Quality Conference in October

We are happy to draw your attention to the upcoming Quality in Ireland Conference taking place in the Radisson Blu Hotel in Galway on Tues 21st Oct hosted by NSAI and IT Sligo.

This is an excellent event with many great speakers so worth noting in diaries.

See for more details.



EN 14971: 2012 Content Deviation #5: Risk Control Options

During the process of harmonisation of ISO 14971: 2007 as an EN standard, it became apparent that the standard did not comply with all the requirements of the Medical Devices Directives (MDDs), namely 90/385/EEC, 93/42/EEC and 98/79/EC. Seven discrepancies were identified; these discrepancies are described in EN 14971: 2012 as “Content Deviations”. This newsletter deals with Content Deviation No. 5: Risk Control Options.

Content Deviation #5: Risk Control Options
ISO 14971: 2007 requires the manufacturer to “use one or more of the following risk control options in the priority order listed:
(a)  inherent safety by design;
(b)  protective measures in the medical device itself or in the  manufacturing process;
(c)  information for safety”
but does not require that all three options be used; instead ISO 14971: 2007 implies that once the risk has been reduced As Low As Reasonably Practicable then further risk control measures need not be taken.
In contrast, Annex I of the Medical Device Directive 93/42/EEC requires the manufacturer “to select the most appropriate solutions” by applying cumulatively what has been called “control options” in ISO 14971. The MDDs do not regard these control mechanisms as options or alternatives but as three separate control mechanisms that must be applied in consort to reduce the associated risk as far as possible.

It must also be remembered (as outlined in our previous newsletters) that the manufacturer must not stop reducing a risk when it has reached an acceptable level, but that the risk must be reduced as low as possible irrespective of the risk magnitude. When complying with the Medical Devices Directives the only justifications for not implementing a control are that either the control in question will not reduce the risk any further or that it may give rise to a new risk which is less desirable than the risk which it is intended to control.
It can therefore be concluded that risk acceptability has no impact upon whether or not risk controls are necessary. Traditional FMEA-based methods of risk analysis have included an evaluation of the risk – both before and  after the implementation of risk controls measures. Under ISO 14971: 2012 and the MDDs there is no need to perform a risk evaluation prior to the implementation of risk control measures. However, manufacturers may still want to show in the FMEA the effect of risk control measures on the RPN in order to support their claim that the risk has been reduced as far as possible. Therefore it may be a good idea to leave the before and after RPN calculations in the FMEA document but to omit any reference to the acceptability or otherwise of the risk in question prior to the application of control measures. Many risk management procedures that are based on the 2007 version of the standard contain a flowchart describing the risk management process; the preliminary risk evaluation step should be removed from the flowchart in addition to removing it from the risk management procedures and the FMEA, templates and records.

The impact of Content Deviation # 5 is to require the manufacturer to implement multiple control measure whereas in the past, one control measure may have been considered sufficient. For example; a manufacturer of a device which incorporates a heating element may have previously considered that the design of the device was sufficient to minimise the possibility of the device overheating and therefore the risk to the patient had been reduced to an acceptable level. Such a manufacturer is required under the MDD to explore means of protecting the patient from overheating in the (unlikely) event that it occurs and to consider including a warning in the IFU detailing the risk of possible device overheating, and the precautions to be taken. In many cases the manufacturer will already have done both of the above, but a review of a company’s risk analysis documents such as FMEAs will almost inevitably reveal risks for which the application of all three types of control measures has not been considered. Additionally, the manufacturer must explore if there are any further design controls necessary to reduce the risk as far as possible (and not just to an acceptable level).

The outcome of actions taken to deal with Content Deviation # 5 will mean additional design controls, increased protective measures and alarms, and longer, more detailed IFUs. However, additional measures must only be taken if they will actually reduce risk and will not give rise to additional or alternative risks that are equally or more undesirable.
In order to comply with Content Deviation # 5, manufacturers must do the following;

  • Revise risk management procedures to require that all three types of risk control are utilised. Remove the risk management process step of risk evaluation prior to the application of risk control measures.
  • Review and update risk management documentation to ensure that all three types of risk control measures have been applied and that risks have been reduced as far as possible.
  • Review the information given to the user and in particular the IFU to ensure that all information that is necessary for reducing risk as far as possible, has been given to the user in a manner that is easily understood and can be easily acted upon.

In this newsletter we looked at the implications of Content Deviation # 5 and the requirement of the MDDs to implement all three types of control measures; design controls, protection measures and the giving of information to the user.

Abbreviations used in this newsletter:
FMEA: Failure Modes and Effects Analysis
IFU: Instructions for Use
MDD: Medical Devices Directive
RPN: Risk Priority Number


Increase in ISO Uptake in Ireland

Figures released from ISO show a large uptake over the previous twelve months.  There are over 19,573 standard developed by the ISO since its formation in 1947. The reach of the organisation has expanded with national members 164 countries, rising from 162 in 2011. Ireland’s representative body is the NSAI. The national members consist of 111 member bodies, 49 correspondent members and four subscriber members.

The number of active projects in 2012 has increased to 4056, from 4007 in 2011. Consequently, the number of standards published has also risen from 1208 in 2011, to 1280 in 2012.

A summary of the statistics is shown in the table below.

Table 1 Global Distribution of Certificates 2011 and 2012

Standard No. of Certs Issued 2012 No. of Certs Issued 2011 Increase Increase (%)
ISO 9001 (Quality) 1,101,272 1,079,647 21,625 2%
ISO 14001 (Environmental) 285,844 261,957 23,887 9%
ISO 50001 (Energy) 1,981 459 1,522 332%
ISO 27001 (Information Security) 19,577 17,355 2,222 13%
ISO 22000 (Food Safety) 23,231 19,351 3,880 20%
ISO/TS 16949 (Quality Automotive) 50,071 47,512 2,559 5%
ISO 13485 (Quality Medical Devices) 22,237 19,849 2,388 12%
Total 1,504,213 1,446,130 58,083 4%

Source (ISO, 2013)

From Table 1 above, it can be seen that the uptake for the seven most popular standards have all increased over the past year. The greatest increase in uptake has occurred with ISO 50001, with an increase of 332%.

This increase is due to the fact that ISO 50001 was released in June 2011, and therefore the 2011 figures represent six months of uptake. In addition this is the first internationally recognised energy management standard.  The large increase may be the result of companies with existing standards upgrading their systems to comply with the requirements of ISO 50001, as the standard is in its infancy.

Sustainable Energy Authority Ireland’s Large Industry Energy Network (LIEN) is a voluntary network comprising of 140 companies representing 60 percent of Ireland’s industrial energy usage. A staggering €60m in avoided energy costs has been achieved since 2008 with the Scheme. SEAI also have a scheme under the LIEN, called the Energy Agreements Programme (EAP), over which there are 80 members which requires organisations to implement an energy management system.

In addition to this Ireland is home to many of the world largest MNCs (e.g. Google, Pfizer) and these companies are paving the way for best practice energy management for their colleagues in other countries and this has been enforced further with the swift implementation of ISO 50001. Germany and the UK are the market leaders in the largest number of ISO 50001 certificates issued but Ireland is coming up behind these countries, and is driven by SEAI’s goal to ensure that all members of the EAP have achieved ISO 50001 certification by the end of 2013. (Brogan, 2012)

The global uptake of ISO 50001 over the first twelve months has exceeded that of ISO 14001 in its initial twelve month period, and is rivalling the number of uptakes of the ISO 9001 in the 1990’s.

ISO 9001 makes up the majority of the certificates issued with over 73% of the global total awarded in 2012.

Table 2 Distribution of Certificates 2011 and 2012 in Ireland

Standard Intro Year No. of Certs Issued 2012 No. of Certs Issued 2011 Change (%) Total Certs Issued
ISO 9001 (Quality) 1993 2,331 1,875 +24% 43,462
ISO 14001 (Environmental) 1999 417 663 -37% 4,947
ISO 50001 (Energy) 2011 35 n/a n/a 35
ISO 27001 (Information Security) 2006 48 30 +60% 146
ISO 22000 (Food Safety) 2007 49 49 0% 246
ISO/TS 16949 (Automotive Quality) 2004 23 21 +10% 187
ISO 13485 (Medical Devices Quality) 2004 193 159 +21% 975
Total 3,096 2,797 +11% 49,998

(Source: ISO, 2013)

From Table 2, it can be seen that the distribution of ISO 9001 makes up the majority (over 75%) of the total number of certificates distributed. The uptake of this standard has increased 24% on the previous year also. The large uptake for this standard has been driven by the introduction of EU directives on products which specify minimum standards

ISO 9001

ISO 9001





Figure 1 ISO 9001 Annual Distribution of Certificates

The distribution of ISO 9001 conformance certificates peaked in 2000 and 2001 where 3700 certificates were being issued annually. The uptake of the standard has dropped off since then to more modest levels. Yet 2012 saw an increase of 24% in certificates issued versus 2011, as 2331 certificates were issued.  From all the certificates distributed in 2012 in Ireland, over 75% of them were for ISO 9001.

ISO 14001

ISO 14001



Figure 2 ISO 14001 Annual Distribution of Certificates

417 certificates distributed in 2012. This is lowest distribution rate of ISO 14001 certification for the previous five years. This drop off may be due to maturity of standard and proposed introduction of the new ISO 14001 in 2015.

ISO 50001

The number of ISO 50001 certificates issued in 2012 was 35. This number quite big considering it is a voluntary standard. The standard was only introduced in June 2011 and many companies with existing EnMS standards in place, such as EN 16001, may be waiting for their existing certification to expire prior to acquiring the new standard. The next ISO survey will give a good indication as to whether the SEAI met their goal stated above.


ISO 27001

ISO 27001



Figure 3 ISO 27001 Annual Distribution of Certificates

There has been significant growth in the uptake of ISO 27001 since its uptake in 2006, where only six certificates were distributed, to 48 certificates being distributed in 2012.

ISO 22000 (Food Safety)

ISO 22000



Figure 4 ISO 22000 Annual Distribution of Certificates

Launched in 2007, 23 ISO 22000 certificates were issued, and annually since 2010, the number of certificates issues has risen to 49.


ISO/TS 16949 (Automotive Quality)

ISOTS 16949




Figure 5 ISO/TS 16949 Annual Distribution of Certificates

The adoption of ISO /TS 16949 has grown from seven in 2004 and 2005, to over 20 annually for the previous 6 years.


ISO 13485 (Medical Device Quality)

ISO 13485




Figure 6 ISO 13485 Annual Distribution of Certificates

Progressive growth has occurred in the uptake of ISO 13485 since 2004. The number of certificates has increased tenfold from its introduction in 2004, where 19 certificates were issued, to 2012 where 193 certificates were issued.


To read more blogs from Antaris, click here


Changes to ISO 9001 – Implications for Organisations

Organisations may have to align their management systems with the structure of the revised standard.

As an example the organization’s quality manual may need to be amended.

A risk management processes may need to be developed to determine the level and extent of control for “external provision of goods and services”, if not already in place. This will have implications for the organisation’s procurement and outsourcing activities and therefore has implications for suppliers.

Auditors will need to become familiar with the revised ISO 9001:2015 standard and so training may need to be considered.

These are just some of the possible effects on the organisation but until the final version is published it will not be possible to definitively know the implications of revised requirements, put in place detailed plans for revising internal processes or procedures, or plan the arrangements for transition or certification to ISO 9001:2015.

The advice for now is to wait and see what the revision process comes up with but if any organisation wishes to have an input into the changes it can do so as part of this process.

In Ireland the NSAI Quality Management Standards Committee (QMSC) is the national forum to review and agree comments on draft Quality standards.  Anyone interested in getting involved in the work of the committee should contact


To read more blogs from Antaris, click here


Major Changes to ISO 9001 on the way for 2015

The ISO 9000 series of quality standards is by far the best selling and most extensively used management system worldwide.  Like all ISO standards ISO 9001 generally undergoes a revision every five years.

The International Organisation for Standardisation (ISO) is currently undertaking a process for updating the ISO 9001:2008 Quality Management System standard. The process is well underway and a Committee Draft has been published (ISO/CD 9001:2015).   The process involves a number of draft releases and interested parties are invited to comment at various stages of the standard production.

Once the draft has been finalised and accepted it is expected to be published and will become ISO 9001:2015.

The main reasons for the change is to keep ISO 9001 relevant, reflect changes in its environment and ensure it continues to deliver “confidence in the organization’s ability to consistently provide product that meets customer and applicable statutory and regulatory requirements”.

The current focus on effective process management is to be maintained but greater emphasis will be placed on producing desired outputs and providing confidence in products.

Structure of the proposed revision ISO/CD 9001:2005

The structure of the new standard will be significantly changed in accordance with Annex SL which was issued by ISO in 2012 to define the framework for a generic Management System Standard.

All new ISO management system standards will adhere to this framework and all current ISO management system standards (MSSs) will migrate at their next revision.

In future, all ISO MSSs should be consistent with this format and will all have the same look and feel.

The 2015 version of ISO 9001 will therefore be based on this Annex SL framework.

Other standards which will change include:

ISO/IEC 27001:2013 Information security management systems, will be the next ISO standard to be based on Annex SL

ISO 14001:2015 Environmental Management, will be the next published shortly before ISO 9001:2015 Quality management

ISO 23001: 2012 Business Continuity Management, based on an early version of Annex SL (Guide 83)

 The following clause structure and proposed changes are included in the ISO/CD 9001:2015

  1. Scope
  2. Normative References
  3. Terms and Definitions
  4. Context of the Organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance Evaluation
  10. Improvement

Summary of Main Changes

  • The term “product” will be replaced by “goods & services” and the word “continual” will be dropped from “continual improvement.”
  • “Purchasing” and “outsourcing” will be replaced by “external provision of goods and services”
  • CD/9001:2015 puts a greater emphasis on the definition of scope, which has always been the most important and critical aspect of a quality management system.
  • It is proposed to replace preventive action in the current edition of the standard. References are made to risk, identification of risks and opportunities and planning actions to address risks and opportunities identified.
  • CD/9001 will take a risk-based approach to determine the type and extent of controls appropriate to each external provider and all external provision of goods and services. The proposed standard addresses risks which can affect conformity of goods and services as well as customer satisfaction.
  • Senior management will be required to take a more active involvement in the quality management system.
  • There will be general requirements for documentation, with no reference to documented quality manual, documented procedures or to quality records. The Committee Draft refers to “Documented Information.”
  • The need for exclusions may not be considered to be necessary in the new version of the standard but feedback on this is being sought as part of the revision process.

Publication Programme:

  • June 2013 – Committee Draft Issued – ISO/CD 9001
  • September 2013 – Cut-off Date for Comments & Votes – ISO/CD 9001
  • April 2014 – Draft International Standard (DIS) – Ballot opens
  • August 2014 – Draft International Standard (DIS) – Ballot closes
  • July 2015 – Final Draft International Standard (FDIS) – Ballot opens
  • August 2015 – Final Draft International Standard (FDIS) – Ballot opens
  • September 2015 – Target date for publication of International Standard (ISO 9001:2015)

Impact of the changes:

The impact of this revision will be similar to, if not greater than the 2000 edition, which was a major change for accreditation bodies, certification bodies, training organisations, implementing organisations, procurement organisations, consultants and customers.

The transition period is expected to be around three years as there are over one million registered ISO 9001 organisations worldwide. The revised ISO 9001:2015 standard should provide a stable set of requirements at its core for the next 10 years or more.


To read more blogs from Antaris, click here


Integrated Management Systems in Saudi Arabia

Congratulations to Antaris Consulting, our Quality, Environment, Health and Safety and Energy training partner, who recently won a consultancy contract in Saudi Arabia. Gerry Higgins Managing Director of Antaris said We are delighted with our recent appointment by the Ma’aden Phosphate Company in Saudi Arabia to implement an integrated Management System (Safety, Health, Quality, Environment & Energy) in their operations.

The Management System, which is to be completed within a challenging time frame, is to be showcased at the World Enviro-Management Conference 2012 in October of this year.

The system will be implemented at two sites: the mining facility at Jalamid and the processing plant at Ras Al Khair, from where the Diammonium Phosphate (DAM) produced is sold primarily into international markets. These projects form part of parent company Ma’aden’s commitment to develop the mineral wealth of Saudi Arabia and become a catalyst for downstream industries.


Quality Ireland LinkedIn Group

Quality Ireland emerged in early 2012 from an initiative at the Quality Management Standards Committee hosted by NSAI. Its members come from a variety of backgrounds. It has now set up a LinkedIn group – Quality Ireland.

According to Quality Ireland, their LinkedIn group is a powerful communication network for people who share their vision of “A better Ireland” and support their mission ‘To promote and foster a culture of quality in Ireland to make life better for individuals, communities, organisations and society in general”.

Membership of the Quality Ireland LinkedIn Group is available, on a moderated basis, to people of all backgrounds who would like to support their work.



Our colleagues in Sligo IT are organising a conference:

March 30th
Clarion Hotel, Sligo.

Quoting Bob Kennedy, the conference organiser:
It is time to recognise the contribution of the quality management profession to the development of a sustainable economy and society for all of us. This one day conference will stimulate a new debate on the great achievements of quality and the possibilities it offers for a better future. Nine speakers representing most sectors of the economy will lead this debate. I hope you can join us and share your own experiences and wisdom.

Details here

Best of luck with it Bob.

Written by in: Quality |

ISO 19011:2011, Guidelines for auditing management systems

At the end of last year ISO published an updated edition of the ISO 19011 auditing standard which aims to help organisations to save money, time and resources by providing a uniform approach to multiple management system audits.

In today’s business environment, many organisations incorporate a number of management systems, such as quality, environmental, occupational health & safety and information security. As a result, these organisations want to harmonise and, where possible, combine the auditing of these systems.
Compared to the first edition of the standard published in 2002 which applied only to ISO 9001 (quality) and ISO 14001 (environment), the scope of ISO 19011:2011, Guidelines for auditing management systems, has been expanded to reflect current thinking and the complexities of auditing multiple management system standards (MSS).

The new standard aims to help user organisations to optimise and facilitate the integration of their management systems and, in facilitating a single audit of its systems, will streamline the audit processes, reduce duplication of effort and decrease disruption of work units being audited.

Specific attention is given to the implementation of the audit programme. By fully applying these guidelines, the prerequisites are provided to make auditing a crucial tool for top management to achieve the objectives of the organisation and add-value.

ISO 19011:2011 provides guidance on the conduct of internal or external management system audits, as well as on the management of audit programmes. Intended users of this International Standard include auditors, audit team leaders, audit programme managers, organisations implementing management systems, and organisations needing to conduct audits of management systems for contractual or regulatory reasons.

Alister Dalrymple, Convenor of the team that updated the guidelines, described the benefits which the new standard is expected to bring to users and the improvements made compared to the 2002 edition it replaces:
ISO 19011:2011 has been revised to provide auditors, organisations implementing management systems and organisations needing to conduct audits of management systems an opportunity to re-assess their own practices and identify improvement opportunities.

Compared to the 2002 version, the standard adds the concept of risk and recognises more explicitly the competence of the audit team and individual auditors. Also, the use of technology in remote auditing is acknowledged, for example, conducting remote interviews and reviewing records remotely.”

Another improvement is the clarification of the relationship between ISO 19011:2011 and ISO/IEC 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems. While those involved in management system certification audits follow the requirements of ISO/IEC 17021:2011, they might also find the guidance in this International Standard useful.

This post has been adapted from information published on the International Organisation for Standardisation website


If you would like to comment/provide feedback on new FETAC management system standards …

New FETAC management system standards have been developed.

They consist of a 15 credit, Level 6, Special Purpose award, Documented Management Systems which is made up of a mandatory minor, Characteristics of Management Systems, and one of the following minors:
Quality Management Systems
Environmental Management Systems
Health and Safety Management Systems

The draft standards are now up on the FETAC website for comment by interested parties. Here is a link to the page. Instructions as to how you can provide feedback are included.

If these standards are of interest to you/your company, now is the chance to contribute your feedback before the standards are published. Time is of the essence as the opportunity for feedback will only be about 10 days.

It is planned to develop further related standards in the future.

Powered by WordPress | Theme: Aeros 2.0 by