ISO 9001, Risk Based Thinking, and Cybersecurity: A Case Study

ISO 9001, Risk Based Thinking, and Cybersecurity:  A Case Study

This case study relates to two companies after an acquisition. The first company, Aardvark, acquired Cheap and Easy Supply (CES). These two companies formed a new company called ACES. After the acquisition, they wanted to standardize their processes across both of the previous companies sites. Standardization proved to be more difficult than first anticipated.

Before the acquisition, CES had a home-grown system called E-Plan to manage the factory. It was perfectly suited for everything CES needed it for but it would be tough for it to handle Aardvark’s processes.  Further complicating things, only two people knew the inner workings of  E-Plan, as the developer of E-Plan had retired. While E-Plan had worked fine for CES, this information made it seem that using E-Plan for ACES may not be the best choice.

Read More

What do we REALLY have to do for ISO 9001:2015 transition? Part 2 of 5: Interested Parties

Your CB might start your ISO 9001:2015 transition audit by talking to your leadership team to make sure the major changes to the standard are in place. The first major change, “Context of the Organization”, was covered in the first article in this 5-part series. Now let’s look at “interested parties”, the second major change.

ISO 9001 clause 4.2 requires you to understand the “needs and expectations of interested parties.” What does that mean? 

“Due to their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization shall determine:
Read More

What do we REALLY have to do for ISO 9001:2015 transition? Part 1 of 5: Context of the Organization

What do we REALLY have to do for ISO 9001:2015 transition? Part 1 of 5: Context of the Organization

Your CB will tell you what they require for a transition audit, like the number of audit days they need and certain aspects of your system that you must confirm you have addressed, but they can’t tell you much about what the requirements of ISO 9001 actually mean for your business.  This is that start of a 5-part series about the 5 main changes to ISO 9001 that cross all of your functions and processes.  Once you understand these broad changes, you can make sure you apply them everywhere you need to – that is, if they haven’t already been the way you do business under ISO 9001:2008.

The first major change to ISO 9001 is in 4.1 where you are required to define the “context of the organization.” What does that mean, exactly? Clause 4.1 says,

Read More

ISO 9001 Mini-Lesson: Context of the Organization and Management Review

ISO 9001 Mini-Lesson: Context of the Organization and Management Review

A mini-lesson on ISO 9001:2015 Context of the Organization and Management Review based on a user question: “We have documented our internal and external issues. The standard requires as an input to management review that we take into consideration changes to these issues. Can someone give me an example?”

Read More