ISO 9001:2015 4.2 and 6.1 - Interested Parties - How much detail is required?

P

Printerman

Hi,

how much detail is actually required for these sections of the standard?

4.2 I've compiled a list of interested parties and ranked them using a PI ranking giving me a priority....is further work required are are we okay monitoring these areas within the management review?

For 6.1 i've completed a SWOT analysis, and a MOST analysis on internal and external factors.

How detailed does the MOST analysis need to be? I have some basic info on completion dates but expected costs etc.. have not been looked at yet?

Thanks everyone.
 

dsanabria

Quite Involved in Discussions
As most good consultant would say - meet the requirements of the product / services.

Don't overthink the process. Yes, it is flexible and you can delete and add.

Auditors are looking for compliance of the standard not an exhaustive list. Having said that, you need to write down what adds value to you organization and tha top management is involved in that process.
 

leftoverture

Involved In Discussions
Definitely want to keep things simple here. Interested parties is just a list. There is no real analysis required for that. So the first part of the requirement is to know who your interested parties are. In terms of identifying their needs, depending on your business, that can be covered in your quality planning, product realization, and other processes. For example, our employees are one of our interested parties. Their needs are assessed through wage surveys, employee interviews, training assessments, etc. I think a key thing here is understanding how your processes are integrated.

In terms of 6.1, most organizations do risk assessment in a variety of ways. Nothing new is required on your part if you are already ISO certified to the old standard. It is as simple as understanding what activities you are already doing that are addressing risks. Design and process FMEAs, contract review, production capacity planning, preventive maintenance assessments, vendor selection, tool design reviews, etc. are all examples of things you are likely already doing that assess risk in various areas of your operation.

Point is, if you are implementing something new just to meet the 2015 standard...stop it! Go back and understand what activities you already do that are risk mitigators and make sure everyone in your organization understands them in those terms. It can be that simple!
 

Big Jim

Admin
Point is, if you are implementing something new just to meet the 2015 standard...stop it! Go back and understand what activities you already do that are risk mitigators and make sure everyone in your organization understands them in those terms. It can be that simple!

Amen!

That was too short to post so I'll say a hearty amen!
 
Q

QAMTY

Hi Leftoverture
That is a good idea, but I think that anyway you do a general scanning trying to find if you are missing something, is it this way?
By revising the 4.1, 4.2, strategic direction, all the processes,etc.

Maybe you get used to see the entire system in the traditional way, now seeing it in the 2015 optic, you may find additional risk, what do you think?

Regards
 
P

Printerman

Thanks for the guidance everyone. I'm actually a new employee to this company so understanding the structure and processes has taken me some time to get my head around but i think i'm getting there.

I've not created any additional work other than for 4.2 which i think was not covered enough in the earlier management reviews so I've documented it more clearly.
I've heard of people producing 5 page reports on the subject for this transition. Personally i think this is over kill and not what the clause is asking. Mine is a simple one page document of power/interest and giving them a priority ranking with objectives.

I'm basically tackling these during the management review stage. We are audited every six months so (being new) I've pulled the management reviews to every six months and intend to review them then.
 

leftoverture

Involved In Discussions
Hi Leftoverture
That is a good idea, but I think that anyway you do a general scanning trying to find if you are missing something, is it this way?
By revising the 4.1, 4.2, strategic direction, all the processes,etc.

Maybe you get used to see the entire system in the traditional way, now seeing it in the 2015 optic, you may find additional risk, what do you think?

Regards
No. Not really. We had to specifically identify our interested parties, that was not done. But in terms of risk assessment, we had plenty in place already so it was a matter of re-education to make sure everyone understood how their activities were related to risk mitigation.

Sent from my LG-TP260 using Tapatalk
 

Big Jim

Admin
No. Not really. We had to specifically identify our interested parties, that was not done. But in terms of risk assessment, we had plenty in place already so it was a matter of re-education to make sure everyone understood how their activities were related to risk mitigation.

Sent from my LG-TP260 using Tapatalk

You had a misguided or overbearing auditor.
 

Big Jim

Admin
No. Not really. We had to specifically identify our interested parties, that was not done. But in terms of risk assessment, we had plenty in place already so it was a matter of re-education to make sure everyone understood how their activities were related to risk mitigation.

Sent from my LG-TP260 using Tapatalk

Your auditor is asking for more than the standard requires. In that way I think he is either misguided or he is overbearing.
 
Top Bottom