The release in May of the ISO 9001 draft international standard (ISO/DIS 9001:2015) finally opened the door to comment from around the world on what will be a series of changes that surpass those in the 2000 revision—the last release considered significant.
Here are 15 concepts and issues that either spurred development or will drive major change as a result of ISO 9001:2015’s release:
1. Periodic review
ISO 9001 was initially released in 1987. The process of periodic review is embedded in all International Organization for Standardization (ISO) management systems standards and requires that member bodies (country committees) examine the relevance of a given standard every five years.
The choices are to continue publication without revision, revise or discontinue issuance. The obvious benefit is to ensure relevance, and in the case of ISO 9001, relevance is of utmost importance. With more than 1 million registered users, content improvement with special attention to trends within international trade and how modern business operates are of paramount importance.
"Electronic exchange," is an excellent example: When ISO 9001 was first issued in 1987, computers were in their relative infancy compared to today’s reliance on personal computers and their use in data management and records. Until the issuance of ISO 9001:2015 and its normative reference, ISO 9000:2015, documents and records were traditionally thought to be hard copy.
The revised ISO 9001 will refer to format (language, software version, graphics and media, whether paper or electronic), in the now all-inclusive phrase "control of documented information." Separate references and clauses related to documents and records are gone.
Periodic review also revealed the service industry’s long-standing claim that the standard is mostly written with manufacturing organizations in mind. As a result, ISO 9001:2015 will no longer use the term "product," but instead says "products and services" throughout the document. It’s a major change, and one that goes to the heart of an aging misconception.
2. User survey
Changes in ISO 9001:2015 are also the byproduct of a further ISO requirement to survey the user base to determine needed areas of improvement. It took years to amass the results of thousands of respondents, and you may have contributed to the input. The net result was a series of recommendations that eventually found their way to the design specification for the writing group to follow.
A look back shows that the release of ISO 9001:2008 was little more than clarification of several elements within the last major shift in the standard with the release of the 2000 revision. It, too, credited much of its content to a prior user survey. The bottom line is that the 2015 edition will be the result of far more than a few individuals’ thoughts. Instead, it will stand atop a foundation of actual users’ concerns and technical input.
3. Sector-specific input
Another important input to the 2015 revision came from groups that use ISO 9001 as the foundation for their standards. The telecommunications standard, TL9000, aerospace’s AS9100 and medical devices’ ISO 13485 are examples. Representatives of each of these and other standards have routinely attended drafting committee meetings and offered comments throughout the ISO 9001 life cycle.
The addition of the concept of risk ("risk-based approach") within the 2015 version is often credited to several sector-specific concerns voiced in recent years. Users of these similar sector-specific standards have significant interest in the outcome of any revision to ISO 9001 simply because when it changes, they are subject to adoption or abandonment of their foundational content.
As of this writing, strong opposition has been lodged by several sector-specific groups, primarily regarding what has become known as the new high-level structure.
4. High-level structure
The technical management board (TMB) within ISO central and the joint technical coordination group (JTCG) have determined that all management systems standards follow a new format, called the "high-level structure," as defined in Annex SL (previously Guide 83). With the addition of several new elements, or clauses, the impact of this new structure will be significant to many current users of the standard.
Initially, much attention was devoted to challenging the mandate and perhaps submitting a request to deviate from adopting the new approach. Two efforts took place simultaneously: one to petition for release from the high-level structure and the other to go forward with the rearrangement of 2008 content within the newly defined clause structure.
The ISO/DIS 9001:2015 clearly settles the dispute and places ISO 9001 within what will become a unified and consistent family of management standards. Voting, by the way, started on July 10 and ends on Oct. 10. Comments, many of which will undoubtedly question the use of the high-level structure, are expected to be numerous. Note, however, the definitive text within Annex A, clause 1, of the ISO/DIS 9001:2015 makes clear that wholesale documentation restructuring is not a requirement:
The clause structure and some of the terminology of this international standard, in comparison with ISO 9001:2008, have been changed to improve alignment with other management systems standards.
The consequent changes in the structure and terminology do not need to be reflected in the documentation of an organization’s quality management system (QMS).
The structure of clauses is intended to provide a coherent presentation of requirements rather than a model for documenting an organization’s policies, objectives and processes. There is no requirement for the structure of an organization’s QMS documentation to mirror that of this international standard.
5. Be cautious
The last time ISO 9001 revised its structural components with the issuance of ISO 9001:2000, a flood of consultants’ offers, articles, books and lectures preceded and followed its release. Full disclosure—I am one of several who will fall into this group—but the following message remains the same: A user’s guide is being developed by members of WG24, scheduled to be available for purchase simultaneously with the release of ISO 9001:2015. If you feel as though you will need additional input, it’s probably all you’ll need.
For most progressive organizations, revisions and additions should be relatively straightforward. Yes, several components of the 2015 revision might be confusing. There always are questions, but the expected flood of training offers and help from your registrar and others will likely answer most concerns.
Remember, your registrar should represent more than an agency that schedules an occasional visit. Proactive registrars will recognize the need to develop a workable plan to convert their client base to the 2015 revision within the three-year requirement. Ask your auditor what is expected and when to implement. Short of actual consulting, most will be glad to help.
6. You have until 2018
Schedule revisions at your own pace because you have until 2018. Once again, work with any available guidance from your registrar. Join in the discussion with others who have gone before you, but beware of foot dragging. If the 2000 revision was any example, a flood of registrants waited until the final months to complete their work, resulting in registrar scheduling nightmares.
The adage "failure to plan is planning to fail" is fully in effect when it comes to your organization’s response to ISO 9001:2015. For some organizations, the task will be little more than appending an unnecessary equivalency matrix to their quality manuals and writing a few new words to cover additional clauses. This is the group that prefers minimal investment and therefore can typically expect minimal outcomes.
If, however, you decide to use the 2015 revision to truly improve your organization, it will take time and practice to get it right. Implementation planning and goal setting using project management tools is highly recommended. There is simply no substitute for a well-designed, phased approach to implementing a standard. Its numerous interdependencies require care to implement in the proper sequence and steadily build either atop or adjacent to each step to provide mutual support and value. Just don’t take too long.
7. Context of the organization
Understanding an organization and its context, and the needs and expectations of interested parties, is central to maintaining a business. Section 4.1 of the revision requires an organization to determine "external and internal issues that are relevant to its purpose and its strategic direction."
After they are determined, the organization is to monitor those internal and external issues. The clause further requires an assessment of the organization’s ability to achieve the intended results of its QMS. The tool most capable of supporting compliance to section 4.1 is a SWOT or strengths, weaknesses, opportunities, and threats analysis. Another tool, the balanced scorecard, is also a likely candidate. Both are products of business, not necessarily quality management.
At its face, "business thinking" is a welcome addition to the standard, addressing a long-standing complaint that ISO 9001 is not understood as a business system with an output of quality.
Leadership and commitment to the business system is also thoroughly addressed in Clause 5.1.1—Leadership and commitment for the quality management system. The theme of uniting business and quality continues in this section with the addition of elements such as "ensuring that the quality policy and quality objectives are established for the QMS and are compatible with the strategic direction and the context of the organization."
If that was not a clear enough call to unite business and quality systems, the requirement that leaders "ensure the integration of the quality management system requirements into the organization’s business practices" is the clarion cry to stop the practice of visualizing quality management as somehow separate from business management.
9. Planning for the QMS
Section 6.1, "actions to address risks and opportunities," is perhaps the single-most talked about addition to the standard. Section 6.1 weaves together previous elements 4.1 and 4.2, understanding the context of the organization, and the needs and expectations of interested parties by requiring that analysis of these issues become actionable risk-based plans, targets and goals.
The accompanying note to section 6.1.2 provides excellent guidance in this regard, saying "Options to address risks and opportunities can include: avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk or retaining risk by informed decision."
There is no mention of preventive action in ISO 9001:2015; it is expressed through the phrase "risk-based approach." Incidentally, sections 6.1.1 and 6.1.2 continue the theme of borderless business and quality system planning and management. The risk-based approach in ISO 9001:2015 is basic: After you know your challenges, develop appropriate plans and monitoring methods to mitigate the risk of inaction in these defined areas.
10. Organizational knowledge
Section 7.1.6 ushers in the discipline of knowledge management through the requirement that "the organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services." The point is that knowledge—what, how, when and often why—is required to generate consistent and conforming products.
Furthermore, the right people need access to this knowledge to create this desired outcome. Organizational knowledge management requires analysis and planning that are unique to each organization to balance the typical blend of competent people no longer requiring tools—such as work instructions—against those who do.
In ISO/DIS 9001:2015, section 4.3, determining the scope of the QMS, you will no longer find references to the term "exclusions." Instead, it’s up to the organization to decide which elements do not apply.
The choice to disregard a requirement is not allowed, however, if it pertains to normal operations. Furthermore, the text states, "If any requirement(s) of this international standard cannot be applied, this shall not affect the organization’s ability or responsibility to ensure conformity of products and services." Once again, the issue of applicability is tied to whether your organization is capable of producing consistent, conforming product.
12. Annex C
Annex C, a formal introduction to the ISO 10000 portfolio of quality management standards, is a wonderful addition to ISO 9001. There are three SCs within ISO technical committee 176. ISO 9000 is the responsibility of SC1, ISO 9001 and ISO 9004 are the responsibility of SC2, but subcommittee 3 (SC3) is perhaps best described as having responsibility for everything else.
SC3 produces guidance documents: excellent resources for the world community to apply to its QMSs. If you are in search of moving your organization to the next level in any number of critical disciplines, the work of SC3’s ISO 10000 series of documents is for you. In Annex C, ISO/DIS 9001:2015 offers a clearly stated synopsis of many of these guidance documents.
13. Annex A
Annex A, clarification of new structure, terminology and concepts, is another important and informative addition to ISO 9001. Many issues in this article are discussed in this section in well written and concise ways.
For example, "externally provided products and services" is explained as follows in section A8: "Whether the organization is purchasing from a supplier, through outsourcing or by any other means, the organization is required to take a risk-based approach to determine the types of controls appropriate to particular external providers and externally provided products and services."
The whole topic of outsourcing, especially questions regarding what goods or services are or are not outsourced, has been problematic in prior editions of ISO 9001. Given the above explanation and regardless of what is obtained through outsourcing, organizations are required to take a risk-based approach. This is a welcome, easy-to-understand stipulation and, of course, is linked closely with the concept of the risk-based approach discussed earlier.
14. Quality management principles
There are now seven quality management principles instead of the previous eight. Regardless, a disturbing few ISO 9001 practitioners have truly made these principles the foundation of their QMSs. Now is the chance to revisit the updated and revised seven principles to enable change throughout your organization at the bedrock level.
The introduction states, "The ISO portfolio of quality management system standards are based on these seven quality management principles" in much the same manner as an organization would use its mission statement to frame actions and discussions. They are a point of reference—a beacon in the storm—or perhaps a constant set of reminders of what is right and fair in promoting goodwill and best practices.
15. ISO 9000:2015
DIS/ISO 9001:2015 does not yet cite ISO 9000 as its normative reference, but it will after it’s released as the final draft international standard (FDIS)—expected in the middle of next year. The ISO/DIS 9001:2015 now includes a large collection of terms and their definitions in section 3 as a convenience to the writing group.
Each definition, however, is derived verbatim from ISO 9000. As the bulk of the revision will be completed with the release of the FDIS, section 2 also will be revised to once again cite ISO 9000 as its normative reference.
The ISO/International Electrotechnical Commission (IEC) Directives, part two, section 6.2.2 states that normative references are considered to be "indispensable for the application of the document." A normative reference is, therefore, more than a casual reference to another document that may be helpful. It’s no wonder ISO 9001 and ISO 9000 are often sold as a set.
Changes in ISO 9001:2015 are an opportunity to revisit organizational areas that have not performed well in the past. An awareness of the upcoming changes in ISO 9001:2015 will enable quality professionals to use the new standard as a vanguard to spur their organizations forward.
Article Reference: Quality Digest