about future future plans of change or, or, or history or the previous, previous, previous exchange or plans of changes. 29. 7.1.1. Resources: General: With this lesson, we begin a another clause which is support. Now gloss seven. Of course, support is divided into five other subclasses. The first one is 7.1 of course, resources. So the first subclass is resources. And resources is in turn divided into six other subclasses. The first one is of course, general, just basically general talk about the other, about the other five subclasses. So basically, the organization is required to identify, determined, and defined the required resources needed for establishing, designing, implementing, maintaining, and improving the quality management system. So what resources are we talking about? Well, these are the other 555 resources and the five other subclasses of the, of the resources. So the first one is people. So we're gonna talk about people. The second one is infrastructure and then process environment, and then monitoring, monitoring and measuring resources, and then finally, organizational knowledge. Of course, we're gonna go through each one. We're going to go through one by one, starting with the soft token, with the next video or the next lesson. 30. 7.1.2. People: So the first source that we're going to talk about is people. People or human resources or personnel, you name it. So the organization, according to the standard. So the organization is required to identify and provide the human resources or personnel needed for effective implementation, operation, and control of the quality management system and its processes. So basically, the organization is required to identify its specific requirements for certain personnel. We're talking about regulatory and business requirements, or regulatory again is legal requirements and business requirements so people need to be competent. Now the organization is also required to train its existing personnel and give them the best, the best training and also when the, when the organization of sources, in other words, higher external personnel, these personnel need to be competent, so it's pretty simple. Now, as for auditing this requirement, the auditor needs to ensure that human resources are fulfilling the needs, all of the requirements in terms of competence and also the number of the personnel. This could be done by conducting interviews with personnel and top management or simply by observing observing the personnel within the organization. The auditor also review if there are any documents regarding the Regarding the personnel, the auditor could take a look at the profiles of the personnel. Of course, the older could not good, not good, not review all of the profiles. So the big headlights, the headlights of its profile, would be sufficient. The auditor could also ensure subcontractors are competent and Twain, when we say subcontractors were talking about the people, the people, the organization with which the people which the organization outsource it. 31. 7.1.3. Infrastructure : The third type of resources according to the standard is infrastructure. So the organization is required to determine, provide, and maintain the environment necessary for the operation of its processes. We're talking about, of course, the processes of the organization and to achieve conformity of products and services. Now, when we're talking about infrastructure, we're talking about facilities or buildings. We're talking about information, communication technology. We're talking about transportation and equipment, or maybe tools. Now, as you, obviously, each organization has its own need, has its own needs of infrastructure. So this infrastructure should provide the organization with suitable conditions and accessories to perform processes and activities. As I said, each organization has its own need of infrastructure. So take the example of a health care organization that has, of course it has a need of an emergency unit, insurance, pharmacy, physicians, and maybe for a fiber-optic camera and so on. So this is for a healthcare organization. As for an IT or as an, for an IT organization. The infrastructure contains server setup, software, networking, hardware, and maybe configuration. So as you can see, it's, as I said, each organization has its own needs of infrastructure. Now, as for auditing this requirement, the auditor needs to review documents regarding infrastructure if there are any because there is no specific document is required according to the standard. Now, So as I said, if there are any documents regarding regarding infrastructure, the auditor needs to take a look at those. The auditor needs to ensure that risks and opportunities related to infrastructure are identified and the auditor needs to ensure that infrastructure is preserved or maintained. Take the example of skyscrapers in Japan, which are seismic isolated structures. So this is a system that is basically, this basically acts like a damper or something. So it, it absorbs, it absorbs the shock waves caused by, caused by earthquakes. To avoid catastrophes, the auditor needs to also ensure what kind of maintenance is performed, whether it's corrective or preventive maintenance, performance to the infrastructure and who is responsible for that maintenance? 32. 7.1.4. Environment for the Operation of Processes: The fourth subclass of resources is environment for the operation of processes. So basically, the organization is required to determine, provide, and maintain the environment necessary or needed for the operation of his processes and to achieve conformity of products and services. Now, when we talk about environment, we're talking about three types of environments. We're talking about social environment, psychological environment, and physical environment. So physical environment basically is temperature. We're talking about temperature, heat, humidity, light, airflow, hygiene or noise, of course, within the place or within the facility of the organization. Social environment is about basically the relationships between employees. So which is based on, which is, which should be based on non-discriminatory and calm relationship. So there should be communication that should be helping, healing, education and between employees. So employees have to treat each other with kindness and compassion. The third kind is psychological environment. Basically, the organization should be able to reduce stress of its employees and prevent burnout. And it should be emotionally protective so that, so that employees can be more creative and have more or reduce on being more productive. Now, as for auditing this requirement, the other needs to observe the environment. This observation is of course, based on the context of the organization. So the organization has to provide a, an environment that is in line with its context. So the auditor needs to review on is to observe that and of course takes notes. The order also needs to ensure health and security measures are taken. Take the example of the measures taken against the corona virus in order to keep everyone safe. The auditor also observe the physical factors if physical factors are taken and psychological factors and of course, social factors, which can be done by conducting interviews with employees to observe what social, what social environment or social and psychological environment is, is of course, provided. 33. 7.1.5. Monitoring and Measuring Resources: The fifth subclass of resources is monitoring and measuring the resources. So according to the standard, the organization is required to determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements. So basically, the organization needs to decide what tools it uses to measure business performance and whether these tools will give the organization everything they need as a result. Now, first of all, the organization in CEUs, suitable measuring tools, which is of course, or equipment which is of course, equipment that is used. The test and commission systems such as multimedia installation testers or maybe sound pressure level meters, et cetera. The organization has also, has, has to also calibrate or verify. So basically the equipment has to be calibrated or verified or both. Now, calibration means comparing what the instrument shows versus a reference standard. The equipment also has to be identified. Identification can be done on the equipment itself or some document that we can use, the trace the equipment. Also, the equipment has to be protected to be protected from damage or adjustments or anything that could change its calibration status. Like, I don't know, vibration or shocks. Now, as for other thing, this requirement, the auditor needs to take a look at those equipments. So I quick movement observation and the auditor must also ensure these equipments are calibrated, verified, or both. Also, the auditor has to review the documented information regarding those equipments, and they also need to ensure that personnel know how to use these equipments properly and so that they don't damage them or they don't mess with them. 34. 7.1.6. Resources: Organizational Knowledge: The sixth and last subclass of resources is organizational knowledge. Basically, the organization is required to determine, maintain, and make available the knowledge needed for the operation of its processes and to achieve the conformity of its products and services. The organization is also required to provide the knowledge needed when addressing changing needs and trends. Now, when we, when we say knowledge, we're talking about basically inflammation, like it could be inflammation such as intellectual property and lessons learned. We can consider two types of knowledge or sources of malate, internal and external. For, as for internal sources, we can name learning from failures and successful projects, documented knowledge and experience of others or of the experts within the organization. As for external sources, we could need standards, academia, conferences, websites gathering, or basically gathering knowledge with customers or providers or anyone just involved with the organization. Let's take the example of an organization that wants to install a fire system. So it needs to ensure that it has identified what skills are needed for this kind of mission. So we will need fire, maybe five surveyors, engineers, an understanding of the fire standards. Now, as for auditing this requirement, first of all, there is no document necessary or required are required for this for this requirement. So the auditor first needs to ensure that knowledge is provided to everyone within the organization and how it's collected and managed, and how it's provided the system that the organization use, uses to provide the necessary knowledge and the auditor could take a look at documented information if there are any. As I said, there is no specific requirements. So if there are any documented information, the auditor could take a look at those. 35. 7.2. Competence: So we've seen the first subclass of gloss 7, which is of course resources. Now, the second subclass is a competence. Basically, the organization is required to determine the competence needed from person's doing work under its control that affects its quality, performance. This could be done by looking at maybe job descriptions or merely walls or contracts. Now, when we say competence, competence is based on three things. Education, training, or experience. So the organization shall ensure that these persons are competent on the basis of all of these three things. The organization is also required to retain appropriate documented information as evidence of competence. When we say documented information for competence, maybe we're talking about the personnel files or maybe the training records. The organization is also required where applicable, to take actions, to acquire the necessary competence and evaluate the effectiveness of these actions. These actions may include provision of training to personnel and mentoring, mentoring of personnel or reassignment of current personnel, or maybe hiring or sub-contracting competent persons. Are we talking about outsourcing here? Now, as for auditing this requirements, the auditor needs to review the documented inflammations like like diplomas, Berman certificates, authorization, resumes, training, records, or licensing, anything that anything that qualifies the person's to do the work. The auditor also evaluate the training process, whether it's internal or an external training, the methods used in that training, and also evaluate the mentoring and the reassignments of the personnel and also evaluate the effectiveness of all that the auditor. So also evaluate the competence of outsourcing personnel of subcontractors or the personnel belonging belonging to subcontractors. 36. 7.3. Awareness: The third subclass of Clause 7 is awareness. So basically, the standard requires the organization or the person, or the persons within the organization or the person's doing work under the organization's control to be aware of, first of all, the quality, policy and objectives relevant to that policy. And they should be aware of their contribution to the effectiveness of the quality management system, including the benefits of improved quality performance. They should also be aware of the implications of not conforming, of not conforming with quality management system requirements. So basically, the organization is to ensure that quality policy is read and understood by, by the person's working. We're doing work under, under the organizations, under the organization control. And they should be the person should understand the company's aim or the organization's goals and the company's processes in which they are involved and of course, their impact, their contribution. And that they should understand that they can have both positive and negative effect on the performance of the business in general of the organization. As for auditing this requirement, the other, it must review documented information such as training records and also the auditor needs to needs to conduct interviews with personnel to evaluate, to see the level of awareness with the personnel and their roles and impact. And there of course, behavior within the organization. 37. 7.4. Communication: The fourth subclass of Clause 7 is communication. Basically, the standard requires the organization to determine the internal and external communications relevant to the quality management system, including on what it will communicate, when to communicate, with whom to communicate, and how to communicate. What does that mean? Well, basically, the organization is required to utilize existing communication channels, methods, and means. We're talking, maybe email to talk and direct conversations. We're talking, phones and etc. Communication could be oral, written, or as a body language, and it could be formal, informal, or unofficial. The organization is also required to consider who will be responsible for general communication, like website content or maybe general marketing. And also who will be responsible for specific communication like customer client communication or product specific literature and the relevant needs of the intended audience. It also needs to consider in common communication. In other words, who will be responsible for receiving legal updates within the organization in making sure the these updates are communicated to relevant people. Now, as stated, when we're talking about communication, we're talking about internal and external communication. To maintain internal communications, the personnel in the organization shouldn't be briefed or informed about new policies, about new or amended objectives and strategies and technology about new clients, new products and issues with suppliers, basically anything that will have an impact on them and impact on the personnel to maintain external communication, we're talking about allocation of key account managers and implementing review meetings. Now, for auditing this requirement, the auditor needs to evaluate communications means like management lead communication in work areas, emails, intranet and website, and meetings. So the auditor evaluate these means. It needs to evaluate the channels, the methods, and the systems used in the communication in the organization. The auditor must also evaluate if the, if the honest to ensure if the communication methods are fit for purpose. And also, the auditor could conduct interviews with personnel and top management to gain their perspective on the internal communication effectiveness or the effectiveness of the internal communication. And they also, the dollar could also examine the feedback mechanisms within the organization, like one-on-one interviews or maybe employee survey. The auditor could also review documented inflammation like minutes of meetings that should contain items of internal communication. 38. 7.5. Documented Information : The fifth sub gloss of support is documented information, which in turn is divided into three other subclasses. The first one is a general talk. Basically, what the standard is talking about is that you could explain the system, but it would be easier, it would be far easier to write it down around your business and the business processes. Basically, the organization is required to keep documents that need to be maintained as documented information. And we've already talked about maintaining and the difference between maintaining a document and retaining a document. Maintain maintain documented information means that they must be kept up to date. They might, or they could be they could be revised or changed like the quality policy, quality objectives, and also the organization is required to ensure or to keep records that needs to be retained as documented information. And records must be kept as evidence that the organization has satisfied the one particular requirement. So basically, to prove that it's working a quality management system, the organization have to evidence that. The second part is creating and updating those documents. So first of all, I did identification and description. The organization doesn't need to create a fancy system or a software just to ensure that documents related to the quality management system are easily identifiable. Like we could use reference numbers and so on. The format, the format, this is just to prevent any one just using, we're just using documents that they see fit. So like language and software version, graphics and media like paper, and whether it's physical or digital or electronic. And also they need to be reviewed and approved off. The third part is the control of those documented information. It needs to be available to the white people. It needs to be available to everyone that they can see and in a suitable format and also protected from unintended alteration or destruction. The control of documented inflammation is based on a few steps or a few systems. So distribution systems access, retrieval and use storage and preservation. So it makes sense to keep a record of all your quality management systems along with its current version and issue numbers. So and also, it would be better to ask when it was last updated and who's responsible for the content and also knew the summary of any changes doing revision. So that's the control of changes and maybe when it's due for a review and also retention and disposition. In other words, how long it must be retained for in how it needs to be disposed off, taken into consideration, of course, the kind of information there or you're getting rid of like personal information, for example. Now, as for auditing this requirement, the auditor has to ensure that documented information required by the standard like the quality policy, quality objectives, and also the scope are maintained and also ensure that documented information necessary to ensure the effectiveness of the quality management system, like manholes, manuals, procedures, instruction, and so on, are also maintained. And also the other was to ensure that document that information is properly created and updated, and also the auditor needs to ensure that these information are properly controlled. Now, one thing to note here is that this isn't a standalone actions. And as we've seen before, how how it's required, how they organized, or the organization is required to keep documented information in many other requirements. So this isn't a stand-alone action. This is implemented in many other requirements. 39. 8.1. Operational Planning and Control: With this lesson, we start talking about gloss aid of the standard, which is of course, operation. Operation is basically about having appropriate control over the creation and delivery of products and services. Now, the first subclass of operation or gloss, eight years of course, operational, planning and control. Basically, the organization is required to plan, implement, and control the processes needed to meet requirements for the provision of products and services and to implement the actions determined in 6.1. These are, of course, the actions to address risks and opportunities. This could be done by determining the requirements for the products and services, basically identifying the needs and establishing the criteria for the processes and acceptance criteria. Basically, basically doing a system or providing a system with which the organization shall work with. And of course, identifying or determining the resources needed, whether it's money, people, and equipment, implementing the control of processes, and of course, retaining documented information. If you want to take a few examples of how to, how to work by these actions. We can set up, we can first name a few examples like setting up supplier accounts or trade accounts, or purchasing stock to have a start in your, in your organization and ensuring personnel have correct skills and competence. And of course, understand the process that they will work on. And of course, purchasing tools and vehicles, basically, purchasing the equipment and tools and making sure that we have or the organization has enough personnel for the specific tasks. And of course, issuing clear instructions, drawings, procedures, risk procedures, risk assessments to enable personnel to do their jobs. Now, as the standard suggests, the organization is also required to show clear control of the process. In other words, the organization is expected to check that delivery is as expected in that deviations or changes and negative impacts are controlled. This same control should be applied to subcontractors or to personnel belonging to subcontractors. Now, as for other thing, this requirement, the auditor shall ensure that requirements for the products and services are identified and are of course, determined. And also they need the auditor needs to review any documented information like project plans before the organization and the customer commit to work. The other is also required to ensure that any actions or measures to meet the to meet all applicable legal requirements are taken. 40. 8.2.1. Requirements for Products and Services: Customer Communication: The second subclass of glass eight is requirements for products and services, which is in turn divided into other four subclasses or four parts. The first one is customer communication, which is basically about how the organization relates to the customer. So the organization needs to establish a processes for communication, for communicating in relation to information, relating to products and services. Basically, what what is the organization selling? And also the inquiries, contracts or order handling, including changes. Basically, how can customers expect to be dealt with, and also obtaining customer views and perceptions, including customer complaints. So we're talking about reviews here, we're talking about getting feedback and also handling or treatment of customer property, if applicable, a fool talking about the customer property, how does the organization tweet that property or handle that property? So we'll basically looking after the customers property and also the specific requirements for contingency actions when relevant. Basically, what plans that the organization put in place if something goes wrong. We could take a few examples. For instance, the organ, the organization could allocate a specific person to the customer that handles all communication so that positive and negative feedback is captured and dealt with. In other, in other example, if you want is when engineers or security officers work around customers property, a process should be in place to protect the personnel or these engineers from being accused of maybe of damage or theft. When we say a process may be a process could include a site survey or risk assessment reports. Now, other thing, this requirement the auditor needs to ensure who's responsible for the customer communication. Is it one Is it the whole department or is it just one person? And also the auditor needs to ensure the reliability and the accuracy of information regarding products and services. The auditor could take a look, of course, at website, the website of the organization. Also, how does the organization respond to customer communication requests? So we're talking here about the complaint handling process. If the customer wants to complain about the service or the or the broad that how does the organization respond to that? How, how long does it take for the organization to respond to that? So this is basically the complaints handling process and also the effectiveness of the communication between the customer and the, of course, the organization. 41. 8.2.2. Determining the Requirements Related to Products and Services: The second part or second subclass for the requirements for products and services is determining the requirements to relate it to products and services. Basically, the organization is to establish a process to determine these requirements. We're talking about customer requirements, regulatory requirements, or legal requirements. We talk in safety requirements and organizational requirements or industrial requirements for the, of course, the products and services to be offered to potential customers. And so basically, the organization needs to ensure that it has the ability to meet those requirements and substantiate and groove the claims for the products and services it offers. So the organization is to be clear about what is required in order to sell their products and services, it must be able to deliver what it's selling. Let's take the example of an organization or maybe a customer who wants to install a, an intruder system or an alarm system. First, the organization to understand this, to understand the insurance, the insurance requirements from the customer. In other words, what type of system they desired or maybe which grade, which the grade they want. The organization could also run a test to prove to the customer that to prove the claims of the products and services that it offers. Now, as for other thing that this requirement, the other is required to evaluate the process or method to determine requirements related to products and services. Basically insuring what? Basically taking a look of how does the organization identify the requirements to products and services. And the auditor needs to ensure that the organization has the ability to meet the defined requirements and substantiate the claim. So in other words, brew of the claims for its products and services, and also the auditor needs to review any documented information. We'll talk in websites, catalogs, or brochures, for example, the auditor, as I said before, conducting interviews is always a great way to gather information. 42. 8.2.3. Review of Requirements Related to Products and Services: The third subclass of requirements for products and services is the review of requirements related to products and services. Basically, the organization is required to ensure that it's able to meet the requirements for the products and services being offered. And it needs to conduct a reef, the augment, the organization needs to conduct a review before committing to supply products and services. So basically, the organization is expected to review whether they, they can provide what they intend to sell or not. Let's take the example of a system's organization. A contract review should be in place either using paper or electronic documents like a confirmation, email, or quote, proposals. Now, this review must take into consideration customer requirements, the install, and any afterward like maintenance, follow-up, services, and so on. And also in this review, the organization must consider the elements that need to be completed to ensure this job is fitted correctly, like meter reading tests or commissioning forms or of course, and of course, operational checks and so on. And also in this review, in this review, there must be anything the organization must take into a count, anything else the organization needs to implement. And of course, legal requirements or regulatory requirements and any variations or any changes. Now, as for auditing this requirement, the auditor needs to review any documented informations, le information like websites, catalogs, or brochures, the auditor to also evaluate the process or the method the method used to review the requirements to or related to products and services. And also the auditor needs to understand who is responsible for the review and decision-making in providing products and services. 43. 8.2.4. Changes to Requirements for Products and Services: If any changes to the requirements for the products and services happen, like maybe any orders change, the organization is required to track and document that. So in the case of changes to the requirements, documented information is amended and also relevant persons should be made aware of the impact of changing requirements versus could be like of course, the customers and maybe the operation or the production teams. Now, the organization is required to retain documented information on the results of the review that we talked about in the last or the previous subclass. When we say results could be maybe emails could be orders submitted and accepted by the customers. And the organization should retain documented information on any new requirements for products and services. As for other thing, this requirement, this is this is a simple task the auditor needs to evaluate the change management, how the change is managed in the contracts and orders may be or how are how are relevant persons who were informed of the change? 44. 8.3.1 Design and Development of Products and Services: General: With this lesson, we'll begin talking about some gloss three of operation, which is of course, design and development of products and services. This subplots is in turn divided into six other, some glosses, or let's call them may be parts, so six other sub, subclasses or parts. Now, in some cases, the organization might be able to justify the exclusion of certain subset, gloss or parts without necessarily excluding the entire sub clause, meaning 8.3, of course. For example, an organization within an already with an already established product and or service design might only lead to ensure that design changes are managed in accordance with the requirement. Now, generally or basically, or maybe generally the organization is required to establish and implement, establish, implement, and maintain. So introduce a development and design process that is appropriate to ensure the subsequent provision of products and services. Now, as I said, the organization might be able to justify the exclusion of certain parts. So the organization is to understand the applicability of certain parts or sub sub clauses, so whether they're applicable or not. So the auditor will need to verify that any claims of man applicability are valid. Why, Why do so basically review the justification of the exclusion and also the other moves to review how the decision to proceed with design and development is taken. Of course, of course, having risks and opportunities or identifying risks and opportunities. It goes because risk-based thinking is always implemented in basically every, every requirement with the standards. Of course, when we say risks and opportunities, including cost implications. So have, have risks and opportunities been considered and have all relevant interested parties, whether internal or external, been consulted. 45. 8.3.2. Design and Development Planning: The second subclass of the design and development of products and services is of course, the planning of the design and development of products and services. So simply put, the organization is required is quite to plan the design and development process in order to determine the stages of this process as well as the controls needed. Now when planning the design and development process, a few things the organization has to take into consideration. Like, how long will it take to survey? How long will it take to gather information and question and what surveying skills are needed? Who should review the design and who can, who can confirm if it is right or not? And what needs to be done to check if it is right or not, and who would be responsible for all of that? And of course, what resources are needed. We'll talk in money, of course again, we're talking money, we're talking tools, would talk and of course any if any sub sub, subcontractors are needed. And ensuring all involved communication may be, for example, like surveyor and the designer and the administrator or the responsible. And checking that, shaking that what you are designing, what the organization is designing, is what the customer wants and expects. So again, this is basically what the whole management system, the whole, the whole management system, goal, customer satisfaction, and what other things are needed, like products and services. We're talking external products and services, or products and services from external contractors, which we'll talk about in later videos. And the control needed to ensure, to ensure it goes to plant. It goes, it goes through the plant and from Gaza, from customers and interested bodies like subcontractors, manufacturers on monitoring stations and ensuring that documenting the above has been considered. So all of this needs to be documented. Now to audit this requirement, the auditor needs to needs to ensure to needs to ensure the flow of the design and planning is going well. So nice to what is the overall flow, flow of the design planning and how it is described, of course, of course, by the personnel and of course, the auditor must evaluate the resources and the competence and the competence present and what part of the design will be outsourcing. So the auditor needs to evaluate the outsource IT resources, and who will be responsible to know the ability to understand who will be responsible and the authorities, the fine. And if the authorities are defined, how are in whether internal and external interfaces between various groups are, or whether they're identified and managed and are they required verification, validation, and review points are defined and are the main mile stones and timelines are identified. So we basically, we, the organization is to put a, put a timeline when planning the, planning the design and the development process. And is the implementation and effectiveness of the plan monitored and is the plane updated M communicated within the organization to all relevant functions as necessary. 46. 8.3.3. Design and Development Inputs: The third subclass of the design and development process is the design and development inputs. So basically, the organization is required to determine the requirements, essentially the needs essential for these specific types of products and services to be designed and developed now. So basically, the organization needs to consider is to consider what requirements I wanted requirements and what needs before starting to design and develop any products and services. Now, what, so basically what needs to be considered to design and, and we'll talk and maybe, we're talking maybe standards and go slash or goals of practice, codes of practice, the easy practical guide to achieving the standards of health, safety, and welfare. The organization also needs to consider design or development failure. Take the example of the Samsung Galaxy Note seven, which heats up and it burns. And of course, and of course the all of this needs to be documented. So the organization is to retain documented information on the design and development inputs. Now, as for other thing, this requirement, the arrow, needs to develop an understanding of how the organization identifies its own inputs. We're talking, of course, products, services, and processes. We're talking financial and environmental health and safety issues. Has the has the organization considered all of this and the organization risks and impacts and the customer's requirements and expectations and statutory and regulatory requirements. We're talking, of course, legal requirements applicable to the product and service to be of course, designed and developed. Of course, how the organization identifies and determines all of this. The auditor is to evaluate the risks, the possible implications for the customer satisfaction and issues that the organization may encounter if some relevant inputs are not considered. So, so what are the risks? What are the consequences when, when some inputs, some inputs related or relevant to the products and services to be designed and the products to be designed. So what will happen if the organization excludes, excludes those inputs? 47. 8.3.4. Design and Development Controls: The fourth subclass of design and development is the design and development controls. So the organization is required to apply controls to the design and development process. Design and development controls are aimed at providing assurance that the outputs of a design and development activities have met the requirements. The requirements for this activity, the organization is required to retain documented information, documented information on the control activities concerning the design and development as our state, as stated in here. So the organization is to retain documented information, defined outcomes, including specification, design in their functional and performance requirements and customer and expectations. Also, organization is to retain document information on the design review process with functional representation from the customer, engineering, production quality, and Project Management and Design Review gates like preliminary design review, detailed design review, critical design review, and commercial commercial or technical consideration, and authorized progression to next stage. So basically, your organizations to document that it has what it takes to go through each stage and go through the design. Also, we need to consider the verification activities like modeling simulation, alternative calculations and comparison with other proven designs. Like an end of course like experiments, we're talking testis and specialist technical reviews. Also the validation activities needs to be considered like functional testing, performance, testing, trials, prototypes, demonstration, and simulation. All of this is in the validation process or the validation activities. Now, validation could be simple, like a new design of office furniture could be validated by testing, testing prototypes and testing of initial samples of the finished product. And also the validation could be complex like components in electronic systems because it will have to comply with the requirements of other systems. The organization also needs to consider management of actions arising from design reviews and what actions the organization will take in on problems, on problems found and also arising from verification or validation activities like action registers, ownership timescales, escalation and changes to risk profile. Now, as for auditing, we're going to go through auditing 33 parts. We're going to go through the auditing of the design and development review and then the verification and then the validation. As for auditing, the review for design and development, the auditor needs to review whether reviews occur at planning stages throughout the design. Process and whether the organization has carried out, has carried out the reviews in a systematic way involving representative of the functions concerned with the stages being reviewed. So we're talking here, who are the representative who are responsible for the reviews and whether this review and what are they and the weather these review RK doubt any systematic way. And also has the organization consider all original and any new inputs and whether these men, whether revised inputs and outputs been reviewed and approved by those with the relevant with the relevant responsibility and authority. And thus the output demonstrate the suitability, the adequacy and effectiveness of the design, product or service, and whether there are adequate adequate records of these reviews. Now, as for auditing, verification of the design and development, the auditor needs to, needs to evaluate the verification, whether these the verifications are planned and that diversification is performed as appropriate during the process of the design and development and also whether the completed design or development is acceptable and the results are consistent with traceable to the initial requirements. And also whether they completed design or development is the result of implementation of a proper sequence of events. So we're talking we're talking here is series of action. The auditor needs to ensure that the design or development of development provides safety, security, and compliance with other requirements and design inputs. And also we stick the alanine is take a look or review the evidence or ensure that evidence is available to demonstrate that the verification results and any further actions have been recorded and confirmed when actions are completed. Now, as for other thing, the validation for the design and development. The other is to ensure that there are records to confirm that the validations have been carried out. When we say validation confirmation could be by examination. In other words, in other words, is the validation process capable of checking that the final product or service will meet or does meet customers needs. And also the other donors to evaluate the validation is to ensure that the validation was carried out in accordance with the plant arrangements for validation. And the validation indicates that the resulting product or service is capable of meeting the requirements of the specification. And also the auditor needs to ensure that there are records of any actions necessary to correct non-compliance with the design and development inputs and the reasons for these deviations. So if there are any maybe changes of their art, if there are, if there are any problems, what actions, what actions will be, will be, will the organization steak and other donors to take a look at the records of these actions. 48. 8.3.5. Design and Development Outputs: The fifth subclass of the design and development is the design and development outputs. The organization is required to ensure that its management systems outputs are complying with the identified identified needs in order to ensure that the resulting product can fulfill, fulfill its intending, intended use. And of course, and of course we have customer satisfaction. Now when we say outputs, outputs can include inflammation relevant to marketing, sales and purchasing or production, or quality assurance or information for service provision and maintenance. The product after delivery and should be provided in a form that enables verification and validation activities to be performed. Now, the organization is required to ensure that outputs meet the input, the input requirements. This is pretty straightforward. If products and or services does not meet the requirements, it's useless and the organization have failed to fulfill customer needs to meet, to meet the requirements. It's critical that these requirements were very clear in the first place. Second, it should be suitable for subsequent, the outputs should be suitable for subsequent processes for the provision of products and services. In other words, it should be very clear that the quality management system of the organization is able to produce products or services with specification, rules and regulation. And also the outputs should include or referred to appropriate monitoring or measuring requirements and their acceptance criteria. This can be accomplished by very, very, very close communication with customers and other stakeholders in the process, the organization is also required to ensure that outputs define the characteristics of the products and services that are essential for their intended purpose and they're safe and proper provision. In other words, the products or service should be, should function as intended and the organization should fully understand the product or service is safe and properly functioning. Take the example of maybe a car. So maybe a customer will request a car without breaks. The car still works, but that would not be safe though. So the organization needs to include breaks in the car and also all the all this information needs to be documented, maybe through either through a register or some other form. Now, as for auditing this requirement, the auditor needs to obtain evidence from the project selected to confirm that, to confirm that information regarding the completion of design and development stages or is available and also evidence evidence to confirm that the design and development process has been completed for this stage under review. And also obtain evidence to ensure that the design and development outputs have been confirmed. And also the many needs to review documented information like the registers. 49. 8.3.6. Design and Development Changes: The sixth sub clause of design and development is design and development changes. The organization is required to identify, review, and control changes made during all subsequent to the design and development of products and services. Of course, to the extent necessary to ensure that there is no adverse impact on conformity to requirements. So basically, the organization needs to retain documented information on the design and development changes, have any, if any changes or cure during the design and development process. And also the documented information on the results of reviews of the changes, meaning keeping records of changes, maybe two schematics for example. And also the organization needs to retain documented information on the authorization of the changes. In other words, who agreed on any changes, and also on the control or on the actions taken to prevent adverse impacts. In other words, when other words on the controls to stop, to stop things from being done incorrectly. Let's take the example of maybe a client who wants a fixed camera instead of a, of a pan tilt zoom camera. So APT. So a fixed camera instead of a PTC camera, the organization is required to document that, of course, considering risks, costs, and the output, and ensure that the client accepts these changes. Now, as for auditing this requirement, the other news to see whether the organization has identified are properly identified and communicated, the sources and requests for the changes, and whether the organization has evaluated the impact of any change, and whether is there any additional design proving or testing undertaken where appropriate, and weather. And weather, uh, the effects of the changes on the products or services already delivered are evaluated by the why the organization and has the organization appropriate approval? Has the organization given appropriate approval before a change is implemented? This could include legal approval or approval by the client itself. And it has the organization has the organization fully documented the changes and records and has the organization documented records including information regarding any necessary additional actions. 50. 8.4.1. Control of Externally Provided Processes, Products, and Services: General: Some clause four of operation is the control of externally provided processes, products, and services. Basically, the organization needs to consider the impacts of suppliers and what they provide the customer, and how it may reflect if something goes wrong when they recommend a product. For example, that many factors that you've been using as a, as an organization go out of business and are suddenly unable to supply goods. So when we say external providers will talk in suppliers were talking subcarrier, subcontractors or associate companies. Generally, or basically, the organization is required to ensure that externally provided processes, products, and services conformance to requirements. Now, when we say processes or products or services could be in the form of raw materials. So our organization is purchasing raw material from the supplier or maybe, or maybe hiring or outsourcing a corrective maintenance team. Now, our organization is required to determine the control applied to externally provided processes, products, and services. So now our organization is kind of like it's kind of like the customer. And so it needs to evaluate, to evaluate the processes, products, and services provided by those external providers or those core those suppliers through self-assessment questionnaires or through audits that they organize that the supplier of the supplier's quality management system and the supplier's processes. Now, our organization is required to determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers based on their ability to provide processes or products and services in accordingly in accordance with requirements. We could take a few examples, like, like technology or do they have the technology to supply what we want and quality, water quality standards? Do they, do they meet and maybe responsiveness? Are, are they responsive to our needs and delivery? Can they deliver on time? And is the price of the price or the cost acceptable and environmental impact? What is their impact on environment and the society? And this evaluation needs to be documented. So documented information is required. 51. 8.4.2. Type of Extent Control: The second part of the control of externally provided processes, products, and services is the type of extent control. Basically, the organization is required to ensure that externally provided processes, products, or services, do not adversely affect its ability to consistently deliver conforming products and services to its customers. So the organization is to ensure that the supplied product or service meets the specified requirements. Now, control mechanism could include the check of products at delivery, site acceptance tests or second party supplier audits. And if supplier others are required if the, if the if maybe our organization requires the supplier for a othered, this should be written in the contract with the suppliers and the organization criteria for determining the need, the type, and the scope of second party supplier audits must be based on risk-based thinking. So as I said before, risk-based thinking is not a standalone act or a stand-alone event. It is implemented in basically every other requirements. So the organization is required to identify or to identify the risks and opportunities that could, that could arise from, from doing business with that certain supplier. Now, externally provided processes, products, and services must remain under the organization's quality management system control through documented information. These documented information should include the supplier name, the date of the purchase, and the purchase order number, the ones. Now, one thing I should note here is that purchase orders should only be ordered by the purchasing manager or the account manager by the request of the purchasing manager. So as I was saying, we documented information should include the supplier name, the date of the purchase, the purchase order number, and the items required. What items? What what products and services to, what processes the organization is requiring or demanding, and how much the quantity need, require the delivery date, the quoted prices would applicable or known. So we'll talk in about the price here, the cost, and any information deemed critical for the supply of the material should also be noted. Now, as for auditing this requirement, the auditor Review documented information in a maybe a list indicating which which are the approved external providers in this documented information is kept up to date. Maybe, maybe the organization shall, shall, shall change the providers or the suppliers. The auditor shall also verify whether orders have been placed to external providers satisfying the defined criteria. As we were saying before, maybe the organization required is the supplier to have to have a to have an audit and that should be should be written in the contract. The auditor should also ensure that there is effective performance of outsourcing processes. And also The auditor shall evaluate whether the activities which are necessary for ensuring the specified requirements have been met are carried out. And also the auditor shall verify that risk-based thinking has been applied by the organization in determining appropriate controls over those external providers or suppliers. 52. 8.4.3. Information for External Providers: The third part for the, for the control of externally provided processes, products, and services is information for external providers, the organization is basically required when appropriate, to communicate not just the products or services they wish to receive, but also any processes they want the external provider to undertake on their behalf. So the organization is to describe the products to be purchased. Basically by defining the product approval requirements may be a Certificate of conformity and by the finding intended verification arrangements by maybe like maybe witness witness testing or or or certification, and by defining personnel qualifications and quality, environmental and safety requirements, and also, and also describe the products to be purchased by by maintaining records. Now, the organization needs to ensure that items are verified upon product received or service delivery to verify that they can form to the quality management system requirements, the competence of external personnel, the person's orders, the purchasing specification, the purchasing agreements, the release certificates, the certificate of conformity, the inspection and acceptance tests, the product specifications, and the national or international standards. Now, the receiving personnel must identify and inspect the items, goods and of course, materials, and match them against the delivery notes by the conformation of identification using purchase order number, drawing numbers, material markings, et cetera, when the confirmation of adherence and delivery schedule, that confirmation of conformance to purchase order requirements. The confirmation of correct quantity is the visual examination for obvious defects. Of course, the products, the measurement embarrassing to drawings were required. We've got drawings. There could be a comparison of the two drawings and specific specify certification or documentation as required. Now, for auditing this requirement, the auditor needs to confirm that the specification quoted in a purchase order is the same as the specification contained in the design or the drawing or the specification received from the customer. Also, the auditor needs to identify whether or not there were discussions between the organization and the potential suppliers regarding the design specification of critical components during the design process or prior to an order being placed. The order that also needs to see whether there was some kind of a form of a approval of the specification before the final specification or order was confirmed to the external provider. And also the auditor needs to see, does the purchase, whether the purchase order contain or refer to any story or regulatory legal so does the purchase refer to any legal requirements? 53. 8.5.1. Control of Production and Service Provision: The fifth subclass of operation is the production and service provision. This subclass is in turn divided into other five subclasses or five parts. The first one is the control of production and service provision. So the control of the production. Now, the organization is required to control the manner in which products are produced and services are provided. So your organization should seek and record evidence that it has controlled the conditions by which the products or services are provided. Ensuring that ensuring that documented information that defines the characteristics of the product or service is available. So information that describes the product or service also documented information that contains the activities that need to be performed to produce the product or deliver the service. And that this specifies the results that are to be achieved. And also the organization is required to monitor and measure which at appropriate points in the production process to ensure that both the processes themselves and the process outputs meet the organizations acceptance criteria. So the organization needs to make sure that it has what it needs to measure and test installed systems. And also it has suitable environment and infrastructure. Basically making sure that the organization has the right support, maybe from the office and from the site to complete the job. And also suitable monitoring and measuring resources need to be available and personnel need to be competent and when necessary, appropriately qualified and maybe through resumes and training records. We also need updated work instruction and product and service released delivery post delivery activities need to be implemented. You are going to talk about these two in later videos. Now, as for other thing, this requirement, the auditor needs to review documented information like of course like V personal files or the training records of the personnel, which of course is basically ensuring the competence of the personnel, needs to also observe and evaluate the measurement and the monitoring of the resources, as well as the infrastructure and environmental knew the auditor needs to ensure that the organization has suitable infrastructure and environment for its operation of processes. 54. 8.5.2. Identification and Traceability: The second subclass of the reproduction and service provision is the identification and traceability. The organization must seek and record evidence that its products and services are identified when appropriate, and their status with regards to monitoring and measuring are identified throughout the manufacturing processes. Basically, the organization is to establish a traceability system. This system should track components from maybe from raw materials throughout through the inspection and testing and then the final release. So the organization first must have a process in place for the identification and to its ability of the outputs through, through physical part marking, through labeling, through tags, Marco's visual indicators, but segregation laid down areas and maybe storage racks. And also this traceability and the identification system needs to be throughout, needs to be implemented throughout, through the design development, manufacturer, and delivery stages. We're talking establishing the identity and status of products and maintaining that identity and status. And we're talking about maintaining records of cereal or batch numbers. As for auditing this requirement to the auditor needs to ensure that products the products are identified as appropriate and it's status with regards to monitoring and measuring is identified throughout the product realization processes. The other learners also needs to ensure that the organization is controlling and recording the unique identification of the product. 55. 8.5.3. Property Belonging to Customers or External Providers: The third subclass of these production and service provision is the property belonging to customers or external providers. Basically, the organization is required to seek and record evidence that they have extended their treatment of customer or external providers property. When we say property, we're talking about maybe intellectual information such as data, addresses or prices. We're talking about materials, we're talking tools or equipment. We're talking maybe gossamer keys like passwords and so on. So the organization is to have a clear process protecting any property belonging to maybe a client, to a third-party suppliers, and so on. Let's take the example of maybe a team of subs, subcontractors who bring their own equipment. There should be a clear process on how that's managed, even if they're the one who's, who's responsible for their own tools. And when when personnel of the organization are working with there with that equipment, with that equipment belonging to the, to the customers or maybe to the subcontractors. Employees must be careful with that property in shooting that it's not lost or damaged. Now as well, I think this requirement, the auditor needs to ensure that the organization has clearly identified any and all customer property and whether the organization has established a process to protect to protect that property. And of course, the auditor needs to evaluate evaluate that process, and also evaluate the process established for contacting the customer when these items are either lost, damaged, or otherwise found, and suitable for the process. 56. 8.5.4. Preservation: In this part, we're talking about preservation. Basically, the organization is required to protect and preserve the product during internal processing and delivery to the intended destination. Basically, the organization is to ensure that the supply of services are protected. For example, ensuring that product delivered to site are not damaged, corrupt, or not damaged, and are delivered when maybe an engineer is on-site to receive the product. Now. And this will happen on a few steps. First, the identification. So basically the organization is to ensure that products are properly identified and do not become mixed with other with other ordered or products. So this is kind of like the identification and traceability, but it's a requirement let not as applicable. So the organization expects to see all products are clearly identified through labeling and so on. And we've seen this in the previous lesson or video. Second, we're talking about handling. This may include bulk handling, using using moving equipment or physical contact we're handling may influence product conformity. And third, we've got packaging, ensuring that labeling and Morgan off ship products are sufficient to enable adequate identification and traceability back through the quality management system. So the organization is to establish methods for packaging the product to preserve its integrity. And then we've got storage. They should include storage condition to prevent deterioration, damage, or loss. Maybe there is a temperature change may be there is there is anything that could, anything that could, that could damage that could damage the product. And we've got that protection. So we go talk raw materials, work in process materials. We'll talk about inspected product and nonconforming product and product ready for shipping should also be identified with its status and protected from any unintended alteration. Now, as far as for piloting, this requirement is to ensure that preservation measures are taken with the Ardern is to ensure that legal or regulatory requirements are taken. So legal and regulatory requirements applicable to the preservation in the industry. 57. 8.5.5. Post-delivery Activities: The fifth part of subclass five is the post delivery activities. Basically, the organization needs to meet requirements for post delivery activities associated with the products and services. So this is about post delivery, after delivery. So what an organization should do after they have supplied a product or service. These activities can include actions under warranty provisions and contractual on maybe contractual obligations like maintenance services or activities like supplemental, supplementary, supplementary services, like recycling or final disposal. Now, the organization while doing these activities, must take into account the statutory and regulatory requirements. Of course, we're talking about legal requirements and also the potential undesired consequences associated with its products and services. Basically, things that good, that could go wrong. And also the nature, the use and unintended lifetime of its products and services. Basically, how products should be used and how long they should last. And also customer requirements and of course, expectations and also customer feedbacks. These are the things that the organization needs to take into account while doing those post delivery activities or actions. Now, as for auditing this requirement and the owner needs to evaluate those activities or actions and nice to see how the organization is dealing with the post delivery. And also the auditor needs to review any document that information like warranty reports, insulation reports, minutes, and maybe maintenance records. 58. 8.5.6. Control of Changes: The sixth subclass of production and service provision is the control of changes. The organization, the organization is required to review and control changes for production or service provision to the extent necessary to ensure continuing conformity with requirements. Basically, the organization is required to implement a process for responding, maybe to unplanned changes that are considered essential in order to ensure that products or services continue to meet their specific requirements may be, for example, a company that wants to expand and decides to separate the sales department from the design department. This company or this organization needs to rethink documented information about that change. And also who authorize that change and also the actions arising from the change. What will happen, what will happen after the change. And so we're talking about identifying the risks and opportunities that comes after the change. So thinking needs to be implemented. Now, as for auditing this requirement, the auditor needs to see whether the impact of the change is evaluated, whether the whether the risks and opportunities are identified to determine the effect of the change on the work on or the process or the product already delivered. The auditor needs to also see what process control documentation, like procedures or form, will need updating as a result of the change. And also, what is the change approved prior to implementation, including where applicable. So basically taken into consideration the customer and legal requirements or legal authority. So what's the change approved by the customer and by the authority, by the legal authority. And the auditor needs to also review any documented information and nice to see that needs to ensure that we think documented information indicates the source of the change in inflammation on necessary actions and approvals. 59. 8.6. Release of Products and Services: The sixth subclass of operation is the release of products and services. The organization is required to implement blamed arrangements at appropriate stages to verify that the product and service requirements have been met. So the organization must show evidence that a process like methods, techniques, and formats are in place to monitor and measure the characteristics of products to verify that requirements are being met. Now, the release of products or service delivery must not be completed until blend requirements have been met. When we say blend the requirements or arrangement, and we've already talked about this before. So we're talking about the design verification and design validation like modeling simulations, experiments, trials, prototypes, et cetera. We're talking about disruptive and non destructive testing. So customer accepting our older customer, accepting acceptance testing, we'll talk in products certification, qualifications. We will talk in third party qualification from an regulator, recognized society, or independent testing body and et cetera. So these are the planar arrangement steps or actions. Now, when we say the release of a product was talking to the release to the next operation and then the release to win and the terminal customer until the release to a final customer. Now the organization must monitor and measure product characteristics to ensure that they are edible. They are able to demonstrate broader characteristics are continually met and to demonstrate the evidence of conformity with product requirements, the organization also needs to retain documented information to provide evidence that acceptance criteria have been met. And this is what were the auditor will verify those documented information. We'll we'll review those documented information and verify that they are maintained to provide evidence of conformity. The records or documented information like Certificate of conformity, like release certificate and like regulatory certificate, the auditor needs to also see who are the person or is it one person or or, or multiple persons authorizing the release of products we're talking about the main author writes signatories were talking user identification and also their authority, status. 60. 8.7. Control of Nonconforming Outputs: Control of not, of non-conforming outputs basically requires the organization to ensure that output that do not conform to the requirements are identified and control to prevent their unintended use or delivery. Basically, basically the quality management system shouldn't have clear control mechanisms and process in planned to implement corrective actions and basically deal with non-conforming outputs. When we say D will not conform and outputs, we're talking correction. Correction means identifying what's wrong and fixing it. Of course, after fixing the extra Fixing, after fixing the non-conforming output, the organization is to verify that it has actually fixed it by putting it back through maybe any testing or verification process that it has. And it also in dealing with canonical form, McHarg was also means segregation, containment, return, or suspension of provision of products and services. Essentially, the ability to ensure that the organization knows how many non-conforming outputs were created and what, if any, have escaped, and that the organization can return them to the previous process or request the customer to return them. Basically just stopping producing the non-conforming outputs. And then we've got informing the customer. Informing the customer means ensuring that the customers know what the situation is in how big the situation or the problem is, in what risks there are. And so the organization is to be a 100 percent open and honest. And then we've got obtaining or through an authorization for except for acceptance under concession, like saying, Okay, this one's I'll accept the outputs if they, then we've got a condition there. And also your organization needs to verify that the corrected non-conforming outputs are actually conforming to the requirements. And also the organization needs to record this, record what it's doing when things go wrong. So it needs to retain documented information that describes the non-conformity. The non-conforming describes the non-conformity in a way that anyone could understand and not just technical persons and documented information that also describes the actions taken. Did you put everything on hold? Did you recall did you investigate how it happened and did you follow up with the supplier and did you review the training of people and so on? Documented inflammation that also describe any concessions obtained, in other words, what was allowed and what wasn't, was it for a limited quantity or a limited time? Were there any limits on what would be okay. And what wouldn't. Also the documented information should identify the authority deciding the action in respect of the non-conformity, your organization should have a list of those internal or external persons who are authorized to make the decision was talking the name and the position of those persons. Now, as for other thing that this requirement, the auditor needs to see whether the personnel are have the power to decide that, have the power to all the authority to decide the disposition of the service, like immediately terminating the service or replacing the service provided or offering an alternative. Also, the auditor needs to see the that it needs to ensure that the organism needs to review or it needs to evaluate the organizations customer claims and complaints processes. And also needs to needs to see whether there are any temporary corrections that are implemented to mitigate the effect of non-conformity, like refund, like Reddit, like upgrading, et cetera. And also the auditor needs to see the identification, desegregation, and replacement of the relevant service equipment and the service providers and environment. 61. 9.1.1. Monitoring, Measurement, Analysis and Evaluation: General: Well this lesson, we start a new gloss, which is the ninth glass, which is the performance evaluation. But warms evaluation is divided into three sub glosses. The 1.1st 19 is monitoring, measurement, analysis and evaluation. So in general, thought, this is the, this is the first part of the first subclass, or this is the first subclass. So generally, this expects the organization to identify what they need to monitor, measure, analyze, and evaluate, and check the expected results are being achieved. Basically, evaluate to ensure that what they're delivering is how it should be. This could be done by taking into consideration what needs to be monitored and measured and also the methods for monitoring, measurement, analysis and evaluation as applicable to ensure valid results. Basically, how will the organization does the monitoring and measurement analysis and all that effectively? Also, the organization needs to do to see the zoo. If it needs to, needs to consider the timing of maybe of the monitoring and measuring. So when monitoring and measuring shall be performed and when the results from the monitoring and measurement shall be analyzed and evaluated. Maybe maybe at the end of a job, maybe midway through, maybe at the beginning of the recruitment process. Also, the organization needs to retain appropriate documented information. So it needs to record data on performance, on controls and conformance with object objectives and targets. And also the organization needs to evaluate the quality, performance and the effectiveness of the quality management system. So what the organization does with the results to check if the business is working as it should be and it needs to establish in management, review and reporting. So all of that works or works to make, to make a better, to make an effective measurement, to make an effective monitoring and effective analyzing and evaluation of performance. Now, what if the organization has just started and have no evidence yet? Well, this is excepted, but, but the organization should have a clear understanding what these are in the future. Now, let's take the example of maybe organization that wants to measure their engineer's performance. It can, again does that in a number of ways. Like the completion of commissioning, commissioning people were like test results and like technical audits. Now, as for other thing, this requirement, another of course, need to review the documented information like the results of monitoring and measurement, like an analysis and evaluation. So the auditor needs to take a look at the results of all of that. Also the news to see what the organization considers needed to monitor and measure, and also what methods are used. When we say Methods, methods can be as KPI or key performance indicators like conformity to proud of the products and services, like accomplishment of quality objectives, objectives, gossamer satisfaction, warranty, claims, complaints, et cetera. 62. 9.1.2. Customer Satisfaction: The second subclass of measuring, analyzing, and evaluation is customer satisfaction. The organization is required to monitor customer's perspective, perceptions of the degree to which their needs and expectations or have been fulfilled. So that it continues to be a need to obtain feedback from customers on whether they feel the product or service they have purchased was as they expected. Now, just collecting data on customer perceptions. And of course, when we say customer perceptions, It's what's the, what the customer thinks of the product or service. So just collecting data is not sufficient. The organization needs to seek and record evidence that it has analyzed and evaluated customer data by seeing whether there are any trends regarding their product and service and whether the customer needs and expectations on changing. Due. To effectively do that, the organization needs to determine appropriate methods for measuring and monitoring customer's satisfaction by using customer satisfaction surveys, maybe by face-to-face evaluations. If we're talking about a hotel, we could ask, how was your state maybe by telephone calls or visits which are of course made periodically, not persistently at or after delivery of products and services. It could be by internal inquiries among the organization's personnel who are in contact, who are in touch with customers. So we're talking about the personnel who know the clients or the customers. And maybe by monitoring accounts receivable and one of the claims, et cetera, or mine, or the customer complaints analysis. So this is how to determine, this is how to make perfect or effective measurement and monitoring customer satisfaction. As for other thing, this requirement, the other, nice to see what is the desired output of the process, what information is actually available on customer perception and how this information is used by management to drive improvement to the products processes and the quality management system as a whole. And also how is the data collected to feed the process of how all that data on customer perception is collected. And how reliable is that dictate? How reliable is that information by verifying the criteria that the organization uses for any sampling of its gossamer. And after collecting that data, it needs to, it needs to be analyzed. So the outer loop wouldn't need to evaluate how that data and how that information is analyzed. 63. 9.1.3. Analysis and Evaluation: The third subclass of measurement, analysis and evaluation is analysis and evaluation. Basically, the organization needs to analyze and evaluate appropriate data and information arising from monitoring and measurement. So this is pretty straight forward. Now, data and information can be gathered from, as we've seen before, from quality records, from monitoring and measuring results from process performance and results from internal audit, findings from customer surveys and feedback from second or third party auditor results from competitor and benchmarking information. So the sources of the data and information are truly, are pretty numbered. Now, once the data and information are gathered, they are used to evaluate the conformity of products and services. Basically to ensure that data is used to check what they're selling is as it should be. And also to evaluate the degree of customer satisfaction, how happy our customers and the performance and effectiveness of the quality management system, meaning how well did the organization perform and also the results of analysis are used to evaluate if the planning has been implemented effectively. Did it go according to plan on what may be hiccups along the way. And also to evaluate the effectiveness of actions taken to address risks and opportunities. Maybe, maybe the safety measures put in place, they work. Also, the results are used to evaluate the performance of external providers. Maybe did some subcontractors performed as they expected, and also to evaluate the need for improvements to the quality management system. What do they need to change now to make the quality management system better? For example, for example, the analysis and review of the monthly preventive maintenance performance basically to ensure that the organization is meeting their obligations. Now, as for other thing that this requirement, the other, nice to see how was the data and the information collected, and we've already seen this in the previous video. So how was the data and information gathered and collected and whether that information is used in management review and any other processes. 64. 9.2. Internal Audits: The second subclass of performance evaluation is internal audits. The point or the aim of internal audit is to give the organization a feedback loop on its processes and find out where the organization is not compliant with processes that they wrote to be able to highlight areas for improvement. So really you want you really want some non-conformance core feedback out of these internal audits, otherwise, they are pointless. Now, this subclass is in turn divided into other two subclasses, which we're going to talk about in this same lesson here. So the first one is of course, requires the organization to perform internal audits of its quality management system at bland intervals. Basically, to provide information to provide information that the quality management system conforms to the organization requirements. In other words, are you doing what you said you would in your quality management system? And are you of course, as an organization following your own procedures and also in also to provide information that the quality management system conforms to the standard or to ISO 9000, 12015 standards requirements for each of the clauses that are relevant to the organization and also to, to, to, to ensure or to provide information that the quality management system is effectively implemented and maintained. In other words, is it a living system that forms a real part of your organization's culture and the day-to-day operation? Or maybe is it something which is the something that sits on the shelf and only drag one week before an external audits. Now what we just saw is the role that internal audit blaze as an organization. And it says here at others are performed at planned intervals. And we're going to get back to that later. Now, let's dive a little bit more in with the second part of this subclass. So the second part, this is, now this is where we'll help kicks in as it tells you exactly as a, as an organization how to perform internal audit. The first part is about blending of the audit program and the organization must consider a number of things about the program. Like, for example, the frequency of the audit, how you will add it, and the responsibilities around the auditing and the planning requirements and reporting. Now, frequency is up to the organization. It depends on the complexity, the size of the organization, and the credit, the criticality of each process, and of course, on the results of previous audits. Now, a lot of people think that the organization must audit the entire quality management system every year. But, but that's not the case because the standard takes the risk-based approach to everything. So sometimes once in two years. Enough for some processes and sometimes it's a monthly basis and it's on a monthly basis or a regular basis. It's totally up to the up to the, of course, the organization. So the, the time, the timing here or the frequency here is flexible. So how you add it is also up to the organization. The organization just needs to follow good audit practices. Now, as for the second part, it says the defining. Now, the second step is defining the audit criteria. We'll talk in policies, processes, performance criteria, performance criteria like objectives, regulatory and statutory requirements, and also information regarding the context and the risks and opportunities and also the scope of each audit. For example, auditing the supply chain is a huge task. So you could, you could audit, you could either just a part or a process link to it like the ordered process or the, or the stores control process. And then we've got this selection of auditors and conducting audits to ensure objectively and the impartiality of the audit process. Basically, you want auditors to work well with people. Now, it's not required that internal auditors are formally qualified, but it would be great if they are qualified. And one more thing, they should not be involved in the activity being examined. And then we've got ensuring that the results of the audits are reported to relevant management so that the output should be discussed, should be discussed with the management of the audited department. And then we've got taking appropriate correction and corrective actions without undue delay. We're talking if the audit is any good, there will be things that could be improved, whether it's non-conformance or just improvement. Notice. And then we've got, of course, the organization needs to retain documented information as evidence of the implementation of the audit program and the audit results. We're talking maybe the calendars referencing any non-conformance or improvement notices. These are, of course, the steps that the organization must take in order to effectively, to effectively perform an internal audit. Now, as for other thing that this requirement, the other needs to evaluate the company, the competence of the people that they are, the competencies that are needed for the audit and applied to the other. The other hand, it also needs to evaluate the objectivity and impartiality of the internal audit process. Also, the auditor needs to ensure that risk-based thinking is performed by the organization in planning internal audits. In other words, of course, identifying the risks and opportunities that comes that comes in the process. Of course, the auditor needs to, needs to evaluate the degree of management of the involvement of the management in the internal audit process. Auditor also needs to see whether the organization is working by, by ISO 19190112018, which provides guidelines for auditing management system. Though it's not a requirement but the other admins to see if the organization is working by that. But as I said, it's not a requirement. The other also needs to see, also nice to see how the organization evaluates the effectiveness of its quality management system through the results of the internal audits and how it identifies opportunities for improvement. 65. 9.3.1. Management Review: General: The third subclass of performance evaluation is management review. Management review is in turn divided into other three subclasses. The first one is, of course, general. Generally, the top management is required to review. The top management again, is required to review the organization's quality management system at bland intervals to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction the organization. So the management the management review must address the possible need for changes to policy, objectives, targets, and other elements of the quality management systems. Of quality management system, I'm sorry. So these reviews are placed in meetings and these meetings will enable the top management to respond to issues and to recommend improvements. Now, who should attend these these review meetings? Well, well, it's important that a member of the top management, it shares the management review meetings. And we've got functional management. We've got line, we've got line management of God, let me go back. Functional management are the persons who have authority over maybe a department. We've got line management who are, who are responsible for the production, for the production and the responsible and have authority over the persons in the production section. We've got, we've got a process owners, we've got process champions, we've got action owners within the scope of the quality management system, who are the persons who perform the task? And we've got internal auditors. These are the persons that who should, who should attend the management review meetings? Now, how often should these management review meetings or cured? Well, of course, that depends on the level of risks and complexity of the organization. We've got we've got for the Critical Management Review, agenda items like process performance, like customer feedback and monitoring and measuring results. These should be reviewed monthly. And for a less critical agenda items like reviewing the quality policy and objectives. Objective should be undertaken less frequency, this should be taken less frequency, perhaps every water. Now. Now enable management. Reviews are insufficient in frequency to be able to react to any issues effectively. I'm saying this because a lot of organizations conduct management reviews anyway, but that's not, but that's an insufficient. 66. 9.3.2. Management Review Inputs: This is the second subclass of Management Review, and it talks about the management review inputs. This subclass gives us a list of things that should be taken into consideration in terms of inputs to the review. So I'm just going to list them out because I don't really have any other option. So the first one is the status of actions from previous management reviews. So the first input to take into consideration is the status of the status of the actions that were taken in the previous management reviews. The second one is any changes, whether it's internal or external, that would have an impact on the quality management system. For example, the restructuring or it's changing focus to entire 200 entirely new industry. And then we've got the review information on the performance and the effectiveness of the quality management system. This could, this could happen on the basis of a few key parameters or the key indicators we talk and maybe the customer satisfaction, the progress on quality objectives, the internal quality, any non-conformance or corrective actions or Kim planes, issues around monitoring and measurement results and the other two results and how external providers outperforming in any actions required. There. Other inputs that the management review should focus on our resources. So how adequate resources and how effective and how effective any actions that were taken as a result of risks and opportunities identified beans. So how effective those actions have been? Then another, another input that the management review should focus on is the opportunities within the organization. So the opportunities for improvement that the organization should identify. 67. 9.3.3. Management Review Outputs: Now let's talk about the management review outputs. Here, the standard is looking for the organization to record what decisions or actions health gum out of the discussions within the review. So what actions are made? Decisions are made after this management review. Now, outputs. Outputs can include opportunities for improvement, any actions for improvement or further decisions regarding opportunities for improvement, and any need for changes to the quality management system and any need for resources. Now, the organization is required to retain documented information to provide evidence that the management to review has been done and the results of it were documented inflammation like minutes or any data presented like charts, like the balls or reports. Well, as for other thing, this requirement the other of course, we'll review those documented information I just listed out. And the auditor should conduct interviews with the top management to ensure that management review meetings are covering inputs and outputs and to ensure that management review meetings are actually happening. And the auditor will ensure that actions and decisions are aimed at the improvement of the quality management system. 68. 10.1. Improvement: General: With this lesson, we'll start talking about the tenth and last clause of the standard, which is of course improvement. Now, obviously this isn't the first time we talk about improvement. We've briefly talked about improvement in the same, the seven principles of quality management. Now, the 10th floors or improvement, is divided into three, some glosses. The first one is a general talk. So general, basically the organization is required to determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction. So the organization to seek out and realize improvement opportunities that will better enable it to achieve the intended outcomes of its quality management system. Now, when we say opportunities for improvement, there are a number of sources for improvement or on offer opportunities for improvement. We can name the results of analysis and evaluation of environmental quality and health and safety performance or compliance or internal audits and management reviews. These are the these are, as I said, sources for, for opportunities for improvement. Now, the organization is required to do, is required to consider, you think, when, when it considers the opportunities for improvement. The first one is meeting customer requirements and enhancing customer satisfaction by using satisfaction indicators or ratings and maybe warranty claims. The second thing is improving products and services to meet requirements as well as to address future needs and expectations by, by understanding contractual arrangements and implied customer expectations. Also the, also the organization is required to focus improving the products and services like like future needs and like identifying future needs and expectation, like, like investing in the latest technology and innovation, and like improving reliability, reducing costs, and improving the on-time delivery. The organization also needs to consider correcting, preventing, or reducing undesired effects by investigating the root causes. And also it needs to prevent escapes of the customer, a customer that's coming but never, never, never coming back. And it also needs to act on customer feedback and all in service reports. Also, the organization needs to improve the performance and effectiveness of the officers Quality Management System by maybe acting on process performance results by understanding audit findings, which we're gonna talk about of course, and by reducing waste by processing, reengineering, by structural reorganization in my, maybe by promoting breakthrough projects. Now, as for other thing, this requirement, the auditor will first refers need to ensure that the organization has identified the opportunities for improvement and evaluate the actions that have been taken on those opportunities. The auditor needs to look for evidence that the organization is analyzing the data from process monitoring and is then taking the results forward for evaluating process efficiency. The standard proposes a number of areas that an auditor good assessed to obtain evidence and implementation of improvement. Like internal communication, like follow-up activities, like documented procedures, like the effectiveness of management, review meetings, like the customer feedback systems and training programs. And then the auditor will verify how the organization has determined a proposed rate of improvement. For example, in the ion nautical sector, the acceptable rate of non-conforming delivered products is 0%. So it would not be useful for the organization to set objectives for an improvement at that rate, however, it would be useful for the organization to have objectives aimed at improving its internal Efficiency and Competitiveness through maybe innovation. Now, one thing I should note here is that the auditor should remember that it would not be, it would be unrealistic to expect an organization to make progress on all but then shouldn't movements simultaneously. So the auditor should seek to ensure that the improvement objectives aren't consistent overall. 69. 10.2. Nonconformity and Corrective Action : The second subclass of improvement is non-conformity and corrective action. This is where the organization is required to react to non-conformity and implement correct and corrective actions whenever unconformities are identified. So whenever not unconformities are identified, the organization needs to follow a few steps. The first one is to react to the non-conformity and as applicable, take action to control and corrected. So first of all, it needs to identify the problem, then it needs to do something about it, to take action and to fix it. And then it needs to deal with the consequences. It needs to deal with the impact that it had like upsetting, like the upset, like an upset customer. And then the organization is to evaluate the need for action to eliminate the causes of the non-conformity in order that it does not happen. Again, it does not record or a core or a occured else where. And basically, basically evaluating what went wrong to prevent it from happening. Again. By, by reviewing the non-conformity and by determining the root causes of the non-conformity. Of course, using a root cause analysis needs to be in place. Some root cause analysis techniques may include the Pareto diagram or the Pareto chart, or the fishbone diagram, also known as the cause effect diagram, and also the failure mode and effects analysis or the FM EA. And also you can name the fault tree analysis. All these are the root cause analysis techniques. Also, also by eliminating the causes. Eliminating the causes could happen by determining if similar nonconformity is exist or could potentially or cure the organization that needs to implement any action needed. And it needs to ensure that corrective actions are completed according to plan and they continue to be effective over time. So it needs to review the effectiveness, the effectiveness of any corrective actions taken. Some examples of verification methods may include additional process monitoring, additional internal audits, or associated metrics, and so on. Now, the organization also needs to make changes whenever necessary to the quality management system. The organization also needs to retain documented information on the nature of non-conformity is and actions they can basically keep in keeping records of all nonconformity is and what the organization did to resolve them and also retain documented information on the results of corrective actions. For example, the results of analysis, databases, or performance data. Now, as for other thing, this requirement, the auditor needs to review any documented information about the non-conformity and the non-conformity management process. And also the older needs to conduct interviews with personnel to ensure that personnel are aware of the methods and actions taken against non-conformity and also and also the auditor needs to evaluate the actions and methods used to deal with the non-conformity is also the load will check if the non-conformity is happening in other processes. In other words, is it happening elsewhere or any other areas of the organization? 70. 10.3. Continual Improvement: Continual improvement is the third subclass of the of improvement or, or clause then and is the final or the last requirement of the standard. It basically requires the organization to continually improve the suitability, the adequacy, and the effectiveness of its quality management system. The aim of continual improvement program is seeking to increase the odds of satisfying customers by identifying areas that need improvement. So identifying improvement opportunities and management system under performance with data analysis and evaluation, with internal auditing, with management review and the use of appropriate tools and methodologies like the sigma, the Six Sigma or bench marking. And also, and also by increasing the level of conforming outputs or products or services. And by improving the processes and reducing process variation in order to enhance general performance for the benefit of the customers and of course, interested bodies. So with this lesson, we'll finish up talking about the management system and the 10 glosses. The standard ISO 9000 won the 2015 revision. With the next lesson, we started talking about the management system, auditing. 71. Management System Auditing: General: So with this lesson, we'll begin talking about the management system auditing. Of course, we have already introduced the term of auditing in each in each section or each in each clause or a subclass or requirements with the standard. But for now, let's let's define an audit any formal way. So an audit, an audit is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which are the criteria are fulfilled. So it's an examination to see where the quality activities and results comply with blend arrangement and whether these arrangements are implemented effectively. Now the other thing, a process, consists of a few steps, starting with initiating the other two, conducting document review to preparing for on-site activities, to conducting for on-site activities, to preparing, approving, and distributing the audit report, to completing the audit tool, finally, conducting the audit follow-up. And of course, we're gonna go through each and every one of these, starting with the next video. Now, the purpose of an audit is to collect objective evidence to allow an informed judgment about the status of the quality management system. So basically, gathering information, data are observing to come up with the judgment. This judgment is considered an audit findings. And as we've seen before, audit findings can be conformity, can be a non-conformity and can be opportunities for improvement. And so the R that will basically help verify the conformity to requirements will increase awareness and understanding and will provide a measurement of effectiveness of the management system to top management and will also reduce the risk of management system failure will identify improvement opportunities and we'll continue with when continuous improvement, if it's performed regularly. 72. Types of Audits: There are two types of audits, internal and external. We are very seen the internal audit, which is of course a requirement of ISO 9000 one, they requirement of the standard internal audit is also known as first-party audit and is conducted by the organization itself using its own auditors. As for external audits is in term is in turn divided into other two parties. We've got second party audit, which is an added conducted by parties that have an interest in the organization like the customers, for example. In we've got third body audit, which is an other performed by an independent organization on a regulatory body like an ISO 9000 one registered. I already included a list of item i 1000 one registers that you can take a look at if you're interested. 73. Defining Audit Objectives, Scope, Criteria: Every management system audit should have objectives, scope, and criteria. Audit objectives can include determining the extent of conformity of oddities, quality management system with the audit criteria. And we're going to talk about audit criteria later in this video. Now, the oddity is the organization or the department being audited or audit objectives may also include the evaluation of capability of the quality management system to ensure the compliance with authority, regulatory meaning, legal, and contractual requirements. And also the objective would include the evaluation of the effectiveness of the quality management system to meet its objectives, and also the identification of areas of improvement. Now, as for the audit scope, it's basically about defining the boundaries of the other what processes wouldn't be audited. And the organizational functions are what organizational functions are included. And what is the audit emphasis in the timeframe, the period, and the time of the audit. As for the other spot as for the other criteria, criteria is defined as the reference against which conformity is determined, like the national or international standards, like in our case here, the ISO 9000 won the 2015 revision or give me the contract and customer requirements or the legal requirements or the industry, goats. 74. Auditors and Audit Team: So let's talk about the auditor and the audit team. So first of all, who is the other? Well, of course, there's the person with the competence needed or required to conduct an audit. Now, as for the audit team, first of all, the other team could be composed of one or more persons and the selection of the audit team depends on the competence. Now, when we say the competence, there are a few things to take into consideration, like the audit objectives, scope, criteria, or duration, which of course we talked about in the previous lesson. We talking about the competence of the team to meet objectives. And we're talking about the sertoli or legal authority, of course, legal requirements, we contractual and certification requirements. Now, as we've said before, for an internal, an internal auditor does not need a certification. However, an auditor for a body for a for a for for a certification body does need, of course, a certification. I have included a document that contains the auditor the auditor certification requirements, and the skills the skills requirements like communication and so on. Then you can, of course, take a look at. Now the auditor competence is based on personal attributes like the Euler has to be ethical, open-minded, diplomatic, observant, and so on. Now, back to the audit team. The other team should have at least one lead auditor that coordinates the team activities. As I said, the the audit team could be composed of one or more persons, but it has if it's more than what it has to be, it has at least it needs to have at least one lead auditor. And, and the team could include auditors, auditors in training, technical experts, guys, or observers. Now, auditors are responsible for communicating and clarifying the requirements. What are the needs to conduct the audit and the planning and the carrying out the sign responsibilities efficiently, in an efficient way. It is also the job of the auditor to do document the findings, to evaluate whether we've got nonconformity is whether we've got conformity is or opportunities for improvement. Also, the auditor needs to report the other results. So we're talking about the audit report here. And also, you are already used to verify the effectiveness of the corrective actions and safeguarding records and confidential information, of course, about the organization. So the auditor needs to be honest and needs to safeguard records and confidential information regarding the organization. The auditor has also to be cooperating with the audit team and communicative with the audit team. 75. Audit Planning and Audit Execution007: So let's talk about audit planning and execution. And first of all, we don't talk about, of course, are the planning. First of all, we need to initiate the other planning. So initiating the other planning contains basically of determining the objectives, the scope, and the criteria of the audit, that it contains, the selection of the team, the initial contact with the oddity, whether it's the whole organization or a just a just a department. And identification of the specified requirements theory, whatever needed whenever their competence maybe needed to conduct that are added. And then we've got reviewing the documents, repairing the work documents. We're talking maybe checklist that I have included a sample of a checklist that you can use and you could take a look at that. So we're talking checklists, forms, whatever it is, and then we've got planning the audit and then getting approval. So we'll join up in other plan and then getting approvals. And then we're going to talk about the audit execution. This of course starts with opening meeting and then of course conducting audits and then closing meeting and then conducting the follow-up. Now, opening meeting aims at confirming all prior arrangements. So it's purpose is to confirm all prior arrangements and is held with the oddity, top management the top management of whether the organization or the department and those responsible for processes audited. We're talking maybe action owners or process owners and so on. This meaning, of course you'd be formal than the other team shouldn't be present. And the other rule, of course, describe the scope, the objective, and the criteria, the other. And then we've got conducting the audit and the steps of conducting the others are already already discussed about we already discussed about the steps of the conducting of conducting the audit in each requirement. So we talked about reviewing and checking records and documents provided by the organization and the observed observing work activities, observation of the work activities and the processes and questioning techniques. Questioning techniques include open questions like using Y, who, what, where, when, and how. Expensive question, which further elaborate the current subject or point. We're talking opinion question, we'll talk in nonverbals like body language. You're talking repetitive requests. And we'll talk in hypothetical question like what if suppose that we're talking a closed question that gets a yes or a no answer. And of course we are talking also about notes taken. We're talking we're talking about taking notes. Now, one very important point is that the audit must focus on the conformity and effectiveness, but not on finding non-conformity. 76. Generating Audit Findings and Closing Meeting: Before closing the meeting, the other team will need to generate audit findings, which are of course, results of evaluating the other evidence against the other criteria. In our case in the quality management system. This is, the criteria is of course, ISO 9,115 revision. So, so to generate our findings, we need to, we need to evaluate the evidence against the criteria. These findings could be, of course, conformity is now unconformities or opportunities for improvement. The other team will of course, record nonconformity findings with its supporting evidence so as to why it's considered, why that why that findings is considered non-conformity. And also the other team will need to obtain the oddity acknowledgements have nonconformity is for accuracy and understandability. In other words, the, the oddity, which is of course the organizations, the organization or just a department of the organization needs to be aware of all nonconformity is, and need to understand why it's the non conformity. Sometimes the organization will disagree on the decision of the non-conformity. In that case, this should be recovered. So this should be keeping a record of unresolved issues like the disagreeing on the non-conformity. And then we've got generating a conclusion which is of course the result of the added after taking into consideration the objectives of the other end the findings. And then at the end of the other, we're talking about closing the meeting which is conducted by the lead Auditor and this has to hold this is to present audit findings and conclusions and to cover situations encountered do we during the audit that may decrease reliance on other conclusions and of course, to discuss and resolve the diverging audit findings and conclusions and to keep record if there are unresolved, unresolved issues, and also to provide recommendations for improvement well specified by audit objectives and hear minutes and attended should be documented. Now this meeting is usually informal when it's about internal audits. 77. Nonconformities: Nonconformity is defined as the non fulfillment of a specific requirement. It's either not doing it, not doing it at all, or not following the requirements, are all or partially doing it or partially following the requirements or doing it the wrong way. Now when we say specific requirements, it's either the conditions of the customer contract or in other words, the contractual requirements or the quality, maybe the quality standard in our case, which is of course, the ISO 10012015, or the statutory or regulatory requirements. In other words, we go requirements. Now, nonconformity is divided into two types. We've got minor non-conformity, which is of course a failure to comply with the requirement, which is not likely to result inequality management system failure. And this is based on a judgment of course, and experience and it has minimal risks. We will have minimal risk of non-conforming product and service. We can name a few examples, like a two month labs in the internal audit program. This is considered a minor non-conformity or it's raining record that is not available or maybe no actions were taken to improve the system based on previous result findings. So these are considered minor non-conformity is now the other type is of course, major nonconformity, which is the absence or a total breakdown of a system to meet a requirement. This is a number of miners related to the same clause or requirement. And experience and judgment tells us, tells us that result, that a major nonconformity would result inequality management system failure or a significant, or will significantly reduce the ability to assure controlled processes and products. We can name a few examples for major nonconformity is like when the standard requires a documented information for the for a for a specific procedure, but no document were were present or were were shown. And maybe no awareness program for the quality management system. This is considered a major nonconformity or maybe no future bland, no future planned internal audits. So we've got the organization doesn't plan internal audits in the future. And this is of course, a major nonconformity or maybe unsufficient scope, or the number of minor conformity is found in the production process. 78. Audit Report and Follow up Activities: Before the audit is complete, in order to report needs to be prepared, and this is done by the lead auditor. Basically, the audit report will contain the audit reference, the client and oddity details. If they are not the same, if the oddity and the client are different. So the client and oddity details, the other team details of the list of the oddity representatives, like the top management and so on. The objectives, the scope, and the criteria of the audit, the audit plan dates, places, areas audited, and timing basically, where and when did the other take place? The summary of audit process are the summary uncertainty due to the use of sampling when gathering inflammation, the non-conformity report recommendations, obstacles encountered during the audit, any areas in audit scope. We're not that we're not covered any unresolved issues between the oddity in the audit team, conformation that audit objectives are accomplished with the confidentiality statement, the distribution list. Now the audit report needs to be distributed to the oddity, the organization or the department, whatever it is, Our that client. Again, if they're not the same, if they are different or if there is a certification body, et cetera. Now, the audit is complete when all activities in audit plan has been carried out, an audit report is distributed. Now, one activity that is conducted after the audit is the follow-ups or conducting the follow-up is basically evaluating the corrections and the corrective actions taken. So the audit conclusions may require corrective, preventive, or improvement actions. In the Odyssey, we'll decide and carry out those actions with an agreed timeframe. And those actions are not part, uh, I'm not part of the audit. As I said, this is after the other takes place and the other team will verify completion and effectiveness of actions taken in this verification may be part of a subsequent audit. With this lesson, we finish up we finish up this whole course. I hope this was helpful. And thank you.