Planning for ISO 9001:2015
Highlighting changes introduced to the new version of ISO 9001.
The latest edition of quality management systems standard ISO 9001 concludes over three years of revision work from participants representing nearly 95 countries, to bring the standard up-to-date with modern needs.
The 2015 edition has recently been published and features important changes. It is designed to be compatible with modern quality management systems practices and technology that have been developed since its last major revision. As such, it reflects the changes in increasing complex, demanding and dynamic environments in which organisations operate. ISO 9001 has also been revised to ensure that its requirements are more clearly stated in order to facilitate effective implementation and to allow for effective conformity assessment, as well as being more generic and easily applicable to service industries.
ISO 9001:2015 is less prescriptive than previous versions and, as such, focuses more on managing processes and less on documentation. This is achieved by combining the process approach with risk-based thinking, and employing the 'plan-do-check-act' cycle at all levels in the organisation. It is also more easily integrated with other management systems, such as ISO 14001 (the international standard covering environmental management).
What is changing?
New concepts are being included, including risk management and organisational knowledge. A new common ISO format ('Annex SL') has been developed for use across all management system standards with common text, terms and definitions. The ability to claim exclusions is being removed, and use of term 'products and services' is being introduced instead of 'product' to emphasise that the standard covers service providers as well as manufacturers. In addition, there are revised requirements for improvement plus the clarification of existing requirements by the use of clearer wording which should also make implied requirements explicit.
Key changes from 2008 to 2015
The new standard introduces Annex SL. This is intended to harmonise structure, text and terms and definitions throughout all future management system standards. This is so that they share a common format, irrespective of the specific discipline to which they relate.
Where the term 'product' has been used in previous versions of the standard, the 2015 iteration introduces 'products and services'. Previously, the inclusion of services as products was implicit. By including explicit reference to services, the standard writers are attempting to reinforce that ISO 9001 is applicable to all suppliers, not just those that provide physical products.
There has been a conscious attempt to revisit the wording of the standard with a view to making the requirements easier to understand, and to aid its translation. Where requirements were previously implied, the wording of the standard has been amended to make them explicit. Understanding the organisation and its context, and the adoption of a process-based approach, are perhaps the most significant examples.
For the first time, the concept of context is introduced. This requires organisations to determine the factors (both internal and external) that affect it and need to be understood, so they can be effectively addressed and managed within the quality management system. Organisations will be required to identify internal and external issues that may impact their quality management system’s ability to deliver its intended results. They must also understand the needs and expectations of 'interested parties' – those individuals and organisations that can affect, be affected by, or perceive themselves to be affected by, the organisation’s decisions or activities.
ISO 9001:2015 places a greater emphasis on the definition of scope of the quality management system than ISO 9001:2008 does. Scope sets the boundaries for, and identifies the applicability of, an organisation's quality management system. Clause 4.3 requires scope to be determined in consideration of the organisation’s context.
|Standard structure comparison|
Terms and definitions
Quality management system
Measurement, analysis and improvement
Terms and conditions
Context of the organisation
While 9001:2008 promoted the adoption of a process approach when developing, implementing and improving effectiveness of a quality management system, clause 4.4 of 9001:2015 sets out specific requirements designed to enforce its adoption. Clause 5, previously 'management responsibility', now becomes 'leadership'. Senior management is required to demonstrate engagement in key quality management system activities as opposed to simply ensuring that these activities occur. This means that there is a need for higher management to be actively involved in the operation of their quality management system. The removal of all references to the role of 'management representative' reinforces a desire to see quality management systems embedded into routine business operations, rather than operating as an independent system in its own right with its own dedicated management structure.
References to preventive action have been removed. However, the requirement to identify and address potential mistakes before they happen is still key. The standard now refers to risk and opportunities. Organisations must have evidence that they have determined, considered and, where necessary, taken action to address any risks or opportunities that may impact (either positively or negatively) their quality management system’s ability to deliver its intended results in clause 6.1.
References to a documented quality manual, documented procedures and to quality records have been removed. Instead, throughout ISO 9001:2015 there are specific references to 'documented information' – specifically in clause 7.5. This is information that the organisation is required to keep, control and maintain. How this information is recorded is up to the organisation itself.
The term 'externally provided products and services', replaces 'purchasing'. Clause 8.4 addresses all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organisation, or by any other means. Organisations are required to take a risk-based approach to determine the type and extent of control appropriate to each external provider, and all external provision of products and services.
ISO 9001:2015 clause 10 recognises that ongoing or incremental improvements are not the only way 'improvement' occurs. Improvement can also arise as a result of periodic breakthroughs, reactive change or as a result of reorganisation. Thus, the title of the clause is now 'improvement'.
There are some new and some revised terms and definitions added within the supporting ISO 9000:2015, which has two informative annexes. 'Annex A' provides clarification on the new structure, terminology and concepts underpinning the standard, while ‘Annex C’ details related quality management system standards from ISO's 10000 series. These are designed to provide assistance to organisations seeking to establish or improve their quality management performance.
Implications for organisations certified to ISO 9001:2008
Changes to the standard are significant, therefore key personnel, including senior management will need to determine how best to integrate the new standard into the business. Organisations will need to review how the new standard applies to products and services and define organisational relationships and context, as well as address any current exclusions in relation to their scope. The quality manual will need to be revised and this may be an opportunity to change or reduce current documentation.
Process risks and current controls (including the use of any outsourcing) will need to be reviewed and preventive action procedures will need to be evaluated on the basis of risk. Revisions to the quality system must be communicated at all levels of the business and may well generate training requirements.
SATRA is accredited to audit against ISO 9001:2015 and encourages organisations interested in implementing the latest standard to contact us.
How can we help?
SATRA can provide 'gap analysis' audits and 'pre-certification' audits, and aims to start conversions in 2016. Please email firstname.lastname@example.org for more information.
This article was originally published on page 34 of the March 2016 issue of SATRA Bulletin.