Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

ISO/TS16949 (to become IATF 16949:2016) alignment to ISO 9001:2015

kzachawk

Involved In Discussions
#41
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

Will IATF - AIAG ever align with the revision of ISO 9001 known as 2015, which is based upon ISO 31000, 31010, and Annex SL.

This is a tough one to answer, I would guess the real answer isit depends. ISO 9001:2015, and specifically most of the prescriptive MSS's under ISO are shifting to the Annex SL (High Level Structure) which is founded upon ISO 31000 (technical details in 31010). This can become a vast issue with Corporations and Businesses, especially in the United States.

Let me list some quotations from ISO 31010 and then discuss This topic:

From the Introduction to ISO 31010 - Identifying the Intended Scope of the application of Risk Management

1) Organizations of all types and sizes face a range of risks that may affect the achievement of their objectives. These objectives may relate to a range of the organization's activities, from strategic initiatives to its operations, processes and projects, and be reflected in terms of societal, environmental, technological, safety and security outcomes, commercial, financial and economic measures, as well as social, cultural, political and reputation impacts. All activities of an organization involve risks that should be managed. The risk management process aids decision making by taking account of uncertainty and the possibility of future events or circumstances (intended or unintended) and their effects on agreed objectives.

From section 4.2
2) A risk management framework provides the policies, procedures and organizational
arrangements that will embed risk management throughout the organization at all levels.

From section 4.3.3
3) For a specific risk assessment, establishing the context should include the definition of the external, internal and risk management context and classification of risk criteria:
b) Establishing the internal context involves understanding
capabilities of the organization in terms of resources and knowledge,
information flows and decision-making processes,
internal stakeholders,
objectives and the strategies that are in place to achieve them,
perceptions, values and culture,
policies and processes,
standards and reference models adopted by the organization, and
structures (e.g. governance, roles and accountabilities).

From section 4.3.4
4) Risks can be assessed at an organizational level, at a departmental level, for projects, individual activities or specific risks. Different tools and techniques may be appropriate in different contexts.

From ISO 9001:2015 section 4 - CD version
4 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues, that are relevant to its purpose and its strategic
direction and that affect its ability to achieve the intended outcome(s) of its quality management system.
The organization shall update such determinations when necessary.

When determining relevant external and internal issues, the organization shall consider those arising from:
changes and trends which can have an impact on the objectives of the organization;
b) relationships with, and perceptions and values of relevant interested parties;
c) governance issues, strategic priorities, internal policies and commitments; and
d) resource availability and priorities and technological change.

Note 1 Understanding the external context can be facilitated by considering issues arising from legal, technological,
competitive, cultural, social, economic and natural environment, whether international, national, regional or local.

Note 2 When understanding the internal context the organization could consider those related to perceptions, values
and culture of the organization.

4.2 Understanding the needs and expectations of interested parties
The organization shall determine
a) the interested parties that are relevant to the quality management system, and
b) the requirements of these interested parties

The organization shall update such determinations in order to understand and anticipate needs or
expectations affecting customer requirements and customer satisfaction.

The organization shall consider the folloVving relevant interested parties:
a) direct customers;
b) end users;
c) suppliers, distributors, retailers or others involved in the supply chain;
d) regulators; and
e) any other relevant interested parties.

Note: Addressing current and anticipated future needs can lead to the identification of improvement and innovation
opportunities.

Now lets list some discussion points:
Since ISO9001:2015 is based upon ISO31000 and 31010 it leaves its scope of Quality management and takes on the scope of Business Risk Assessment (at all levels).
This revision of ISO 9001:2015 mentions that its risk based but leaves the door open to interpretation of what that specifically means, and does not mention but includes the texts of 31010. There are legal and structural ramifications to this standard which have not yet been discussed. Unless you have been deposed related to product liability, you might not have your thinking hat on concerning all the ramifications of this ISO MSS revision. Further, how many Quality people within most organizations have access to the governance documents of the business, or corporation. How many quality folks are familiar with the legal requirements and ramifications of partnership, LLC, C corp or S corp, or the SEC?

Looking at 31010 we see the words
1) All Activities
2) Organizational Activities including: Environmental, Safety, Security, Commercial, Financial, Economic, Political, etc. (very expanded scope)
3) Organizational Activities: Strategic Activities
4) Organizational Activities: Governance
5) Embedded at All levels

The only way anyone can understand the language of the ISO 9001:2015 revision, is to read the documents upon which it was founded (ISO 31000 and 31010). Not understanding these foundation documents could cause very serious consequences.

This means TC 176 left the door open for trained registrar auditors ( trained in ISO 31000 and 31010), to force risk management upon organizations based upon the ISO 31010 texts:
at ALL levels
across ALL Activities of the organization
Governance and Strategic

Quality folks need to understand that ISO 9001:2015 can be interpreted as no longer being a Quality Management System standard (MSS) and that it can be interpreted based upon its foundation documents, to be a Business Management Risk Standard, to be implemented at the Strategic or Governance level (the Board Level) of the business or corporation downward.

One of the question then becomes: are the folks at AIAG, ISO and the Registrars, ready to take on the Board members of a corporation and are the Quality Managers going to allow Registrars to dictate prescriptive requirements to the board level of their business? How do Executives and Mid level managers dictate to the Board level of the organization (corporate governance documents) the risk requirements intended from ISO 9001:2015, and defined in 31010?

Another question becomes: What are the legal ramifications which can be attached to implementing ISO 9001:2015 with its intent and thrust being risk management, which are based upon 31000 and 31010. With the level of intrusion that this new standard implies, its best that the organizations legal team become involved prior to anyone implementing this standard. The legal ramifications of this standard could be very damaging should product liability become an issue once a corporation becomes registered to ISO 9001:2015. Since US law is based upon the premise of "to know or have reason to know" and since ISO 9001:2015 is based upon 31000 and 31010, corporations have reason to know what those risk standards require. Product liability attorneys could therefore easily make the connection and use ISO 31000 and 31010 against any corporation, and at any level, for any activity, who are registered to ISO 9001:2015.

Another question becomes: How does a Quality Manager or an Executive limit the ISO 31010 statement of "all levels" and "across all activities". This would require some very specific and legal language for the QMS scope. (tip toe)

Another question becomes: Why have various standards (MSS's environmental, safety etc.) if the inclusion of all is retained within any one. Reading section 4 of ISO 9001:2015 it becomes clear that the intent of this MSS is no longer limited to Quality Management. If the intent of the High level structure (Annex SL) is to promote Risk management at all functions and all levels of a business or corporation and the language includes other aspects (environmental, safety, security, political, social etc.) then why have multiple MSS's?

Another question becomes: How will an organization embed risk management at all levels? and prove what was embedded is effective? Simply the vastness of this one activity could be extremely costly and daunting, especially without bounds in either the ISO 9001 MSS or ISO 31010.

With these specific things in mind it becomes clear that extreme caution be the order of the day before jumping on board with this new revision of what used to be a Quality management system standard. For the IATF & AIAG this standard becomes a challenge to their authority, can they step outside the scope of quality management at an organization level, and into the scope of business risk management at a board and investor level?

Some people have indicated that the IATF and AIAG simply have no choice but to adhere to ISO 9001:2015, but that is not exactly true. If ISO has expanded their authority past the scope of an organizations operational quality management, then each country's standards body has the ability to create their own operational system standards for quality, environmental, safety, security, etc., especially since all countries have some level of regulatory requirement for the same.

I don't think at this point, all of the ramifications related to the ISO paradigm shift from QMS at an operational level, to Business Risk Management at a board level, have been considered. IATF & AIAG most likely have cooled off due to the legal ramifications of ISO 9001:2015. I would additionally state that ISO TC 176, failed their own requirements of ISO 31000 and 31010, by not including interested parties and stakeholders (Corporate Executive and Board members, product liability attorneys etc.) in the design and scope change related to this MSS revision. I expect Many to take a wait and see attitude before before jumping "all in" related to ISO 9001:2015. There will be "gung ho" folks initially, but cooler minds will prevail once the full ramifications of this version of the ISO "quality" MSS are fully understood.
 
Last edited:

Sidney Vianna

Post Responsibly
Staff member
Admin
#42
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

f ISO 9001 known as 2015, which is based upon ISO 31000, 31010, and Annex SL.

SNIP


Since ISO9001:2015 is based upon ISO31000 and 31010 it leaves its scope of Quality management and takes on the scope of Business Risk Assessment (at all levels). SNIP
This means TC 176 left the door open for trained registrar auditors ( trained in ISO 31000 and 31010), to force risk management upon organizations based upon the ISO 31010 texts:
at ALL levels
across ALL Activities of the organization
Governance and Strategic

SNIP

Quality folks need to understand that ISO 9001:2015 can be interpreted as no longer being a Quality Management System standard (MSS) and that it can be interpreted based upon its foundation documents, to be a Business Management Risk Standard, to be implemented at the Strategic or Governance level (the Board Level) of the business or corporation downward.
Would you have any reliable source to support your assertions that ISO 9001:2015 is "based" on ISO 31000?

Your comment comes across as trying to make a point that ISO 9001:2015 will require organizations and auditors to have profound knowledge of enterprise risk management (ERM), something that, in my opinion is a huge falacy.

Attempts to mis-characterize what ISO 9001:2015 requires organizations to do are popping up everywhere and your assertions are not supported by ANY material I have seen so far from ISO, IAF and other stakeholders.

I suspect that some people who are versed in "risk management" will attempt to convince the rest of the population that "compliance and certification" to ISO 9001:2015 will necessarily follow the path of ERM, something that is absurd, in my estimation.

And, the IATF has already announced the creation of group to start working on the ISO 9001:2015-aligned version of the TS 16949 standard. The announcement is in their website.
 

kzachawk

Involved In Discussions
#43
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

From the DIS section Introduction around line 300 we have this statement

This International Standard makes risk-based thinking more explicit
and incorporates it in requirements for the establishment, implementation, maintenance and continual improvement of the quality management system.

Organizations can choose to develop a more extensive risk-based approach than is required by this International Standard, and ISO 31000 provides guidelines on formal risk management which can be appropriate in certain organizational contexts.

Adaption of law is generally based upon "to know" or "have reason to know" and since ISO 31000 is specifically mentioned as the document which provides guidelines for formal risk assessment and since its specific in the language that the intent of this current revision of ISO 9001 is to be explicit concerning risk and incorporate it in requirements, then folks who align with the standard certainly have reason to know about 31000 and its related documents of risk management. Any decent attorney can easily bring this point into play concerning product or service liability and force via deposition the companies position via these guidance documents for risk.

The door at that point is wide open and liability attorneys can go after corporations for any conceivable measure of risk related to the texts of those guidance documents. Therefore its not fallacy as you have stated in your comments its reality. It would be best that anyone considering registering their corporation to any of the proposed versions of ISO MMS's which are based upon Annex SL, get their legal team involved prior to registering. To not obtain legal advice based upon this proposed revision might open up the company to all manner of legal suits based upon the premise of considering interested parties.

Simply sit down with the standard and attempt to take on the task of addressing all of the interested parties which your business might impact (positively or negatively). Then consider that any one of those or others which you might not have considered, might be able to bring viable litigation against your company, for any number of reasons, pertaining to interested parties and your risk determinations of them. The volume of interested parties opened up with this revision is almost infinite, and business can be taken to task for not considering them either as risk or opportunity.
 

Helmut Jilling

Auditor / Consultant
#44
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

TS has always made the point that Safety as referenced in the standard refers to product safety and not other things such as OHSA. It has also always made clear that it is intended to work WITH other standards, (i.e.: EMS, Safety), but these other standards are not considered to be PART of the scope of TS-16949.

From that, I think it is safe to surmise they will make the point that the scope of the revised TS-16949 standard will address "Risk-based thinking" from the basis of product scope. This has been a part of TS-16949 and QS-9000 from the beginning in terms of APQP, FMEA and PPAP. It is not likely that they intend to broaden the scope to Enterprise-wide Risk Planning.

Lastly, prior to RBT being added to TS, lawyers have never had a problem suing companies for all manner of perceived ills. I don't think this will have a major impact on anything, to the scale that you perceive it to be. But, without a doubt, coprorate attorneys should review the new language when it becomes available, and no doubt will weigh in on certain language to be used or avoided.
 

kzachawk

Involved In Discussions
#45
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

First
Thanks for all the comments, I know I rattled some cages by making considerations outside the scope of what has normally been held as the paradigm of the Quality Management System. However, my field is outside Quality, where I had previously spent several decades in the automotive industry in the days of QS and TS.
And Thanks to Marc for his patience during these first of many long discussions on this topic.

What I observe with the revised ISO MSS's is a standard within a standard. The first standard being Guide 83 (Now Annex SL or High Level Structure), within that first standard I observe many terms which are not related to quality specifically and which allow a vast scope creep outwardly into regions that are not quality specific. When I observe terms and statements such as these:
The organization shall determine external and internal issues that are:
relevant to its purpose and strategic direction

Understanding External Context
legal, technological, competitive, market, cultural, social, and economic environments,
whether international, national, regional or local
socio-economic conditions under which it operates

Understanding Internal Context
values, culture,knowledge and performance of the organization
organizational culture

and when I see references such as these
(as defined in ISO Guide 73:2009)
Organizations can choose to develop a more extensive risk-based approach than is required by this International Standard, and ISO 31000 provides guidelines on formal risk management which can be appropriate in certain organizational contexts.

Then I am looking at something which is not Quality traditionally. I'm looking at requirements which vastly expand the scope of what used to be a Quality Management System, but which has morphed into something else entirely:

Stop for a moment and try to consider socio-economic as contex
"socio-economic conditions under which it operates"
Socio comes from social, and refers to any number of demographic and social conditions, such as:
the age structure,
racial composition,
sex ratio,
marriage & divorce rates,
and so on.

Economic refers to the economic conditions, such as income, unemployment rates, savings rates, and so on.
Social scientists use socioeconomic as an umbrella term to cover a wide variety of interrelated social and economic factors that might tend to
explain an observed phenomenon, event or set of events (such as war, revolution, political realignment, etc.).

This is just one example of the types of terms that I think are being glossed over by folks specific to Quality. They are also things which are interwoven into the intent of the ISO MSS revision for 9001,14001,18001,via its basic frame work known as High Level (Annex SL or Guide 83).

How many "Quality" folks are prepared to deal with International, National, Regional or Local:
Socio Economic issues? Competitive issues? Market Issues? Cultural Issues? Social Issues?

A typical Auditor question which I perceive as a result of implementing the 2015 revision of ISO MSS's, might be something along this line....

Do you know the impact the context of your company has upon External, international, interested parties related to Socio-Economic issues? Racial Diversity, Equality or Inequality, Labor, Economic disparity etc. in other words the quality of life?
Are you measuring those?
Do you have evidence these are being addressed or improved?

My point is not to discourage the emergence of these revisions of ISO MSS but to get folks who are traditionally quality minded to think outside their quality related paradigm. Thinking outside you prior paradigm requires you to look from outside the box and not to down play the impact these terms may have upon your business, should you choose to adopt any of these proposed revisions of ISO MSS.

Be prepared with a list of questions for your Registrar when they show up for your next audit, and ask them specifically how they interpret the terms International, National, Regional, Local related to Socio-Economic and the context of your organization, and what their expectations are related to those terms.

Be prepared to ask your legal department or legal representative (if you have such) the same types of questions.

Here is a quote directly from a presentation by Nigel Croft and TUV

"ISO/TC176/SC2 Vision
SC2’s products* are recognized and respected worldwide, and used by organizations as an integral component of sustainable development”​

Sustainable Development is identified later as comprising 3 parts
1. Economic Growth
2. Environmental Integrity
3. Social Responsibility

Now you have some insight as to the perception of TC176 when they developed this latest MSS and its High Level Structure. It's intent is to be an "integral component of Sustainable Development". Those are not my words but the words of a member of TC176.

Who is behind Sustainable development? See sustainable development at the United Nations web site
 
Last edited:

Helmut Jilling

Auditor / Consultant
#46
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

Your comments are interesting, but I still I think you are overthinking this. I have been doing this for many years, both as an auditor and a consultant, and you are linking to underlying documents that never are visible at the day-to-day level. Not disputing whether you are accurate, just saying these are at the ISO structural level, not at the day-to-day certified company level. I simply don't see the million certified ISO companies getting involved with this level of structure. very few would have the time or patience to be interested in that level. I simply say that they will add some additional management level discussion and documentation of risk considerations. Some will do it more formally, and may reference 31001, and some will do it more generically.
 
#47
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

Totally agree, Helmut. Over analysis!

"A typical Auditor question which I perceive as a result of implementing the 2015 revision of ISO MSS's, might be something along this line....

Do you know the impact the context of your company has upon External, international, interested parties related to Socio-Economic issues? Racial Diversity, Equality or Inequality, Labor, Economic disparity etc. in other words the quality of life?
Are you measuring those?
Do you have evidence these are being addressed or improved?"


I wouldn't hold my breath waiting on this being a "typical" auditor question! Leastways, not unless they radically change the LA training!
 

Helmut Jilling

Auditor / Consultant
#48
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

That would be over the heads of most auditors...and frankly, even at the General Manager level at most companies, not usually at their pay grade. That would be Corp exec team level strategy meetings, which could be executed at the plant levels... at any rate, we shall see...but I am not concerned.
 

kzachawk

Involved In Discussions
#49
Re: ISO/TS16949 aligned to ISO9001:2015

I would think that the AIAG IATF will do a few things if TS were aligned with 9001: 2015 (which I don?t see happening as the AIAG folks were adamant about their rejection of the changes). But if it were to occur, then I see them rearranging many of the listed requirements and consolidating them into workable sections based upon the PDCA, further I see them beefing up Risk management in the design phase (section 8), most likely even requiring 31000. Of course this would all depend upon the impact these changes would have upon the supplier base of the automotive sector and the effect they would have toward actually improving what already exists.
 

kzachawk

Involved In Discussions
#50
Re: Will ISO/TS16949 be aligned to ISO9001:2015 in the future?

ISO 31000 is specifically indicated in section 0.5 of ISO DIS 9001.
Further the definition of Risk 3.09 ISO DIS 9001 identifies the document "Guide 73" several times, which is the definitions document for ISO 31000. Therefore the intent is clearly there in 9001:2015 to consider these ISO documents. I can guarantee anyone reading this that attorneys will consider these documents (since they are mentioned specifically in the standard and since they contribute to definition and intent) to be fair game during discovery.
 
Top Bottom