10 things that everyone should know
1. What does the revision of ISO 9001 mean for your organisation?
It’s actually been a long time since the standard was last revised with any significance and a lot has changed in that time. The potential organisational impact of the revised ISO 9001 is dependent upon how your organisation and incorporated QMS has evolved in time. Factors such as
- the maturity and complexity of the existing ISO 9001:2008 management system,
- the existence of other management systems (such as ISO 13485),
- the global environmental management system standard (i.e. OHSAS 18001), and
- the organisation’s current evaluation and management of risk
will all heavily influence in the degree of change that your organisation will need to undertake in order to meet the requirements of the ISO 9001:2015.
2. Annex SL
The introduction of Annex SL, which establishes a consistent structure featuring 10 clauses as well as common terminology and definitions applicable to all ISO Management System Standards (MSS), is probably the biggest change to the ISO 9001:2015. As organisations begin to understand and appreciate the value of different management systems all speaking a common language, thereby making MSS integration easier, it will be organisations and - and in turn the consumer - who stand to be the true beneficiaries.
3. Process-Based Approach
The ISO 9001:2015 contains many references across several clauses to organisations placing a greater emphasis on applying a process-based approach to their management system.
4. Risk-Based Approach
The incorporation of Annex SL into ISO 9001:2015 now drives a risk-based approach to thinking and acting. The requirements under a risk-based approach affect quality planning and now incorporate much of what was previously referred to as “Preventive Action”. Now an organisation will need to determine the risks and opportunities that need to be addressed to give assurance that the QMS can achieve its intended results. Many organisations already have risk-based thinking and planning in many parts of their organisation which may or may not have been connected to the QMS in the past. This greater focus on risk will mean that an organisation will need to demonstrate how this requirement is met. The extent and formality of the approach needed in a particular organisation will - of course - be influenced by its context.
5. Leadership
The requirements relating to the relationship between the role Top Management play in creating and supporting an effective QMS have been enhanced. There are now more areas where Top Management needs to demonstrate their involvement and engagement with the quality management system including accountability for the effectiveness of the QMS and ensuring integrated with the overall business processes.
6. Context of the Organization
This is new and has two distinct elements.
Firstly, context requires an organisation to determine the internal and external issues and requirements that can impact on the planning of the quality system. Context becomes an important consideration and helps to ensure that the management system is designed and suitably adapted for a specific organisation. This helps provide the right focus, approach and balance to the different elements of the management system rather than the same generic approach across all organisations.
The second element is the consideration of relevant interested parties. There is now a requirement to determine their requirements and ensure these are monitored and reviewed as these now form primary inputs into the design of QMS.
7. Knowledge
An organisation will now need to consider what knowledge it needs to achieve conformity of products and services along with how it will develop, maintain and retain such knowledge.
8. Control of externally provided products and services
Formerly known as Purchasing, this clause has been retitled to make it clear that the requirements apply to both physical product and services related to the end product of the organisation. Whilst not specifically a new requirement, there has always been some confusion around certain categories of externally provided products and services whether this has been through an associate company, joint venture or outsourced activity. Now it is clear that however provided, an organisation will need to apply a risk-based approach and determine the type and extent of controls necessary.
9. Transitioning
Current information from ISO shows that organisations will have three years from publication to transition to the new standard, so they can choose to transition at any point within this period. Some may choose their next certification cycle, although many will want to be ‘among the first’ given the increased functionality that ISO 9001:2015 will deliver, along with the bonus of a clear commitment to best practice being demonstrated to their interested parties. Starting the transition planning early, including setting and communicating a transition date will enable you and your organisation to pro-actively manage the transition at your pace.
10. Next Steps
Organisations should start by obtaining a copy of the ISO standard and focus on the areas that are completely new or have been revised. Those are the areas that are likely to be included in any transition plan. Also, make sure that quality managers and internal auditors understand the differences that Annex SL will bring to the QMS and any other management system standards in the organisation.
Ensure that when selecting a consultancy firm, they not only understand the ISO 9001:2015, but more importantly, understand what this ISO means to the QMS and the wider organisation. Engage a consultancy firm to find out how a gap analysis and training on specific areas of ISO 9001:2015 can be of benefit to your organisation.
Finally, ask MRM to support you in formalising a transition plan and process and ensure that top management is involved from the start.
Summary
Remember that the ISO 9001
- is important for any standard
- does have a significant amount of changes through the incorporation of Annex SL’s core text and high level structure.