Call Today! (800) 244-5409

September 2017

ISO 9001:2015 Transitions – Embracing the Challenge and Lessons Learned So Far

Quality Resource Center proudly announces the successful completion of our 100th ISO 9001:2015 project. During that time, we have learned a lot…

It’s estimated that less than 25 percent of the more than one million organizations certified globally have made the transition to ISO 9001:2015 (as of mid-2017). The September 2018 deadline is approaching and your quality management system (QMS) isn’t going to transition itself. But there is so much to consider; Where to begin? How do you start? What happens next? This paper will assist you in answering those questions.

As with any successful project, start by defining your objectives and create a plan to achieve them. The main objective is to identify the additional as well as modified requirements within the standard and then demonstrate compliance to them during your organization’s transition audit.

But how? What does that involve? These steps can be invaluable in your successful transition to ISO 9001:2015.

Step 1: Get 39,000 Foot View

The fact that your Organization is transitioning means you are already working with an accredited Certification Body (CB), or Registrar. It is important to note that they too had to develop a plan, vetted by their accreditation body, to facilitate the transition. In other words, your Registrar will may have their own analysis for the transition. So, talk to your registrar. Better yet, contact Quality Resource Center, the industry’s oldest and most successful ISO 9001 consulting firm, with over 25 years of operation, and let us talk to them.

This type of guidance will give you valuable information on issues and challenges that may affect your organization’s transition:

• Deadlines – No later than Sept. 14, 2018, however it may be earlier based on your CB’s policies.

• Audits – It might be possible to have your transition conducted as part of a regularly scheduled surveillance or recertification. Some CB’s may offer separate standalone transition audits. In either case, determine what this audit will involve and how it will be conducted. Additional time may be added to address the changes, they may require additional preparation, and it will cover specific new elements of the new standard. Having your ISO 9001:2015 Internal Audits and Management Review conducted by Quality Resource Center can provide great value; having the industry’s premiere Audit teams prepare you for your Registrar audits can identify embarrassing and painful findings at the internal level and guard against ugly exposure and the consequences of same at your surveillance or re-certification audits. Studies show that outsourcing these activities to Quality Resource Center can result in as much as 85% reductions in time and cost, and greatly enhance your chances for a trouble free Registration audit process.

• Existing Certifications – You will want to maintain your existing ISO 9001:2008 certification until your organization has successfully completed the transition— but what will that entail? When does your current registration expire? How can you best achieve a seamless transition?

• Get Trained by Professionals – Gain a working knowledge of the standard. Your CB will give you a glimpse of what to expect in the new standard (and what they might expect from you), from the new clause structure to the new requirements. Quality Resource Center offers invaluable expertise in this area. If you plan on doing your own Audits, they will need training and certification. Quality Resource Center offers superior training and certification services.

Once you have an outline of the project and potential impacts, begin to fill in your plan. Target the audit date at which you wish to have your transition, then backfill the dates from there to develop a roadmap. Be sure to communicate with your CB to align expectations and availability for your transition audit, and make sure your target date works within the deadlines, gives you enough time to address any potential non-conformances, doesn’t risk any lapse of coverage, etc.

Finally, work on how you’ll address the new structure; start thinking about some of the major changes such as risk and context. Prioritize, prioritize, and, finally, prioritize. . Communicate the agreed upon schedule and plan to your organization, and ask for feedback.

Best advice is to have Quality Resource Center prepare your plan, and commit it to paper with a professional Gantt chart.

Step 2: Do Your Homework – Study the Standard

Read and comprehend the standard. You cannot address requirements you haven’t even read. It’s not a lengthy;

Get the companion ISO 9000 document, it provides guidance on terms and fundamental concepts used in the new standard.

The standard can also be a bit vague, however; that’s again where you should consult with a Quality Resource Center professional. QRC can provide expert knowledge regarding topics like the context of the organization, leadership, risks and opportunities, organizational knowledge, and other critical areas and changes pertinent for transition, and in many cases offer interpretive guidance on the expected outcomes related to these changes.

GAP analysis can cut through the interpretation of minor wording changes and get to the changes that need to be addressed within your organization’s QMS. Quality Resource offers a very cost effective GAP analysis that can identify all areas of concern.

Once the focal points have been identified, utilize the standard to determine the actual requirement and key deliverables. You may find existing processes that address these elements. Utilize them wherever possible. The key to successful deployment of ISO 9001:2015 is alignment with your actual business activities.

Regarding documentation (or documented information) – It is important to note that while the new standard does not require any specific documented procedures. However, documented information in the form of procedures, forms, records, etc. are beneficial for any new or changed requirements. Having objective evidence to review during a transition audit will avoid unnecessary back and forth.

Step 3: Implement, Operate, and Review

Once the key elements of the new standard are identified and the plan to address them has been developed, the required changes and improvements to your QMS need to be deployed. Take time to communicate the changes to the organization to ensure their understanding. Next, the new and updated QMS needs review and correction, similar to the preparation for your initial registrar audits. Identify and work with the appropriate players, especially process owners, throughout the organization to verify and validate changes, and take the time to review everything again before your transition audit. A month or two prior to your scheduled transition audit, conduct your own internal audit to the new requirements, then follow that up with a management review to go over the results and determine the effectiveness of the updated QMS. Again, a good rule of thumb here would be to give enough time to react to any internal audit findings or management review actions items prior to your transition audit. Quality Resource Center can offer valuable assistance in this endeavor.

Registrars have requirements for internal preparations and reviews such as this, and some may even have tools to use. Consider the checklist transition tools they may have developed for your use; look for any transition checklists, transition audit plans, or transition requirements to leverage in your own internal audits. Quality Resource Center offers a valuable tool set that is extremely cost-effective.

Look for any lessons learned that might help you avoid pitfalls and/or showstoppers.

Here are a few for consideration:

• Have Quality Resource Center convert your existing documentation and upgrade to fit the new standard. Renumbering your documents is not required, but it is a very good idea, especially for your Quality Manual and your QOP’s. Don’t unilaterally eliminate all your documentation, nor your management representative, nor your quality manual! While you have the flexibility to do so (either partly or completely) if it fits the context of your organization, remember that just because the new standard is silent on such things doesn’t prohibit you from keeping such approaches if they work for your organization. It will aid great in your Internal Audits, Management Review, Improvements, and Registrar Audits.

New areas to consider include –

• Context of the Organization (sub-clause 4.1) – This must be addressed within management review as a minimum. Additional consideration may be adding support to this in your quality manual you do retain, or other planning components of your QMS. In short, the context of your organization should drive the approach your QMS (and all applicable processes) takes.

• Leadership (sub-clause 5.1) – Expect auditors to ask for time with top management, see their active involvement in the QMS, and the applicable processes (e.g. objectives, resources, and management reviews).

• Organizational Knowledge (sub-clause 7.1.6) – While this is a new requirement it cannot be overlooked. Auditors will expect to see this addressed in some fashion, and it is an ever-evolving process. Focus on getting it up and running without being overwhelmed by the potential; create a process that can be expanded and improved upon in the future.

• Risks and Opportunities­ (sub-clause 6.1) – This is one of most important areas to consider getting professional training and help with. Risk is an intricate part of the new standard, and there are a variety of tools available. Quality Resource Center can help you identify the tools that will work best for you, and assist you in completing the process.

• And About Those Risks – Risk, specifically risk-based thinking is likely everyone’s No. 1 topic when discussing ISO 9001:2015—it is a given. But how will you demonstrate it? Is it simply by addressing sub-clause 6.1? That is part of it, as would be the inclusion of it in Management Review (sub-clause 9.3.2.e).But it shouldn’t stop there. It is not sufficient to solely consider product-focused risks via Failure Mode and Effects Analysis (FMEA) process. Incorporate risk into the language of any and all processes and departments. View every process in the context of risk, and understand that the actions to address identified risks will yield improvements, which again is synonymous with the overall intent of ISO 9001:2015.

Finally, remember that Quality Resource Center is the recognized industry leader in the upgrade, deployment, and implementation of ISO 9001:2015. We offer a rich skill set that that not only increases your chance for success in your project, it also offers maximum value and cost efficiency.

Experience the Difference that 25 years of Total ISO Solutions offers.