Risk management (ISO 31000) and risk-based thinking (ISO 9001)

Risk management (ISO 31000) and risk-based thinking (ISO 9001)

ISO 9001:2015 QMS standard introduced risk-based thinking as an essential part of quality management system. While ISO 9001 QMS standard always advocated mitigating and avoiding risks, in its earlier versions, requirements of preventive action were included that's aim was to prevent or reduce undesired effects. Now with the introduction of risk-based thinking in the quality management system, the organization needs to focus on risk-based thinking and thus implementing risk-based thinking in an organization is a challenge.

It is not necessary to adopt risk management or formal risk-based approach as per ISO 31000:2018 standard for an organization that wishes to implement ISO 9001:2015 QMS standard. Depending on the context of an organization, ISO 31000 family standards may help the organization in taking a 'risk-based approach' to the quality management system, its processes and activities. ISO 31000:2018 standard provides principles and general guidelines on risk management. ISO 31000:2018 standard provides guidelines to adopt formal risk management. Although ISO 9001:2015 QMS standard incorporates risk-based thinking in its requirements. ISO 9001:2015 QMS standard does not mandate adoption of formal risk management as per ISO 31000 standard.

ISO 9001:2015 QMS standard does not prescribe implementing ISO 31000 standard's requirements, however bibliography at the end of ISO 9001:2015 QMS standard includes the reference of ISO 31000 standard.

- Keshav Ram Singhal

Organizations may contact for conducting in-house training program on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking.'
Moderate trainer's fee. Customer satisfaction is prime objective.

Risk awareness culture

Risk awareness culture

Risk awareness culture (risk-aware culture) in an organization is helpful in applying risk-based thinking in a proactive way. Build a risk culture in your organization. Risk-aware culture in an organization is a foundation of values. knowledge, beliefs, understanding and communication of the risks associated to the organization's objectives and assets necessary to achieving the objectives. It is a capability of the organization to recognize risks before any threaten, mitigate them when they arise, and recover from the damages they may cause. It is capability present throughout the organization and it is woven into the normal routines, rituals, and behaviors of all persons involved.

To build risk-aware culture in the organization is the leadership (top management) that should demonstrate their leadership and commitment to the management system by collectively establishing core values, policies and procedures for the organization that include risk-based thinking and its awareness. Once the top management has established the foundation for building the risk aware culture, the next step is to share necessary knowledge with the organization's people. This includes written documentation regarding risk and continuous training for risk awareness. The organization should organize a 'Risk Awareness' program (lecture series) from time to time in the organization and motivate all employees to answer the question 'What can go wrong at my desk/job function?' Compile information and address all relevant risk issues. This will facilitate in building a risk culture.

Risk-based thinking must be adopted in every organization.

Decision making should be on the basis risk-based thinking. Define unacceptable to desired in every process. Identify and critically prioritize the mechanisms that can influence the behaviour of employees to adopt risk-based thinking. Enforce risk-based thinking in the organization's activities as usual activities. Leaders (top management) need to continually live and breathe the risk-based culture values.

- Keshav Ram Singhal

Organizations may contact for conducting in-house training programmes on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking.'
Moderate trainer's fee. Customer satisfaction is prime objective.

Summarized hint for applying risk-based thinking

Summarized hint for applying risk-based thinking

First question comes in our mind, how to apply risk-based thinking in the quality management system. Simple, we need to identify, understand and then address risks for which following should be done:
- Determine, analyze and prioritize the risks and opportunities in the organization and its processes. Analyze and prioritize - (i) Acceptable risks and opportunities, and (ii) Unacceptable risks and opportunities. Engage everyone in the organization to share their views on the system and its processes.
- Plan actions to address risks and opportunities by finding the solutions to (i) how to avoid, eliminate or mitigate risks, and (ii) how to benefit from opportunities.
- Then implement the plan. Take actions as per planning. Check the effectiveness of the actions taken. Learn from experience.

Leaders of the organization should integrate risk-based thinking into the organization's work culture. Organization's people need to know organization's processes for which clearly define each process and encourage people to add value to the process. Many risks can be reduced by organization's people when they are asked to add value.

- Keshav Ram Singhal

Organizations may contact for conducting in-house training programmes on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking.'
Moderate trainer's fee. Customer satisfaction is prime objective.

Benefits of applying risk-based thinking

Benefits of applying risk-based thinking

Risk-based thinking is a mindset to proactively improve the certainty of achieving results / outcomes utilizing processes and methods that consider threats and opportunities. There are various benefits of applying risk-based thinking.

Risk-based thinking:
- promotes proactive culture in the organization that improves organization's governance,
- assists organization to comply legal requirements,
- assures consistency of product/service quality,
- improves customer confidence and satisfaction, and
- can help organization prevent losses, capture opportunities and improve communication throughout the organization.

Lessons are learned by applying risk-based thinking and risks can be transformed into opportunities.

- Keshav Ram Singhal

Organizations may contact for conducting in-house training programmes on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking.'
Moderate trainer's fee.
Customer satisfaction is prime objective.

Risk-based thinking in ISO 9001:2015 QMS standard

Risk-based thinking in ISO 9001:2015 QMS standard

ISO 9001:2015 QMS standard incorporates risk-based thinking in its requirements. ISO 9001:2015 QMS standard does not mandate formal risk management. An organization can decide whether or not to develop a more extensive risk management methodology, however risk-based thinking is an integral part of ISO 9001:2015 QMS standard. One of the key changes in ISO 9001:2015 QMS standard is to establish a systematic approach to consider risks as integral part of the QMS, rather than to treat 'prevention' as a separate need.

The concept of risk-based thinking was also present in the earlier versions of ISO 9001 standards through requirements for planning, review and improvement. Earlier version, ISO 9001:2008 standard had a clause on preventive action that indirectly included risk-based thinking.

ISO 9001:2015 QMS standard specifies requirements to understand organization's context (clause 4.1) and determine risks as a basis for planning (actions to address risks and opportunities - clause 6.1). Requirements of clause 4.1 together with clause 6.1 depict the application of risk-based thinking to planning and implementing QMS processes. Consideration of risks is integral in ISO 9001:2015 QMS standard. It is now a proactive action, rather than to be reactive.

One of the objectives of a QMS is to function in a preventive environment and now the preventive action, though not present as a requirement, is reflected through risk-based thinking and is inherent to planning, operation, analysis and evaluation activities. Risk-based thinking is the part of the process approach. Risk-based thinking is evident in the following Para and clauses of ISO 9001:2015 QMS standard.

- Introduction - The Para explains the concept.
- Clause 4 - Organization needs to address risks and opportunities in accordance with requirements.
- Clause 5 - Top management needs to (i) promote risk-based thinking, and (ii) ensure determining and addressing the risks and opportunities that can affect conformity of product/service.
- Clause 6 - Organization needs to (i) determine risks and opportunities, (ii) plan actions to address risks and opportunities, and (iii) ensure actions taken (to address risks and opportunities) are in proportionate to the potential impact on product/service conformity.
- Clause 7 - Organization needs to determine and provide necessary resources for the quality management system. Risk is inherent in all aspects of the quality management system, so determining and providing resources is also necessary for determining risks and opportunities and taking actions to address risks and opportunities.
- Clause 8 - Organization needs to manage operational processes. Risk is inherent in all aspects of the quality management system. All operational processes have some risks.
- Clause 9 - Organization needs to analyze and evaluate data and information with regard to the risks and opportunities. Management review includes consideration of the effectiveness of the actions taken to address risks and opportunities.
- Clause 10 - Organization needs to correct / prevent / reduce undesired effects and update risks and opportunities determined during planning.

The risk-based thinking applied in ISO 9001:2015 QMS standard has enabled organization to plan and manage risk on the basis of performance. Clause 6.1 of the standard specifies requirements to plan and address risks and opportunities, however no formal methods or processes are mentioned in the standard. Formal risk management is not mandated in ISO 9001:2015 QMS standard, however an organization can decide its risk management methodology with the help of other guidance or standards. In the bibliography list at the end of ISO 9001:2015 QMS standard, ISO 31000 standard is mentioned that provides principles and guidelines for risk management. ISO 31000:2009 risk management (RM) standard can be helpful in taking a risk-based approach depending on the context of an organization, but necessarily implementing this standard's guidelines is not a requirement of ISO 9001:2015 QMS standard.

- Keshav Ram Singhal

Organizations may contact for conducting in-house training programmes on (i) 'ISO 9001:2015 QMS Awareness', and (ii) 'Applying risk-based thinking.'
Moderate trainer's fee.
Customer satisfaction is prime objective.

Why we need risk-based thinking?

Why we need risk-based thinking?

Why we need risk-based thinking? A general question needs answer. Risk is an inherent part of daily life. Risk also depends on the fragilities and capacities in a system, which are often not manifested until there is a triggering event. Risk may lead to disaster. Risk may be a path to disaster if protective capabilities of the system cannot deal with the negative consequences of the event.

Risk is a dynamic concept as it changes over time as the vulnerabilities or weaknesses in the system or society changing in time. Risk is not static, constant but rather a dynamic term that is constantly adjusting to changing vulnerabilities, weaknesses and hazards.

Risk is a fundamental reflection of the normal life. Why we want to minimize risk? Because we wish to minimize the chance of major disruption in our life (personal as well as professional) and also we want to keep the background stress in our life (personal as well as professional) as low as possible. We calculate and deal with risk in everyday life - we wear safety belts to reduce the likelihood of injury, get vaccination to reduce the risk of illness, take medical insurance to meet the cost for the treatment of future illness. Life or any system without risk is generally neither possible nor conceivable. Our response to natural and environmental hazards is often influenced by our perception of risk. Sometimes we choose to take a risk, knowing the associated risk. For example, people choose to smoke or drink, knowing the risks associated to their health. Risk perception is influenced by past experience and knowledge. Understanding a risk allows us to make informed decision by weighing the risk of certain activity or process with the benefits or outcomes derived from that activity or process. Without factual information, or with misinformation, we are faced with making an uninformed decision.

Risk-based thinking thus helps us to understand risks through a systematic valuation of determining risks associated in each process or system.

- Keshav Ram Singhal

Nature and impact of risk

Nature and impact of risk

Risks are basically threats that could stem from a variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters. Risks can impact an organization in the short, medium and long term. Risks may relate to organization's processes, tactics and strategy. Strategy sets out the long-term objectives of an organization, and the strategic planning for an organization will typically be 3 or more years. Tactics define how an organization intends to achieve change. Tactical risks are typically associated with projects, acquisitions, mergers and development of products and services. Organization's processes are the routine QMS activities that are under the impact of risk. Risk impact is an estimate of the potential losses associated with an identified risk. It is a standard risk analysis practice to develop an estimate of probability and impact. Risk management is the process of identifying, assessing and controlling threats to an organization. Although ISO 9001:2015 QMS standard does not mandate a formal risk management, however the standard incorporates risk-based thinking in its requirements.

- Keshav Ram Singhal

Defining risk

Defining risk

Risk is generally defined as: (Exposure to) the possibility of loss, injury, or other adverse or unwelcome circumstance; a chance or situation involving such a possibility. Risk is an uncertain event or condition that, if it occurs, has an effect on at least one objective. Risk is also defined in various standards. According to the definition set out in ISO Guide, risk is the 'effect of uncertainty on objectives'. According to the definition set out in ISO 9000:2015 QMS standard, risk is 'effect of uncertainty'. In order to assist with the application of this definition, ISO 9000:2015 standard also add a few notes that mean:
- An effect is a deviation from the expected. It may be positive or negative.
- Uncertainty is the state, even partial, of deficiency of information (= meaningful data) related to, understanding or knowledge of, an event, its consequence, or likelihood.
- Risk is often described by reference to potential (= something to develop in future) events (= happenings) and consequences (= results or effects, typically that may be unwelcome or unpleasant), or a combination of these.
- Risk is often described in terms of a combination of the consequences (= results or effects, typically that may be unwelcome or unpleasant) of an event (= happening), including changes in circumstances, and the associated likelihood of occurrence (= an incident or event).
- The word 'risk' is sometimes used when there is the possibility of only negative consequences.

- Keshav Ram Singhal

Risk-based thinking historical background, the 2008 global financial crisis and risk management

Risk-based thinking historical background, the 2008 global financial crisis and risk management

The earlier advent of risk management process was developed by insurance agents. They developed the technique to protect their insurance business from financial ruin by helping clients to minimize risks and thus reduce liabilities. The study of risk management began after World War II, but the discipline mostly began as a study of using insurance to manage risk. Later, from the 1950s to the 1970s, risk managers began to realize that it was too expensive to manage every risk with insurance, so the discipline began to expand to alternatives to insurance. For example, training and safety programmes were considered alternatives. The use of derivatives as risk management instruments arose during 1970s, and expanded rapidly during the 1980s, as organizations intensified their financial risk management. International risk regulation began in the 1980s, and financial firms developed internal risk management models and capital calculation formulas to hedge against unanticipated risks and reduce regulatory capital.

The global financial crisis in 2008 demonstrated the importance of adequate risk management. Improving risk management tools and practices were among the top priorities for institutional investors in the wake of the then global crisis. Since that time, global efforts were being made to address risks. In 2009, ISO 31000 and IEC/ISO 31010 were published. ISO 9001:2015 QMS standard also included the concept of risk-based thinking (RBT) that was published in 2015. ISO 31000 and IEC/ISO 31010 standards have since been revised and published as ISO 31000:2018 and IEC 31010:2019 standards respectively. ISO 31000:2018 standard provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context. IEC 31010:2019 provides guidance on the selection and application of techniques for assessing risk in a wide range of situations.

ISO 9001:2015 QMS standard does not require implementation of ISO 31000:2018 standard or application of IEC 31010:2019, however study of these standards may benefit each individual to understand risk management in a better way.

- Keshav Ram Singhal

How did you like this article, please let us know your comments. Thank you.

Risk-based Thinking - Introduction

Risk-based Thinking - Introduction

One of the new requirements of ISO 9001:2015 QMS standard is to show evidence of risk-based thinking (RBT) in the quality management system. How organization will do that? How to respond to the new challenges that ISO 9001:2015 QMS standard requires? People in the organization are facing with these questions.

ISO 9001:2015 QMS standard does not call for formal methods for managing risk. An organization is free to choose its method(s) to address risks and opportunities. Risk management is an increasingly important business driver these days and stakeholders, particularly customers, have become more concerned about risk. A risk-based thinking (RBT) enables an organization to consider the potential impact of all types of risks and opportunities on all processes, activities, products and services. Implementing a comprehensive approach to RBT will result in an organization benefiting from the actions taken to address risks and opportunities.

ISO 31000:2018 is an standard that describes risk management - guidelines. IEC 31010:2019 is an standard that describes risk management - risk assessment techniques. ISO Guide 73:2009 provides risk management - vocabulary. One may turn to ISO 31000:2018 and IEC 31010:2019 standards, but it is not as easy as it looks. There are many guidelines and techniques to choose from and many may be too complicated and not easy to implement. ISO 9001:2015 QMS standard does not require implementation of ISO 31000:2018 standard or application of IEC 31010:2019, however study of these standards may benefit each individual to understand risk management in a better way.

We will provide the necessary inputs on risk-based thinking (RBT) and risk assessment techniques in forthcoming articles, that may be applied to a quality management system. In the forthcoming articles, a simple method to determine risks and opportunities will be mentioned that can be followed for demonstrating risk-based thinking as required by ISO 9001:2015 QMS standard. This trainer has also prepared a seven-eight-hour vocational training, which can be conducted at your campus, for which you can contact this trainer. If you want to learn risk-based thinking and risk assessment techniques from home, you can also get training through WhatsApp or email.

By attending the training, a participant will be able to understand:
- Concept of risk-based thinking,
- ISO 9001:2015 QMS requirements related to risk-based thinking,
- Benefits of using risk-based thinking,
- An overview of various risk assessment tools - Techniques and methodologies that you may apply in your QMS,
- Using risk-based thinking to achieve better internal controls,
- Demonstrating risk-based thinking during audits (internal and external).

At the end of the training, an assessment questionnaire will be provided, so that your learning can be evaluated.

- Keshav Ram Singhal
Email -
krsinghal@rediffmail.com
keshavsinghalajmer@gmail.com



How did you like this article, please let us know your comments. Thank you.

ISO 9001: 2015 QMS Awareness related articles are aimed at spreading awareness on ISO 9001: 2015 QMS. These articles should not be used as an alternative to the ISO 9001: 2015 QMS standard. To implement the quality management system in an organization, one should also use ISO 9001: 2015 QMS standard, which you can get from the International Organization for Standardization (ISO) or its national member institution ('Bureau of Indian Standards' in India).

# 03 - ISO 21001:2018 EOMS Awareness - EOMS Principles

ISO 21001:2018 EOMS Awareness - EOMS Principles

ISO 9001:2015 QMS standard is based on seven quality management principles, however ISO 21001:2018 EOMS (Educational organization management system) is based on following 11 management principles:

(i) Focus on learners and other beneficiaries,
(ii) Visionary leadership,
(iii) Engagement of people,
(iv) Process approach,
(v) Improvement,
(vi) Evidence-based decisions,
(vii) Relationship management,
(viii) Social responsibility,
(ix) Accessibility and equity,
(x) Ethical conduct in education, and
(xi) Data security and protection.

1. Focus on learners and other beneficiaries – The primary focus of the EOMS is to meet learner and other beneficiary requirements and to exceed their expectations. This principle resembles with the customer focus principle of the QMS. An educational organization should understand current and future needs and expectations of its learners and other beneficiaries for its products, services, delivery, price, dependability etc. The organization should ensure a balanced approach, create awareness and communicate requirements of its learners and other beneficiaries throughout the organization. Its goal is to meet requirements of its learners and other beneficiaries. The organization should strive to exceed expectations of its learners and other beneficiaries.

2. Visionary leadership – Visionary leadership is to engage all learners and other beneficiaries in creating, writing, and implementing the organization mission, vision and objectives. This principle resembles with the leadership principle of the QMS. We understand that leaders establish unity of purpose and direction of the organization. Leadership in an educational organization should create and maintain the internal environment in which people can become fully involved in achieving the EO's objectives. Top management of the EO needs to play leadership role through management commitment, focus on learners and other beneficiaries, policy, planning, responsibility and authority, effective communication and management review. Therefore, the leaders of the EO should (i) be proactive, (ii) understand and respond to changes that are visible in the educational industry environment, (iii) establish clear vision of the EO, (iv) build trust, eliminate fear and motivate people.

3. Engagement of people – It is essential for the organization that all individuals involved are competent, empowered and engaged in delivering value. This principle resembles with the engagement of people principle of the QMS. There are various activities in an EO that are performed by the people. People at all levels are essence of the EO. Without engagement of people, nothing can be achieved. People of the EO need to be competent. They should be empowered and engaged in delivering value. Their engagement at all levels in the EO enable their abilities to be used for the EO's benefits. Top management of the EO should make sincere efforts to maximize engagement of people in the EO by taking steps to empower and motivate them and by providing ways to increase their skills and knowledge. If people of the EO are competent, empowered and engaged throughout, it will enhance EO's capability to create value and achieve its objectives.

4. Process approach – Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system, including input and output. This principle resembles with the process approach principle of the QMS. A desired output (consistent and predictable result) can be achieved more efficiently when all related resources and activities are understood and managed as a coherent system that functions as interrelated processes.

ISO 21001:2018 EOMS promotes the adoption of a process approach. It is the intention of the standard that the EO must adopt process approach when developing, implementing and improving the effectiveness of its quality management system. The main objective behind adoption of process approach is to enhance satisfaction of its learners and other beneficiaries by meeting their requirements.

To function effectively and efficiently, an EO has to determine and manage numerous linked activities. What is a process? An activity that comprises set of interrelated or interacting activities which transform inputs into outputs can be termed as a process. In EO's activities, output from one process can form the input to the next process. The application of a system of processes within an organization can be said the 'process approach'. Process approach requires determination of processes, interaction of determined processes and their management. Management of determined processes and the system as a whole can be achieved using a PDCA methodology with an overall focus on 'risk based thinking'. Risk based thinking helps at preventing undesirable outputs.

Process approach is helpful in ensuring: understanding and consistently meeting requirements, consideration of processes in terms of added value, the achievement of effective process performance, and improvement of processes based on evaluation of data and information.

5. Improvement – Successful organizations have an ongoing focus on improvement. This principle resembles with the improvement principle of the QMS. Improvement is the process of a thing or system changing or moving from one state to another state considered to be better from the first state, usually through some action intended to bring about that better state. The concept of improvement is important to all EOs as well as to individuals.

Successful EOs have all time continual focus on improvement. Improvement is essential for every organization to be successful to maintain its level of performance, to react to changes in its conditions (internal and external) and to create new opportunities. Improvement is necessary for growth and success of an EO.

6. Evidence-based decisions – Decisions and curricula based on the analysis and evaluation of data and information are more likely to produce desired results. This principle resembles with the evidence-based decision making principle of the QMS. Desired results or intended outputs are likely to be obtained when decisions based on analysis and evaluation of data and information are taken. Decision making becomes easier if there is analysis and evaluation of data and information.

Decision making always involves some uncertainty, so it can be termed as a complex process. There are multiple sources of information, multiple sources of inputs and a number of interpretations that can lead to a subjective decision. It is always better to have an evidence-based decision making as facts, evidence and analysis of data and information lead to greater objectivity and confidence in decision making.

Proper use of statistical techniques will ease analysis of data and information that will lead to evidence-based decision making. Decisions taken based on analysis of data and information will lead to the right path for consistent improvement of the EO's system including processes and resulting product and services.

In India and also in other countries, it is seen that large and medium-sized organizations are using statistical tools, however there is a need to increase awareness for using statistical tools among people working in EOs.

7. Relationship management – For sustained success, organizations manage their relationships with interested parties, such as providers. This principle resembles with the relationship management principle of the QMS. This principle resembles with the evidence-based decision making principle of the QMS.

An EO and its learners and other beneficiaries are interdependent. Learners or other beneficiaries can affect a decision or activity of an EO. And also interested party or parties can be affected by a decision or activity of an organization. Interested parties can influence the performance of an organization. A mutually beneficial relationship between the EO and its learners and other beneficiaries enhance the ability to all to create value to each other.

To get maximum benefits of relationship management on EO's performance, it is necessary for the EO to manage its relationship with its learners and other beneficiaries

8. Social responsibility – Socially responsible organizations are sustainable and ensure long-term success. The practice of social responsibility does not limit only to corporations, companies or NGOs, presently EOs are also responsible for all the impacts that cause their operations towards their publics, the society at large and the environment.

9. Accessibility and equity – Successful organizations are inclusive, flexible, transparent and accountable, in order to address learners’ individual and special needs, interests, abilities and backgrounds. In fact accessibility and equity are principles of social justice. Equity relates to fairness that recognizes, some people are more disadvantaged than others in being able to access services and facilities and therefore there is a responsibility to address this lack of equity. Accessibility is the capacity of people, those have to physically enter a premises, building or space and also to use a facility or service.

10. Ethical conduct in education – Ethical conduct relates to the ability of the organization to create an ethical professional environment where all interested parties are dealt with equitably, conflicts of interests are avoided, and activities are conducted for the benefit of the society. Ethical conduct in education is a well founded norm that makes the actions right and wrong. It helps categorise different values such as integrity, discipline and honesty among others and apply them in daily lives. Ethics influences behaviour and allows an individual to make te right choices.

11. Data security and protection – The organization creates an environment where all interested parties can interact with the educational organization in full confidence that they maintain control over the use of their own data, and that the educational organization will treat their data with appropriate care and confidentiality. Data protection and cyber security for the education sector has much importance. EOs at all levels are open to attack from cyber criminals and ill-prepared and under-resourced to meet the requirements of today’s more stringent data protection laws, so the EO should create such environment where all interested parties can interact with the EO in full confidence that the EO maintains control over the use of its own data, and that the EO will treat their data with appropriate care and confidentiality.

Abbreviations -
EO = Educational organization
EOMS = Educational organization management system
QMS = Quality management system

Best wishes,

KRS

#02 - ISO 21001:2018 EOMS Awareness - Potential benefits of implementing ISO 21001:2018 EOMS

Potential benefits of implementing ISO 21001:2018 EOMS

There are so many benefits to an educational organization that implements ISO 21001:2018 EOMS including:
- Better alignment of the organization's objectives and activities with the organization's policy, mission and vision,
- Increased social responsibility by making available inclusive and equitable quality education for all,
- More personalized learning and effective response to all learners and particularly to learners with special education needs, distance learners and lifelong learning opportunities,
- Fair and accurate processes and evaluation tools to clearly show and enhance effectiveness and efficiency,
- Improved credibility of the educational organization,
- A means that helps the educational organization to clearly show its commitment to effective educational management practices,
- An organization culture for improvement,
- Combination of regional, national, open, proprietary, and other standards within international structure or set-up,
- Increased participation of interested parties, and
- Encouragement of excellence and innovation.

'Inclusive and equitable quality education' is the sustainable development goal (SDG) of the United Nations that says, "Goal 4: Ensure inclusive and equitable quality education and promote lifelong learning opportunities for all." Quality education and lifelong learning opportunities for all are central to ensuring a full and productive life to all individuals and to the realization of sustainable development.

The term 'personalized learning' refers to a diverse variety of educational programs, learning experiences, instructional approaches, and academic-support strategies that are intended to address the distinct learning needs, interests, aspirations, or cultural backgrounds of individual students.

Best wishes,

KRS

#01 - ISO 21001:2018 EOMS Awareness - ISO 21001:2018, Educational organizations - Management systems for educational organizations

ISO 21001:2018, Educational organizations - Management systems for educational organizations

ISO 21001:2018, Educational organizations - Management systems for educational organizations - Requirements with guidance for use, is a document published by International Organization for Standardization (ISO) that provides a common management tool for organizations providing educational products and services capable of meeting requirements of learners and other beneficiaries. ISO 21001:2018 is aligned with ISO 9001:2015 QMS standard.

A few articles/write-ups will be provided in this blog to increase awareness.

Best wishes,
KRS

What does leadership matter in ISO 9001:2015 QMS?

What does leadership matter in ISO 9001:2015 QMS?

Leadership matters much in ISO 9001:2015 QMS. It is the core of the system. Leadership is one of the QMS principles on which ISO 9001:2015 QMS standard is based. If we read the standard, we note that clause 5 of the standard mentions leadership requirements also.

Leaders establish unity of purpose, direction and engagement of people in the organization that align organization's strategies, policies, processes in achieving quality objectives. Leaders focus on communication by listening to the people and defines a strategic plan or direction of the organization. Leaders help people to work in a team.

Leaders in an organization should create and maintain the internal environment in which people can fully engage themselves to achieve organization's quality objectives. For this top management of the organization needs to play leadership role through its commitment, action and communication. They should communicate to the people in the organization the importance of meeting requirements. They need to establish quality policy, ensure ensuring establishing quality objectives at relevant functions, levels and processes, ensure availability of resources and conduct management reviews.

The leaders of the organization should:
- be proactive,
- understand and respect to changes that are visible in the industry environment,
- establish clear vision of the organization,
- build trust, eliminate fear and motivate people.

Benefits that may be derived from the use of 'leadership' principle include:
- Employee's motivation towards organization's goals and objectives
- Better understanding of organization's objectives
- Better communication within the organization

In this connection a leader should practice 5-E of leadership, which are as under:

1. Equality: Everyone is equal. Don't be Biased. Be fair in your acts.
2. Expectations: Be realistic at setting expectations, objectives and goals. Have an eye on expectations, objectives and goals. Understand the strengths, weaknesses and areas of improvement of your team.
3. Emotional Intelligence: Understand that people have emotions and even you do. Use them intelligently.
4. Empower: Empower your people. Be a catalyst for your team members. Be their coach and mentor.
5. Evolve: Evolve everyone of your team to work as a team member. And when they are evolved as a team, you are evolved as a leader.

Clause 5 of ISO 9001:2015 QMS standard deals with the requirements related to leadership that describes what the top management's role should be. All requirement in this section are meant for the top management. ISO 9001:2015 QMS standard requires increased role for the top management. Leadership is the central theme of the quality management system and PDCA cycle that is applied to the quality management system.

The relevant sub-clauses are as under:

5 Leadership

5.1 Leadership and commitment
5.1.1 General
5.1.2 Customer focus

5.2 Policy
5.2.1 Establishing the quality policy
5.2.2 Communicating the quality policy

5.3 Organizational roles, responsibilities and authorities

To understand the relevant requirements, please refer to the standard.

Best wishes,

Keshav Ram Singhal

TOP 20 Quality Management Blogs on the web

TOP 20 Quality Management Blogs on the web


Founder of Feedspot, Mr Anuj Agarwal has sent me an email congratulating me as selection of this blog on QMS Awareness as one of the TOP 20 Quality Management Blogs on the web. Please visit feedspot blog by CLICKING HERE.





Feel happy,

Keshav Ram Singhal

Techniques to establish quality objectives and monitor results

Techniques to establish quality objectives and monitor results

Please read my earlier blog post 'ISO 9001:2015 QMS - Quality objectives and planning to achieve them'.

An organization should use suitable techniques, such as SMART (setting quality objectives that are Specific, Measurable, Achievable, Relevant and Time-bound), Balance Score Cards, Dashboard, Brainstorming etc. The evaluation of results on achieving specified quality objectives should be part of management review, performance appraisals or can be done through other means, such as ongoing review, feedback meetings etc. Whenever there is any change, quality objectives should be updated or added to as necessary.

The organization should also take into consideration factors such as the organization's capabilities, constraints, customer feedback, other issues etc.

Best wishes,

Keshav Ram Singhal

Key Changes in ISO 19011:2018

Key Changes in ISO 19011:2018

ISO 19011 is an international standard that mentions guidelines for auditing management systems. ISO 19011 was first published in 2002. ISO 19011:2002 standard was used as a guideline standard for quality and/or environmental management systems auditing. Since then a number of management system standards have increased, so there was a need to have a common approach to audit management systems. Accordingly, in 2011 the standard was revised and ISO 19011:2011 was published as a guideline standard for auditing management systems. Again in 2018, the standard has again been revised and ISO 19011:2018 has been published as guideline standard for auditing management systems.

The new standard, ISO 19011:2018, has undergone a number of changes. These changes are summarised as under:

(i) Updates and changes in terminology

Most of the terms and definitions in ISO 19011:2018 are sourced from ISO 9000:2015 QMS standard with some modifications.

The terms 'document', 'documentation' and 'records' (please refer to clause 6.3.1 and clause 6.3.4 of ISO 19011:2011 standard) have been replaced with the term 'documented information' (please refer to clause 6.3.1 and clause 6.3.4 of ISO 19011:2018 standard), but at many places (please refer to clause 5.5.7 of ISO 19011:2018 standard) the term 'records' has also been used. Instead of the term 'suppliers', ISO 19011:2018 standard has used the term 'external providers' (please refer to the 'introduction' part of the standard).

ISO 19011:2018 standard in its clause 3 has included a few new terms and definitions, such as, combined audit (3.2), joint audit (3.3), objective evidence (3.8), requirement (3.23), process (3.24), performance (3.25) and effectiveness (3.26).

Clause 3 of ISO 19011:2011 has defined a term 'guide' (3.12), but this term is not defined in clause 3 of ISO 19011:2018, however the term 'guide' has been used in the standard guidelines (please refer to clause 6.4.2 of ISO 19011:2018 standard.

ISO 19011:2018 standard refers to ISO online browsing platform (link - https://www.iso.org/obp) that provide terminological databases for use in standardization.

(ii) Addition in the principles of auditing

There are six principles of auditing in ISO 19011:2011 standard. ISO 19011:2018 standard has seven principles of auditing with the addition of a new auditing principle - 'the risk-based approach' that considers risks and opportunities during the planning, conducting and reporting phases of the audit. Although the previous version, ISO 19011:2011 standard, suggests taking into consideration of a risk-based approach (please refer to its clause ), but it did not provide clear guidelines. Thus the new standard, ISO 19011:2018, places emphasis on risks and opportunities.

(iii) Changes in the clauses

The clauses 5, 6 and 7 have undergone a few changes and ISO 19011:2018 introduced a new clause 6.4.5 - audit information availability and access.

(iv) Emphasis on auditor competence

The new standard places emphasis on auditor competence. Generic competence requirements for auditors have been expanded in clause 7 of ISO 19011:2018 standard.

(v) Additional guidance on managing an audit programme

Additional guidance for determining and evaluating audit programme risks and opportunities is provided in clause 5.3 of ISO 19011:2018 standard.

(vi) Additional guidance on conducting an audit

A new clause 6.4.5 - audit information availability and access - has been introduced in ISO 19011:2018 standard.

(vii) Changes in Annex

Annex A 'Guidance and illustrative examples of discipline-specific knowledge and skills of auditors' of ISO 19011:2011 has not been included in ISO 19011:2018 standard. Annexe B 'Additional guidance for auditors for planning and conducting audits' of ISO 19011:2011 is now Annex A of ISO 19011:2018, which has been expanded with the additional sections on process approach to auditing (A.2), professional judgement (A.3), performance results (A.4), verifying information (A.5), auditing compliance within a management system (A.7), auditing context (A.8), auditing leadership and commitment (A.9), auditing risks and opportunities (A.10), life cycle (A.11), audit of supply chain (A.12), and auditing virtual activities and locations (A.16).

Thus, we notice that the new version of the standard considers evolving technologies and more focus on risks and opportunities.

Best wishes,

Keshav Ram Singhal