ISO 9001 2015 Analysis
- ISO 9001 scheduled to be published in September, 2015
- All clients need to be transitioned by September, 2018
II. IMPORTANT CHANGES
- Published version to very closely mimic the FDIS
- Continue to expand language to include and emphasize service organizations
- Emphasize Risk Based thinking
- Reliance on Annex SL (Part of “ISO / IEC Directives Part 1 – Consolidated ISO Supplement – Procedures Specific to ISO”)
II.KEY CHANGES IN TERMINOLOGY
A. “Procedures”, “Records”, and “Documents” replaced by “Documented Information.”
- Allows alternative approaches to these items.
- References to “Product” changed to “Products and Services. (Historically Clause 3 of ISO 9001:2008 reads “Wherever the term “Product” appears it can also mean Service).”
- Expands the notion of ISO 9001 as applicable to multiple types of businesses, i.e. those with and/or without a tangible or physical product.
B. “Management Responsibility” has become “Leadership”
- Advances the concept that Management lead by example and involvement.
C. “Continual Improvement” has morphed into a larger section called “Improvement”
- Continual Improvement is no longer the only aspect of improvement; improvement can also be realized through breakthroughs, reactive changes, and reorganizations.)
D. Suppliers, vendors and subcontractors are now defined as “External Providers”
- Better accommodates service organizations.
- FDIS 9001 Annex A, clause A.8 indicates that “External Providers” includes Outside suppliers, Associate companies, and Outsourcing.
E. Elimination of Required Content
- ISO 9001:2015 does not specifically require any of the following:
a) Quality Manual
b) Procedures Manual
c) Work Instructions
b) Procedures Manual
c) Work Instructions
Theoretically, an organization can achieve certification without these documents. Auditors will still be required to verify consistency with applicable requirements. Thus, the organization must be prepared to show effectiveness of processes in whatever activity is being reviewed. If this can be demonstrated without a procedure/quality manual, then it is acceptable.
F. Elimination of the Management Representative
- “Management Representative” does not appear within the ISO 9001:2015 standard.
- The implication is that while this terminology has been eliminated, many of this party’s key functions should now fall to top management itself.
- Organizations are encouraged to appoint a “key” person (arrangements for audits, key contact for corrective actions, etc.).
Elimination of Permissible Exclusions
- ISO 9001:2015 has removed all verbiage related to “Permissible Exclusions.”
- Organizations can now claim any item from ISO 9001:2015 under a “Non-Applicable” designation.
- No difference from ISO 9001:2008, other than the scope of what can be claimed for exemption now encompasses the entire standard
- ISO 9001:2015 includes a new term, “Interested Parties”, intended to be applied to all Annex SL based standard.
- Definition –
“Person or organization that can affect, be affect by, or perceive themselves to be affected by a decision or activity.” Examples given include customers, staff, the organization, suppliers, bankers, unions, partners, and even competitors.
- Clause 4.2 requires that organization determine who their interested parties are, but emphasizes those “relevant to the quality management system.”
IV. Annex SL
A. Annex SL was first published in 2012, the output of a special committee of the ISO – The Joint Technical Coordination Group (JTCG.)
B. The Annex is a 10 section “blueprint” for authoring all of the ISO family of standards.
C. Annex SL promotes (among other things) utilization of common terms and core definitions.
D. Eventual plan calls for full transition of all ISO standards to Annex SL structure by 2016 or 2017
2 Normative references
3 Terms and definitions
4 Context of the organization
- understanding the organization and its context
- understanding the needs and expectations of interested parties
- determining the scope of the quality management system
- quality management system and its processes
5 Leadership and Commitment
- customer focus
- organizational roles, responsibility and authority
- actions to address risks and opportunities
- quality objectives and planning to achieve them
- planning of changes
- documented information
- operational planning and control
- requirements for products and services
- design and development of products and services
- control of externally provided processes, products, and services
- production and service provision
- release of products and services
- control of nonconforming outputs
9 Performance evaluation
- monitoring, measurement, analysis and evaluation
- internal audit
- management review
- non-conformity and corrective action
- continual improvement
A. The term “risk” is used 16 times in the auditable language of the FDIS 9001;
B. A formal/documented Risk Management Process is NOT specifically required
C. Expands the notion of Risk aversion to one that affects all of the various areas of the Quality Management System.
D. Clause 6.1.1 of the FDIS 9001 standard states:
When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s)
b) enhance desirable effects
c) prevent, or reduce, undesired effects
d) achieve improvement
E. Clause 6.1.2 of the FDIS 9001 standard states:
The Organization shall plan:
a) actions to address these risks and opportunities
b) how to
- integrate & implement the actions into its quality management system processes (see 4.4)
- evaluate the effectiveness of these actions
Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.
NOTE 1 – Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
NOTE 2 – Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new clients, building partnerships, using new technology and other desirable and viable possibilities to address the organization’s or its customers’ needs.
F. What ISO 9001:2008 requirements most directly correlate to Risk Management?
There are a number of activities that are required under ISO 9001:2008 standard that will help demonstrate compliance to Risk Management. These include:
- 6 Management Review (an assessment of your overall quality system leading to targeted improvement efforts),
- 2.2 Training (an assessment of competency needs with steps taken to ensure that personnel are fully qualified and competent.)
- 2.2 Review of Requirements related to the Product (an assessment of customer expectations against your current capabilities with steps taken to resolve discrepancies),
- 5.3 Preventive Action (an assessment of potential problems with actions taken to avoid those issues in the first place)
SECTION BY SECTION ANALYSIS
0.1 – General
Provides an overview statement, intentions on whom the standard benefits, introduces the ideas of Risk Based Thinking, PDCA, and explains four key terms (of which three are formally defined for the first time):
a) Shall – mandatory requirement (numerous instances);
b) Should – recommendation (no uses within the auditable content);
c) May – permission (this term appears once in the auditable content); and
d) Can – possibility or capability – numerous instances.
0.2 – Seven Quality Management Principles – reference to the ISO 9000 standard is given:
a) Customer Focus;
c) Engagement of People;
d) Process Approach;
f) Evidence-Based Decision Making; and
g) Relationship Management.
0.3 – Process Approach
a) Reinforce the process approach an improved graphic therein.
b) Reinforces of Plan-Do-Check-Act (PDCA)
0.3.3 – Risk Based Thinking – definition and explanation of importance
0.4 – Relationship with other management system standards (ISO 9000 and ISO 9004)
Sections 1-3 – Not specifically auditable (as before)
Section 4 – Context of the Organization
Similar to ISO 9001:2008 Clause 4.0 – Quality Management System
Key new questions:
A. What purpose does the organization serve?
B. Who does it exist for?
C. Who are the interested parties?
D. Does any part(s) of the ISO 9001:2015 standard qualify for a “non-applicable” designation?
Section 5 – Leadership
Key new questions:
A. Is a Leadership structure evident?
B. Is Leadership accountable for the effectiveness (or lack thereof) of the QMS?
C. Has Leadership ensured that the Quality Policy/Objectives are consistent with the strategic direction of the company?
E.Is the QMS integrated into the business processes?
Section 6 – Planning for the quality management system
Key new questions:
A. Have all risks (and opportunities) been considered?
B. Have actions been taken or planned for said risks?
C. With regards to Quality Objectives –
D. Who will be responsible?
E. What is the target date?
F. What is to be accomplished?
Section 7 – Support
- A.Similar to ISO 9001:2008 Section 6.0 – Resource Management
B. One very slightly new area of content is provided in clause 7.1.6 that asks the following
key new question:
a.“Has the organization considered changing needs and trends versus its current competency base and determined what is needed for the future?”
Section 8 – Operation
- A. Very similar to ISO 9001:2008 Section 7.0 – Product Realization, and parts of Section 8.0
Section 9 – Monitoring, Measurement, Analysis, and Evaluation
- A. Similar to ISO 9001:2008 Section 8.0 – Measurement, Analysis, and Improvement, includes content from Section 5.0 – this is now where Management Review (5.6) is found
Section 10 – Improvement
- A. Similar to ISO 9001:2008 Sections 8.5.1-8.5.2– Continual Improvement and Corrective Action.
VII. WHAT ABOUT THE OTHER STANDARDS?
A. Most of the major sector specific standards, including TS 16949 (automotive), AS9100 (aerospace), and TL9000 (telecommunications) have indicated intentions to transition and continue alignment with ISO 9001. (ISO 14001 will also follow suit, and is being rolled out at the time of this report).
B. Precise timelines for these other standard updates are to be announced, but a 2016 publication date seems likely for all three.
C. At present the only major standard not planning to continue alignment to ISO 9001 is ISO 13485 (medical devices,) currently in the midst of its own update with a targeted publication of early 2016
VIII. WHAT SHOULD BE DONE NOW?
A. Companies at various stages of implementing new quality management systems in accordance with ISO 9001:2008 may question if there is still value in registering to ISO 9001:2008.
- Important to note that ISO 9001:2008 still has at least 3 years of usability left in it.
- Equally important to note that the very first audits later this year to ISO 9001:2015 may be somewhat challenging for both auditee and auditor.
B. Companies currently holding ISO 9001:2008 registrations seeking to transition – International Accreditation Forum (IAF) has published an Informative Document (ID 9) which recommends the following steps be taken in a transition to ISO 9001:2015.
- Top down Gap Analysis of the ISO 9001:2015 standard to identify the gaps that need to be addressed.
- Development of an implementation plan with assigned responsibilities, and milestones.
- Review and update of all quality management system documents (including the quality and procedures manual new or revised processes.
- Awareness and transition training.
- Full system internal audit followed by a Management Review.
- Full round of Corrective and Preventive Actions.
- Management Review and closure of any open findings should be in process or complete.
- Coordination with Registrar for planning transition logistics.