In Part 1 we discussed not putting off until tomorrow what we can do today. We introduced the concepts of Risk-Based Thinking and the Process Approach as it relates to an integrated business system. And, we re-addressed some additional requirements, I believe, will be on the horizon sometime in the future.
Now in Part 2 we’ll get into the details… Key Changes to ISO 9001:2015
High level changes to all management system standards – The most significant changes in the 2015 Standard are in Clauses 4, 5 and 6, i.e. Context of the organization, Leadership and Planning, but there are many others throughout the Standard.
The Standard is rewritten according to the HLS (High Level Structure) -The ISO 9001:2015 standard has been restructured: chapter and sub-chapter titles, as well as the order of clauses and paragraphs, were completely revised.
Overall, this restructuring does not affect the Standard’s content or requirements. When examining the text in detail, however, the structure has changed to comply with new composition guidelines and topic sequences.
This change reflects a strategic choice that will gradually be applied all ISO standards of management system. Initiated on ISO 55001 (Asset Management System), the new structure is consistent with Appendix SL to the ISO Directives, Part I.
With this new common structure, ISO aims to help businesses and organizations more easily integrate all or parts of their various management systems and ultimately achieve a truly unified management system.
This consistent common structure makes it easier for companies to include components of other standards that it deems relevant: parts of the environmental standard ISO 14001:2015, the asset management standard ISO 55001 and even the future ISO 45001 standard on occupational health and safety management.
CONTEXT OF THE ORGANIZATION – CLAUSE 4
This is a new concept and relates to the external factors and conditions that could affect an organization and its ability to provide products and services to customer requirements. Examples could include governance, regulation, sector, stakeholders and shareholders to name but a few.
Importance given to the context surrounding the certified organization and to its stakeholders – Two new clauses (4.1 and 4.2) require greater consideration of the context surrounding the organization. They require a context analysis, as well as the stakeholder identification and the understanding of their expectations.
A standard purposely open to the service industry – The context in which organizations evolve has changed and the revision of the standard takes into account the evolutions in the way organizations do their business or activities. Originally drawn up for manufacturing and industrial sectors, ISO 9001 has been a victim of its own success, and many organizations from other areas have made it their own.
The ISO 9001:2015 revision has taken these changes into consideration. Its choice of vocabulary and level of abstraction simplify implementation in all industries, including services.
Tip: The context will influence the type and complexity of management system needed.
LEADERSHIP – CLAUSE 5
There are enhanced requirements for top management to demonstrate leadership and commitment directly with the QMS.
Leadership – The commitment to quality through strong and visible leadership is strengthened:
- The idea of a “management representative” disappears completely.
- The quality policy and stated goals must be deeply in keeping with the strategic orientations.
- QMS requirements must be merged into business processes.
Tip: Top management is expected to be “hands on” and to ensure that the quality policy and quality objectives are consistent with the overall strategy and context.
PLANNING – CLAUSE 6
Planning is a new term introduced to the high level structure, with a requirement to address risks and opportunities and to carefully plan changes within the quality management system.
Risk management becomes a foundation of the standard – Each major revision of the Standard introduces a concept that allows certified companies to reach a new level of maturity.
Risk management based on a “risk-based thinking” approach has become fundamental in the 2015 revision: risk identification, qualification and management. Quality results from proper management of these risks, which go beyond the strict scope of the product or service delivered. Quality cannot exist unless the organization can provide its client a conforming product or service over the long term.
Risk has its counterpart: opportunity. The ISO 9001:2015 standard also embraces this concept of positive uncertainty.
Of course, risk is an additional concept that in no way supersedes the concept already present in the standard. Risk is incorporated into the fundamentals and rounds out these notions. As such, the process approach and PDCA remain two essential pillars.
Managing risk also means working towards continuous improvement. Corrective action corresponds to an unidentified, wrongly qualified or mismanaged risk; preventive action addresses a risk of possible but un-occurred noncompliance.
Tip: Risks and opportunities, for example, could relate to the use of electronic systems within the management system. Introducing such systems would require change and transition arrangements, which should be planned within the management system.
SUPPORT – CLAUSE 7
This new section builds upon the 2008 requirements for competence and awareness (now extended to include persons under the organization’s control, not just employees) and communication.
Tip: With the increasing use of outsourced providers, this requirement reminds organizations that this resource must be managed effectively just as internal providers are managed.
Human Factors – ISO 9004:2008 section 6.6 Work environment advises: The work environment should encourage productivity, creativity and well-being for the people who are working in or visiting the organization’s premises (e.g. customers, suppliers, and partners). At the same time, the environment complies with applicable statutory and regulatory requirements and addresses applicable standards (such as those for environmental and occupational health and safety management). See previous post “The Touchy-Feely Employee” for more on this.
Knowledge is a resource like any other – In its 2015 revision, ISO 9001 is once again adapting to its times. Knowledge has become key to successful projects and business development. The new standard considers knowledge like any other resource to be managed:
- Identify the knowledge necessary to carry out the activity in compliance with the QMS and to achieve the defined objectives.
- Knowledge must be maintained, protected and made available where necessary.
- Anticipate changes in knowledge needs and manage the risk of failing to acquire knowledge in due time.
This is my take on the Key Changes and with them, the importance of care and planning. But do not minimize the lesser changes, especially due to omission i.e. 9.2 Internal Audit – the concept that auditors must not audit their own work is no longer included (see ISO 19011:2011) or Management Representative and Quality Manual. Duties and documented information is still required.
Next time, Environmental Management – ISO 14001 in Part 3.