QMS Documents Review 2019

Quality
Management
System (QMS)
Documents Review
Presented by CQL Business Systems Consulting
CQL Business Systems Consulting – April 2019

Objectives
• To better understand the preparation and
updating of quality management system
documents.
• To review some of the prepared quality
management system documents.

QMS Documents
• Needs and Requirements of Relevant
Interested Parties
• SWOT Analysis
• Risk/ Opportunity Assessment/ Plans
• Communication Plan
• Inventory of Data to Analyze and Evaluate

Relationship Between
ISO 9001:2015 Clauses
4.1 – Context of the Organization
4.2 – Needs and Requirements of Relevant

Interested Parties
6.1 – Risk and Opportunity Assessment
6.2 – Quality Objective and Planning to Achieve

Targets

Needs and Requirements of
Relevant Interested Parties
• Identify the functions of the office/ unit
• Determine who are the internal and external
parties involved
• Identify the needs and/or requirements of the
internal and external parties in line with the
function (e.g. Man, Machine, Method, Materials)
• List down the evidences of the identified needs
and/ or requirements
• Determine any statutory or regulatory
requirements pertaining to the identified need
and/or requirement
ISO Clause 4.2
Needs and Requirements of Relevant Interested Parties
Needs and Requirements

of Relevant Interested
Parties (4.2)
Internal External

Example
Area/ Function: Emergency Preparedness
RELEVANT INTERESTED NEEDS AND SUPPORTING COMPLIANCE ISSUES
PARTIES REQUIREMENTS DOCUMENTS OBLIGATIONS
INTERNAL EXTERNAL
Bureau of Compliance Emergency Fire Code of
Fire with emergency Drill Report the Phils. 2008
Protection drills (RA 9514)
Emergency Bureau of Participation of Emergency Fire Code of
Response Fire everyone during Drill Report, the Phils. 2008
Team Protection drills Attendance (RA 9514)
Test Questions: (1) Who is requiring this (needs/ requirements)? – Correct

(2) Who is doing this (needs/ requirements)? – Wrong
Example
INTERNAL EXTERNAL
Bureau of Compliance Emergency Fire Code of
Fire with emergency Drill Report the Phils. 2008
Emergency Bureau of Participation of Emergency Fire Code of
Supporting Documents – refers to the evidences of the needs and/or requirements.

Compliance Obligations – refers to applicable statutory and/or regulatory
requirements of the identified needs and/or requirements. Put “N/A” if not applicable.
ISO Clause 4.1
External and Internal Issues, Both Positive and Negative

of Relevant Interested
Parties (4.2)
Internal External
• Within control • Within control and w/o
and w/o Issue Issue – Strength
– Strength
• Within control but w/
• Within control Issue – Weakness
but w/ Issue –
Weakness • Not in control and with
or w/o Issue – Threat
• New ideas - Opportunity

Example
INTERNAL EXTERNAL
Bureau of Compliance Emergency Fire Code of Not done
Fire with emergency Drill Report the Phils. 2008 4x a year
Emergency Bureau of Participation of Emergency Fire Code of None
Note: Issues should be answerable to the identified need and/ or requirement.

ISO Clause 4.1
External and Internal Issues, Both Positive and Negative

of Relevant Interested S W O T
Parties (4.2)
Internal External
• Within control • Within control and w/o
– Strength
• Within control but w/
• Within control Issue – Weakness
but w/ Issue –
Weakness • Not in control and with
or w/o Issue – Threat
• New ideas - Opportunity

Example
AREA STRENGTHS WEAK- OPPORTU THREATS RELEVANT INTERESTED
NESSES -NITIES PARTIES
INTERNAL EXTERNAL
EP Emergency BFP
Response
Team
Copy Area/ Copy Internal and

Function External Parties

Example
INTERNAL EXTERNAL
EP Participation Emergency Changing Emergency BFP
of everyone drills not reqt’s. of Response
during drills done 4x a regulatory Team
year body
• If within control and no • If within • For every External Party

issues, copy or reword control but identified, determine threat/s
NEED/ REQUIREMENT. with issues, from them.
• Add other Strengths copy or reword • Threats are conditions and not
with no requirements, ISSUES. problems (risks).
e.g. achievements. • Other uncontrolled factors can
CQL Business Systems Consulting – April 2019 be added, e.g. weather, etc.
Example
INTERNAL EXTERNAL
EP Participation Emergency Automated Changing Emergency BFP
of everyone drills not Fire Alarm reqt’s. of Response
during drills done 4x a System regulatory Team
year body
• New idea/s that is not

yet existing in the
office/ unit.
• Put “-” if no identified
opportunity.
Risk Management Process
*ISO 31000:2018
Why Risk Management?
• Increase risk awareness – What could affect
the achievement of objectives? What could
change? What could go wrong? What could
go right?
• Increase understanding of risk – sensitivities.
What makes my risks
increase/decrease/disappear?
• Is proactive…. not reactive – Prepare for risks
before they happen. Identify risks and
develop appropriate risk mitigating strategies.

• Improves outcomes or achievement of
objectives.
• Facilitates good management.
• Promotes accountability, responsibility and
transparency
• May even mean survival.

• Minimize negative effects
• Maximum use of opportunities as they
arise

Understanding Risk
“A risk is the effect of uncertainty on objectives.”
• An effect is a deviation from the expected – positive

and/or negative.
• Objectives can have different aspects (such as financial,
health and safety, and environmental goals) and can apply
at different levels (such as strategic, organization-wide,
project, product and process).
• Risk is often characterized by reference to potential
events and consequences, or a combination of these.
• Risk is often expressed in terms of combination of the
consequence of an event (including changes in
circumstances) and the associated likelihood of
occurrence.
• Uncertainty is the state, even partial, of deficiency of
information related to, understanding or knowledge of an
event, its consequence, or likelihood.
*ISO 31000:2009/ISO Guide 73:2009, definition
Risk-Based Thinking
– a requirement of ISO 9001:2015
Need to plan and implement actions to
address risks and opportunities to
increase effectiveness of the quality
management system, achieving
improved results and preventing
negative effects.
*ISO 9001:2015
Risk Assessment
The process of evaluating the risk(s), taking
into account the adequacy of any existing
controls, and deciding whether or not the
risk(s) is acceptable.
Risk assessment is the overall process of risk

identification, risk analysis and risk
evaluation.

ISO Clause 6.1
Risk Assessment

Parties (4.2)
Internal External Risk Risk Risk Level Acceptable

• Within control • Within control and w/o Identified Analysis (RL) Level (AL)
Likelihood: 1-5 Likelihood
– Strength • Within control but w/ (Problems)
Consequence: x
Issue – Weakness 1-5 Consequence RL vs. AL
• Within control • Not in control and with
but w/ Issue – or w/o Issue – Threat
Weakness • New ideas - Risk Treatment: RL<=AL, Accept; RL>AL, Reduce, Transfer, or Avoid
Opportunity

Risk Treatment Options

Risk Assessment Table
Risk Likeli- Justifi- Conse- Justifi- Risk/ Controls Accepta- Risk/
Identified hood cation quence cation Level Available ble Level Treat-
ment
Noncom- 2 May 4 May 8 Presence 9 Accept

pliance happen result to of ERT
with BFP in a reputati
year on loss
or
penalty
of up to
P37K
Accidents 5 May 3 May 15 Presence 9 Reduce
during happen result to of ERT,
emergen- every partial Conduct
cies emer- disabili- of drills
gencies ty
Risk Assessment
• Likelihood – based on historical data
(i.e. basic forecasting probability)
• Consequence – worst case scenario
based on the Controls Available
• Controls Available – existing
mitigation plan to prevent
occurrence of risk or minimize its
impact
ISO Clause 6.1
Opportunity Assessment

Parties (4.2)
Internal External Opportunity Opportunity Opportunity Acceptable

Identified Analysis Level (OL)
• Within control • Within control and w/o Level (AL)
and w/o Issue Issue – Strength Likelihood: 1-5 Likelihood
– Strength • Within control but w/ Consequence: x
1-5 Consequence OL vs. AL
Issue – Weakness
• Within control • Not in control and with
but w/ Issue – or w/o Issue – Threat
Opportunity Plan: OL>=AL, Pursue; OL<AL, Decline, Explore or
Weakness • New ideas -
Accept with Control
Opportunity

Opportunity Treatment Options
• Pursue the opportunity
• Explore the opportunity in greater detail
before proceeding
• Accept the opportunity, but under
limited and controlled conditions
• Decline the opportunity, typically based
on a high expected cost or low
anticipated benefit
Opportunity Assessment Table
Opportu- Likeli- Justifi- Conse- Justifi- Oppor- Controls Accepta- Oppor-
nity hood cation quence/ cation tunity Available ble Level tunity
Identified Impact Level Treat-
ment
Automated 4 Have 3 May 12 With 10 Pursue

Fire Alarm 67% result to available
System capabi- in- supplier/
lity creased contractor
res- and
ponse person in
charge
time by
around
50%
X 1. Budget
ü 2. Person in-charge
ü 3. Supplier/ Contractor
Opportunity Assessment
• Likelihood – based on existing
capability
• Consequence – beneficial outcome/s
of the opportunity
• Controls Available – existing
capabilities

Communication and Consultation
• With external and internal stakeholders
• Take place during all stages of the risk/
opportunity assessment process
• Should facilitate truthful, relevant,
accurate and understandable exchanges
of information, taking into account
confidential and personal integrity
aspects.
*ISO 31000:2009

ISO Clause 6.2
Indicators - Planning to Achieve
Targets
Continue Existing
Accept Controls
Prepare Risk Add

Reduce
Treatment Plan Indicator
Prepare Risk Add

Transfer
Treatment Plan Indicator
Prepare Risk
Avoid End
Treatment Plan
Note: It can be a new indicator or a new activity in support of an existing indicator.

Risk Treatment Plan
Risk Likeli- Justifi- Conse- Justifi- Risk/ Controls Accepta- Risk/
Identified hood cation quence cation Level Available ble Level Treat-
ment
Accidents 5 May 3 May 15 Presence 9 Reduce

during happen result to of ERT,
emergen- every partial Conduct
cies emer- disabili- of drills
gencies ty
Risk Current Action Respon- Target New New New Remarks

Identified Risk Plan/ sibility Date Likeli- Conse- Risk
Level Controls hood quence Level
to be set
Accidents 15 Put Safety June 2 3 6
during evacua- Officer 2019
emergen- tion
cies signages
ISO Clause 6.2
Indicators - Planning to Achieve
Targets
Pursue Add Indicator
Prepare Add
Explore
Opportunity Plan Indicator
Accept
Prepare Add
with
Opportunity Plan Indicator
Control
Decline End
Note: It can be a new indicator or a new activity in support of an existing indicator.

Opportunity Plan
Opportu- Likeli- Justifi- Conse- Justifi- Oppor- Controls Accepta- Oppor-
nity hood cation quence/ cation tunity Available ble Level tunity
Identified Impact Level Treat-
ment
Automated 3 Have 3 May 9 With 10 Explore

Fire Alarm 33% result to available
System capabi- increased supplier/
response contractor
lity time by
around
50%
Opportu- Current Action Respon- Target New New New Remarks

nity Oppor- Plan/ sibility Date Likeli- Conse- Oppor-
Identified tunity Controls hood quence tunity
Level to be set Level
Automated 9 Identify Safety June 5 3 15

Fire Alarm person in Officer 2019
System charge
Budget Director June ‘19

Monitoring and Review
• Regular checking or surveillance
• Can be periodic or ad hoc
• Responsibilities for monitoring and review
should be clearly defined
• Results of monitoring and review should
be recorded and externally and internally
reported as appropriate
*ISO 31000:2009

Risk Assessment Technique –
Consequence/Probability Matrix
• A means of combining qualitative or semi-
quantitative ratings of consequences and
probability to produce a level of risk or
risk rating.
• Used to rank risks, sources of risk or risk
treatments on the basis of the level of risk,
*ISO 31010:2009

Risk Communication
Risk Level Action and Level of Involvement Required
• Inform Chief Executive Officer and Board of Directors

High Risk
• Immediate action required
• Inform Chief Executive Officer

Significant Risk • Strategy Team involvement/attention is essential to manage
risks – provide report to Board as appropriate
• Management mitigation and ongoing monitoring required

Moderate Risk
• Inform relevant Strategy Team members
• Accept, but monitor risks

Low Risk
• Manage by routine procedures within the program and site

Communication Plan
Relevant Interested What to When to Who to How to
Party Communicate Communicate Communicate Communicate
Internal External
Top Mgt. Accomplish- End of the Head of Unit Email and
ment Report Month Hard Copy
What is being Should be

communicated to internal from the
and/or external parties in office/ unit
performing the functions.
Can be specified or Means to

conditional depending communicate, e.g.
on the requirement email, hard copy, etc.
Inventory of Data to Analyze and
Evaluate
What to Purpose Method When to When to
monitor and monitor and analyze and
measure measure evaluate
Customer To ensure Survey, Semi-Annual Annual
Satisfaction customer Tabulation,
needs are Trend Analysis
met.
Data that Normally When to plot When to

will reflect involves data points assess/
performance tabulation interpret the
and trend data points
analysis
Thank You!!!

QMS Documents Review 2019

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

QMS Documents Review 2019

Caricato da

Copyright:

Formati disponibili

Quality

CQL Business Systems Consulting – April 2019

CQL Business Systems Consulting – April 2019

CQL Business Systems Consulting – April 2019

4.2 – Needs and Requirements of Relevant

6.1 – Risk and Opportunity Assessment

6.2 – Quality Objective and Planning to Achieve

CQL Business Systems Consulting – April 2019

Needs and Requirements

CQL Business Systems Consulting – April 2019

Test Questions: (1) Who is requiring this (needs/ requirements)? – Correct

Supporting Documents – refers to the evidences of the needs and/or requirements.

Needs and Requirements

• New ideas - Opportunity

CQL Business Systems Consulting – April 2019

Note: Issues should be answerable to the identified need and/ or requirement.

CQL Business Systems Consulting – April 2019

Needs and Requirements

• New ideas - Opportunity

CQL Business Systems Consulting – April 2019

Copy Area/ Copy Internal and

CQL Business Systems Consulting – April 2019

• If within control and no • If within • For every External Party

• New idea/s that is not

CQL Business Systems Consulting – April 2019

CQL Business Systems Consulting – April 2019

CQL Business Systems Consulting – April 2019

• An effect is a deviation from the expected – positive

Risk assessment is the overall process of risk

CQL Business Systems Consulting – April 2019

Needs and Requirements

Internal External Risk Risk Risk Level Acceptable

CQL Business Systems Consulting – April 2019

CQL Business Systems Consulting – April 2019

Noncom- 2 May 4 May 8 Presence 9 Accept

Needs and Requirements

Internal External Opportunity Opportunity Opportunity Acceptable

CQL Business Systems Consulting – April 2019

Automated 4 Have 3 May 12 With 10 Pursue

CQL Business Systems Consulting – April 2019

CQL Business Systems Consulting – April 2019

Prepare Risk Add

Prepare Risk Add

Note: It can be a new indicator or a new activity in support of an existing indicator.

CQL Business Systems Consulting – April 2019

Accidents 5 May 3 May 15 Presence 9 Reduce

Risk Current Action Respon- Target New New New Remarks

Note: It can be a new indicator or a new activity in support of an existing indicator.

CQL Business Systems Consulting – April 2019

Automated 3 Have 3 May 9 With 10 Explore

Opportu- Current Action Respon- Target New New New Remarks

Automated 9 Identify Safety June 5 3 15

Budget Director June ‘19

CQL Business Systems Consulting – April 2019

CQL Business Systems Consulting – April 2019

• Inform Chief Executive Officer and Board of Directors

• Inform Chief Executive Officer

• Management mitigation and ongoing monitoring required

• Accept, but monitor risks

CQL Business Systems Consulting – April 2019

What is being Should be

Can be specified or Means to

Data that Normally When to plot When to